Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security


Level 16
Thread author
Top poster
May 4, 2019
When Saudi Arabia contacted security researcher Chris Kubecka to investigate an apparent intrusion into its Dutch embassy’s secured email accounts, she knew it was not going to be a simple case.
Local laws in the Hague did not apply, since the embassy is considered Saudi soil. And it only got more complicated after Kubecka got to work: Once the email account was secured, the attacker — who claimed ISIS affiliation — left a trail suggesting an insider was responsible and then threatened to kill hundreds of innocent people if certain demands weren’t met.
The escalations sent Kubecka, the Saudis, the Dutch and dozens of other diplomats scrambling on an international whodunnit — a hacking case that emphasized the high-stakes challenges and troublesome gray areas that come with securing diplomatic communications.