Inside the 2014 hack of a Saudi embassy

Documents show how the hack was executed but do not confirm attribution.

An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails to more than a dozen embassies at The Hague demanding $50 million for ISIS, or they would blow up a major diplomatic reception, documents seen by CSO reveal.

The attack compromised the Saudi embassy's non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy's official email account.

No one was ever formally held accountable, despite an internal investigation. Given the low sophistication of the attack, experts tell CSO it's impossible to say whether the attacker really was part of an organized effort by ISIS, a random supporter, or a nation-state intelligence agency masquerading as ISIS for motives unknown.

The story began with a bizarre attempt to defraud a Saudi schoolmaster in the UK of a €200 visa fee and ended with a $50 million ransom demand and a manhunt by the Dutch diplomatic police as the clock ticked down to September 23, Saudi National Day.

Documents obtained by CSO provide details of the attack and the Saudi response. This provides an interesting window into how a government might react to a suspected nation-state attack and raises questions about the level of security deployed at embassies around the world.

The first indicator of compromise

According to the documents, the embassy first became aware that something was amiss when Dr. Sumaya Alyusuf, previously in the news herself a decade ago as the head of a British school that owned radical Islamist textbooks funded by the Saudi royal family, emailed the Saudi embassy asking for assistance in procuring a visa to India and was subsequently asked to wire €200 via MoneyGram.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!