The Road to Hell is Paved with Bad Passwords

this is day two of beat sides with that we're gonna have another amazing speaker with us that's gonna give us the road to hell is paved with bad passwords the fabulous Chris take it away well good morning everyone thank you so much for having me be sides and it's going to be a pleasure to share this particular incident management event with all of you it's going to give you a bit of an insight on what happens when an actual embassy gets hacked by a cyber terrorist group and some of the ins and outs of what happens with various types of diplomacy and when law enforcement does not apply in certain situations now to give you a bit of an introduction what

had happened was in 2014 in The Hague which is the business capital and government capital mainly of the Netherlands it is a very diplomatic City that's where the International Criminal Court of Justices and a lot of embassies around the world so it's a very unique city in and of itself and what happened was it started with a series of attacks starting with the Saudi Arabian embassy it then spread over to over 20 different embassies affecting them as well because law enforcement regular law enforcement does not apply with diplomatic issues it also involved the Netherlands diplomatic police or core and because of the severity of the situation the national terrorism special unit also had to get

involved there were three separate law enforcement reports and it got to the point where the Saudi Arabian embassy of The Hague actually had to put a disclaimer on their website as did several other embassies because of what was going on so it started there were four major incidents that occurred with the entire event and it began with unauthorized access into the email account the actual business back-end email account of the Saudi Arabian embassy and these things are important because you might have your public email that people can email an embassy to ask questions and so forth but on the back channels you've got a different set of email accounts so that they go state to

the ambassador's secretary directly and so forth in addition there was a very interesting rootkit that was discovered with one of my folks that I brought in who was a forensics person who sniped the network and found a rootkit and what was interesting was the extortion attempt that Isis attempted was all the way up to 50 million dollars and it reminded me very much of that comedy kind of spy movie right where it's like yes 50 million dollars right but what was even more unusual was the amount of lives were put at risk at this particular event so it wasn't just someone who was sending some nasty emails there were actually valid threats to kill a lot of people actually over

400 people's lives were unfortunately dangling in the crossfire so this was timeline number one for half of the major incidents now when you're in an embassy local laws do not count that is a sovereign property of that particular country and so basically the Ambassador has all the say when it deals with anything that occurs at the Embassy it is not say a local police it does not matter at all they have zero jurisdiction and I want to stress that absolutely zero jurisdiction but the only thing that the diplomatic police can do is try to aid in various law enforcement conversations but then again they don't have jurisdiction over an embassy either now one of the reasons

why I was chosen for this very interesting incident was because at the time I headed the information protection group also the network and security operations for the Aramco family as well as being responsible for the IT IOT ICS systems around amia and America and they pulled me in because I had a lot of experience as well with forensics and we had already had our chain of custody checked actually by the diplomatic police at our company to make sure that any evidence beforehand whatever we collected if we had to use for a criminal matter we actually followed all of the local laws to be able to go ahead and hand off evidence so a lot of experience in forensics and

I also I am NOT a law enforcement person but dealing with digital security and knowing that there can be various criminal events that happen I always establish relationships with various law enforcement so that when and if and it's usually when certain things occur that I can go ahead and call up various parties to get assistance and make sure that I know where I need to go to go to the sate next hop and so forth so these types of things are quite important to have in advance before any sort of incident occurs as well as I do want to stress some sort of chain of custody or understanding that whatever evidence you collect in an incident

whether it be for something like a diplomatic issue or a regular business issue you have a full understanding of so that you can hand this off because there's no use letting criminals get away with bad stuff I also have a lot of experience dealing with ministers ambassadors and heads of state as well so I was able to communicate very technical matters because I was a technical executive all the way up to ambassadors and heads of state and ministers so I could speak their language as much as possible because without that they do not understand the severity they do not understand what they need to do and a lot of times they need us to give them advice and if we

cannot communicate with them then it's just like speaking some weird language that they will never understand and we cannot show them a packet capture at all now in addition to this one of the challenges when you're dealing with an embassy is you have to deal with geopolitics and at the time the relationship between the Netherlands and Saudi Arabia was extremely strained as matter of fact shortly before this event Saudi Arabia cancelled all contracts for Dutch companies and basically kicked out most of the Dutch people out of Saudi Arabia who were working as contractors because there was some something that happened and I'm not going to go into detail because that's not my job but because I am a US citizen they trusted

me a lot more as well as I was already trusted within the Aramco family to handle these particular matters and that's one of the other reasons why I was actually chosen to lead this investigation and do all of the negotiations so it first starts out with I I felt so bad as well I was I was trying to eat lunch and I rarely rarely ever got to sit down and eat lunch and I'm sitting there and I'm eating like a spinach sandwich and a big guy comes up to me in a suit and says need to come with me I'm like uh-oh that means something Bad's happened or maybe I'm getting fired who knows man I swear I've

got I was not mining bitcoins on the network maybe so I walk off I probably had spinach in my I did have spinach between my teeth because I had to be rushed off and I asked the gentleman what's going on and he goes I am NOT at that level to discuss that with you I don't know so I was pulled into a room and I was told we need to get you to the embassy as soon as possible and when they described a little bit of what was going on I said hey I need to get my forensics person to accompany me because there's probably going to be some sort of evidence and things that we need to

collect as soon as possible because when you have an incident you need to then figure out what's going on and then try to contain that as much as possible now here's where it got a little started getting very strange because this was very strange event to me it was kind of mind-blowing so the official business email account for the Saudi Arabian embassy in The Hague was using a residential high speed line not a commercial line and had no security except it had a password that was one two three four five six yay right that's everybody's favorite password right there's nothing like using that for official embassy business cool right so that was a bit unfortunate and was

even more unfortunate was the IT person who was there at the Embassy it was his second day he had no security experience and the person before him gave him zero handover as in nothing and they could not get a hold of the former person at all so here this guy's sweating bullets he has no idea what to do and he's like ah and I'm like okay okay okay but we were gonna you know chillax cuz he was definitely panicking and one of the things that the initial attack occurred was they attacker had intercepted some emails seeing that somebody wanted a visa and started sending back communications as if it was the ambassador's secretary because the way

that it was set up was there was only one person that could read the official business emails and only one system that was supposed to be set up that way and that was only the ambassador's secretary because that's the most trusted person within the embassy and they have to be because they know everything that's going on very intimately and what was was a little odd was there was some attempts to ruin the reputation of His Royal Highness Prince Mohammed Ben nawaf bin Abdul Aziz which was at the time the ambassador to the United Kingdom of Saudi Arabia and I cannot show you those emails but it was initially implied that him and another Saudi national who was

married was having some sort of affair which was absolutely not true and so there was multiple things going on with this incident it was a little bit personal the way it was done as well which we started seeing and going hey what kind of profile with the attacker be because they're using certain techniques not at the time very high-end techniques and looking to damage reputation not only to the country of Saudi Arabia but to certain key individuals as well so the first extortion attempt was when a rather controversial figure was sent an email stating hey if you want this visa can you just send 200-year over to eight MoneyGram account and we will expedite your visa well a funny thing is the

Saudi Arabian embassy had stopped issuing visas about two years previous but that wasn't not everybody knew excuse me knew that at the time but they did not handle visas whatsoever and the MoneyGram thing was rather suspicious so this is one of the things that set it off because it was coming from supposedly the ambassador secretary and the good doctor who got the email contacted the Ambassador himself and said hey what's going on with your secretary because MoneyGram account seems a little strange of a way to get my visa right so luckily she could recognize that MoneyGram was not the usual way to pay for a visa so I was kind of good so it started kind of low end and that that

seemed cool at the time and what we did was because I was unable to have full access to all of their network because I am NOT a citizen of Saudi Arabia so I have to listen to what the Ambassador said we then tried to contain everything and changed obviously the password from one two three four five six and advise some recommendation strategies to move them off of a residential line and and various other bits to try to secure them a lot better and so we thought everything was over and done and dusted and then I go to have lunch again two weeks later and then I get the same very large gentleman and as who coming to me again

and saying there is another issue please come with me immediately I'm like oh no please don't let it be the embassy again and guess what it was the embassy again so I really do liken it like space herpes because that's basically what what it felt like at the time because we were not able where I was not able to gain access to all of the systems to look through them myself unfortunately the attacker still had access to the email system even though passwords were changed everything like that and more emails went out and the amount started going up and the diplomatic core for the Netherlands was trying to be helpful even though they were not asked to intervene whatsoever

by the Ambassador and they were trying to be proactive and unfortunately they made matters extremely bad they're very good people I've been I've showed up friends with them but sometimes when you intervene in certain matters and you don't know the entire picture you can make matters worse and that that's just life right so the second extortion attempt went out to GCC Member States so that's basically part of the Middle East and Qatar and Oman were very nice they actually gathered evidence from their embassy to hand off to me which was quite unusual because again I'm not a national of those countries but they were trying to figure out what was going on keep things contained didn't want

more damage to the reputation of Saudi Arabia or themselves so they were extremely cooperative and the attacker using the embassy email went ahead in honor if this works signed it with embassy Isis alright so you know exactly who it is and that's nice to them right you know you know save many lives give us 25 grand from each of the different embassies that they sent this email to still using the Saudi Arabian embassy business email account so you know friendly email right so what had happened was the diplomatic police or diplomatic corps they had sent out a warning to the back end other embassies all around the hague saying hey we've heard about these extortion attempts and

if you happen to get any of these emails go ahead and contact us and we'll try to help you out but the problem was because the attacker was still in the email and they got copied in and the diplomatic Court did not use BCC they used CC the attackers sent back an email and started having a bit of fun let's put it this way so it's not like the clearest here but basically that said hey thank you so much now that we have your attention this is fantastic and all of these accounts so we're going to start raising the extortion attempt up and that's what they started doing so the third extortion attempt started going up and

it started getting more and more personal which was very interesting so the perpetrators sent to the ambassador's Secretary's personal gmail account and sent an extortion attempt for thirty five million dollars so it goes from 200 to 25,000 from Oakland bunch of embassies to 35 million the secretary because it had involved her personal email account she started getting scared as you would as I would write thinking oh my goodness you know they're in my stuff too right so she went to report the matter to the local police however on the behest of the Ambassador and for obvious purposes we requested the local police to not finalize the report and to handle the matter privately and this was

to the point where the Netherlands special intervention unit for terrorism was called in because of the city's me situation I've got a bit of a cold so I'm trying to keep my voice as much as possible so what started happening was they sent another attempt excuse me a text or ssin email and they said hey listen let me sent this to all the embassies there's gonna be this Saudi national day wherever 400 dignitaries are invited to and they're not just VIPs they're VVIP so there's Dutch royalty there's the Ambassador from Japan to the Netherlands the Ambassador from the United States so on and so forth so their spouses they very very very very important people in the world right yes

yes yes yes and the ker house is a national landmark in the Netherlands off of this beach called tre Vanina and it is where all of the wealthy people used to stay before they took cruises around the world back in the day before airplanes were very big because there's a big port there and so this is started to get extremely serious because it now involved over 400 people's lives are being directly threatened and a national landmark in the Netherlands and between this time we the time frame now was getting up to almost two months and at this point in time although it was not publicly known at the Dutch national terrorism police and the diplomatic

corps decided to basically partially shut down part of the embassy quarter of the hague and assign all sorts of plain clothes and uniformed highly armed various type of military and so forth all around the embassy quarter and this was very interesting because also I was also briefed that they had found my name on a list for Isis which was very interesting to get a briefing for that right now here's where I think it gets even stranger and I'll never understand this one so I used to go to this pub called Sherlock's pub that was voted the best British pub in the Netherlands in the hague and it was right by my house at the time and all of a sudden there were

three cult we're at cultural attache z-- from the Turkish embassy and they would sit there and they would sip tea because they did not drink and they asked me for English lessons even though they spoke English this was a little strange and was at this time that also the Dutch assigns me people to keep an eye on me because I was also on this list and they thought it was quite unusual that the Turkish embassy had basically assigned three Intel agents to get English lessons I I still have it was probably the funniest weirdest attempt at spies to do anything I've ever seen in my entire life and so basically this went on for about two and a half weeks the

staff at the pub would keep them company while contacting the Dutch to tell them exactly when they arrived and also I would be notified and then I would be watched during the meetings to try to get information about what was going on now towards the end of their attempts to get English lessons I was given a very unusual gift and I still have it it was thoroughly checked rather personal gift one of them gave me a set of prayer beads which is not something that you would typically give somebody if you don't know them rather well and you're not Muslim so this was thoroughly checked to make sure that there was nothing extra special in it

but I still like to keep it around to remind me of the the most comedic series of super secret squirrel Turkish agents I've ever run into in my entire life right so one of the problems was the primary suspect had diplomatic immunity and the perpetrator was a Saudi national who was an embassy employee and use that diplomatic immunity to his or her advantage and it got even kind of weirder because the ambassador and the secretary and myself had suspected that particular individual so one evening after the embassy had officially closed and that individual had actually left it was only the Ambassador and myself with you know his protection around the building and him and I actually got on

our hands and knees looking underneath desks for various passwords to try to get into the suspects account and I've never seen an ambassador get on his hands and knees with dusty stuff trying to look for stuff but that was actually how severe the situation was and what type of damage could be done because obviously the Saudi Arabian embassy did not want to be associated with an Isis agent who was threatening to kill over 400 people and that was very very bad so we finally found various things and collected a lot of evidence and when I was further investigating the situation I was able to trace one of the hops directly to the neighborhood of where

the suspect lived in The Hague now at this time the Ambassador also did something very unusual he allowed me to take evidence back to my home to investigate and within about 30 minutes I found that the way that the perpetrator was still on the back end of the email system and a Ford er because I could not see that from what they had showed me in the embassy and so we went ahead and shut that down immediately so it took me yeah about 15 minutes and a half a glass of wine to try to relax right but one of the problems is when you're dealing with somebody with diplomatic immunity they're outside law so they can only be

prosecuted generally by their own countries unless there is some sort of egregious egregious thing but the way that this was being handled and obviously or most likely I should say the Netherlands wanted to work with the Saudi Arabians as much as possible in a friendly relationship to try to get their contracts back in the relations relationship back for business relationships so diplomatic immunity it can be a very very tricky tricky thing now towards the end of this we did not pay any sort of extortion whatsoever there was no money paid and there was no promise of money we strung along or I strung along the perpetrator as much as possible and trial basically we could

gather enough evidence to pinpoint that it was actually that particular person now one of the problems as well is not only with diplomatic immunity but people who are assigned to embassies there's a lot of let's say family favors or people that come from certain families that end up getting these types of jobs and that's just the way it is in most countries even in the United States right so you couldn't just send this particular individual back there there were certain politics dealing with this type of thing so instead it was decided to reassign this particular person to an extremely dangerous location very quickly and unfortunately shortly after this person's arrival there was just an unexpected surprise car bomb which took

care of the entire problem so the end result was I ended up being invited to the farewell dinner of the Saudi Arabian ambassadors and what they had done was rented the Rijksmuseum to have a private dinner in front of the most famous piece of art and the Netherlands called the Nightwatchman in English it's so important to Dutch culture then inside the Constitution the painting cannot be owned by a non Dutch person so they this is it's the absolutely most famous one it's by Rembrandt and it is actually huge really big it's nothing like the Mona Lisa that's about right and so at the farewell dinner I was honoured and given some gifts and a card and so forth

and got to wine and dine with some very high-end people unfortunately I was feeling but ill that night so I could not have the fancy fancy wine which was a bit of a shame I could just like smelling I wish I could drink the fancy smancy wine no but I got a very nice card from the Ambassador and a few dignified high fives from some of the other country ambassadors that were more directly affected as well that was kind of nice and I learned a few lessons out of this whole thing and one of the things is and I think most of us are aware of this now when we talk about say cyber warfare election manipulation all

this type of stuff is that geopolitics now play a huge part in cyber security good or bad right and people can die if something goes wrong it isn't just hey can somebody hack insulin pump well it's also you know not only critical infrastructure but what if you have a cyber-terrorist who's actually using this type of methodology and that's not a very good thing whatsoever another thing if you ever accept a gift from a foreign agent make sure it gets thoroughly checked and don't take it home first which I did not so and never accept gifts from a foreign agent because you never know what they'll contain another thing is at the time I had a partner and I did not tell

that partner because I did not want to scare them that I was on a high-value kidnap list for Isis I was in the top ten list so I chose not to stress out that person even though people were you know assigned at a distance away from me and things of that nature so sometimes it might be best to tell your your family a little bit because they obviously they're one hop away from you might be at rest so that was a bit of a mistake oops another thing is when you're in any sort of crisis the best thing you can do is absolutely don't panic just like the the towel and the the book says do not

panic because that is the absolute worst thing you will only make matters worse try to take as many deep breaths as possible and just know that tomorrow will come and you do not have to panic today or tomorrow might not come so that that's a very important matter to keep in mind now I tried to keep time for questions because I like questions and I wanted to give a big shout out to Lana who made up the title of this particular talk and also Bryson bort and Chrissie Morgan who checked out the slides to make sure they actually worked which is quite nice so if you would like to ask any questions please ask away because I

love to answer questions I got one over here I'll try to remember to repeat question was he working alone uh no he went with those three Turkish he possibly and another country as well inadvertently he did not know he was working with another country as well and that's where the malware came from so what happened with the three Turkish spies was after their attempts with the English lessons and things like that they suddenly disappeared and I was told that they were no longer in the country

question-there so I'm assuming that you didn't have any of the emails translated for your slides so I'm just wondering it seems curious to me that they would be threatening Arabic countries from a presumably Arabic organization in English so even though the embassies are in the hague most of the business languages are either French or English so all the emails were actually in English

thanks for the cool talk two questions one should be easy so the suspect wasn't actually working with Isis the suspect wasn't actually if the suspect was working with Isis they were four so it was for real okay yes and then absolutely for real and then the the way you got involved this is because you worked for a Ramco and so that was just considered part of your job duties or this was like a separate thing that you got I mean it's not my business maybe but that's I was trying to figure out the business relationship as to you know how you they would they would rope you in so the business relationship between Aramco and

say the Saudi Arabian embassy is very simple Saudi Aramco is the National Oil Company that is also part of the government itself so if for example there was not a qualified person to be able to handle the event I was pulled in to start setting things up and then they relied on me so heavily because I was speaking with the Ambassador for hours every day and coordinating everything and with legal counsel and with everyone basically they decided just to have me take on the entire event I have two quick questions first was anybody else injured in the car bomb was anybody else injured in the car bomb not that I'm aware of that's good the second the previous sysadmin did you

ever get a hold of him or was he involved the previous sysadmin they did eventually get a hold of him but he was not involved in this incident but I do believe he got a stern talking-to about why the password was one two three four five six right you didn't go into the role of the rootkit at all ah so the role of the rootkit I've decided to keep that because that's a bit more saucy I'll be doing a Def Con Sky talks then we'll be describing that that will not be filmed and I'll be revealing what country was actually behind that as a helper for the ISIS agent question here yes the time for the sky talks is Friday

at 1700 or 5:00 p.m. there's gotta be more questions so your name was on the list yes it's still on the list so my name my name was on the list as far as my where my name is not on the list anymore and luckily what used to be Isis and or iishe I prefer to call them they basically disintegrated and so that's that's a very good thing for me as well as a lot of other people right because we don't like bad people like that and do you reconsider or do additional things when you do travel overseas now um so do I consider additional things when I travel overseas yes absolutely I do and so I keep an eye on myself if I

think that someone is tailing me watching me whatever I notify various authorities I try to take pictures of the individuals I also separate my communications and do a lot of other things to try to keep myself as safe as possible basically I'm glad you're giving the sky talk I was kind of surprised as this went on that this wasn't an underground or sky talk so is this the first time this has been discussed or is it out there in the public been disclosed otherwise so is this the first time this has been discussed around the public otherwise a year ago I wrote a bit of an article about it but I did not discuss much

except using the example of hey you shouldn't have a one two three four five six password on an embassy right because I was actually expecting some kind of like you know super secret squirrel blood sample DNA you know run down to be able to get access to this type of stuff and that was absolutely not the case which was also quite unusual because I'm not sure if most of you are aware but many times an embassy will also be an intelligence gathering capability and so here you've got a business network and an intelligence gathering network and you have a password of one two three four five six so my mind was blown how on earth that would happen in

addition they didn't have any antivirus they only relied on Windows essentials yeah all right yeah it was great we have more questions plenty of time for questions I can do song and dance I can't really show you a song and dance

any comment about the role of Saudi intelligence and all of this any involvement of the Saudi intelligence apparatus involved in this when it was determined that luckily they had segmented their network and the intelligence collection portion was not affected they decided to keep that separate and allow me to do everything else because unfortunately it's only been one year since Saudi Arabia's actually had an official computer emergency response team and their apparatus for dealing with this type of stuff was not very good as a matter of fact and the book that I published I noted that the Saudi Ministry of Foreign Affairs up until April of this year they're secured email system was actually for a TLS certificate was using

a cisco demo certificate which is just like a default credential because yeah I see shaking heads because that's not particularly cool right for an Intelligence Agency you don't particularly want that right so they've been trying they've been trying gotta have more questions what's the weather like in the Netherlands hey with global warming it's getting warmer hi thank you for the excellent speech I'm wondering about the level of sophistication in regards to cyber crime and terrorism do you think that it's is it a high-level threat or is it dormant or yeah so the question is do I think that there's a certain level of sophistication when it comes to these types of cyber terrorist type of groups

or when they're and they're handling this type of thing and the answer is not usually so in the case of Isis they had attempted to hire basically hackers and they went as far as putting an ad in one of the newspapers in India saying basically we're Isis and we're looking for hackers so I would say not typically there have been a few people around like the Cyber Caliphate and a couple of people from the Syrian electronic army who were pretty decent a couple of those people got droned but what we found was that in order to have for them to have a higher level of sophistication they were actually being helped by another nation that they were not aware was actually

assisting them so yeah I see another question someone back here - so this ended up being an inside job but it seems like it would be perfectly capable for someone on a remote site being able to do that was that a concern or fear so it said although this was an inside job anyone could have done this remotely and it was a concern of fear so we had to follow a lot of different hops and make sure so where one email had come from from different hops and gone through various proxies but ultimately the perpetrator had made a bit of an oopsie and that's how we found out I could trace him or her back to then that

neighborhood that they lived in but we were running all over the place going hey we're going to need orders to get logs from say the Netherlands themselves to see the ingress egress traffic at the national level than we were trying to contact other countries as well using diplomatic means because we did not really want to have this in the court system at the time and so we were contacting for example India where there was a Hopf Russia where there was a hopper mania where there was a hop and so forth Russia and India did not respond back Russia just laughed at us so you know what can you do because some of the emails ended up for some of the other

extortion attempts when they could no longer access the embassy email account itself they had set up a Yandex account so that the Russians just laughed but we tried our best to use diplomatic means and I saw a question back here yeah thanks I have a couple questions the first one might be dumb if I missed it that the suspect was this a like a Dutch employee of of the embassy or this was a Saudi national so it was the suspect a Dutch national or Saudi national the suspect was a Saudi national okay and you were saying that you were living in The Hague at the time was that because of your Aramco responsibilities yes so I

was my main office was actually in The Hague because I prefer to live in The Hague than in Saudi Arabia I see is it that leads to be kind of my next question is that typical for like expats like non Saudis that work for a ramco-4700 it is not but I was a bit of a special case I was the one that they called in after the 2012 attacks to set up all of their security and hire the actual security teams and contain things and so forth so they gave me a lot of leeway and at the time I believe I was the highest ranking Western woman and the Aramco family as well okay cool

thank you so if you were to make the payment how would you have made it and how did they determine exactly the amounts associated with it because it seems like the escalated up vomits on that so how would we have paid the extortion and basically the the comical way that it rose from two hundred two fifty million dollars most likely if we had had to pay it would have been in currency and in metals and why it got so big quite frankly the perpetrator wasn't very smart so you know yes I thought that's all I can say see another question when the ransom values were or lower was consideration giving to just paying them so when the ransom values were lower was

there consideration paying them no there was not consideration paying for them because the Saudi Arabian embassy did not want to be in the habit of paying terrorists and that was one of their big beefs with Qatar because there was some Royals that were kidnapped a big group when they were out on a hunting trip and Qatar paid a ransom to get them back and that's one of the reasons why there's a lot of very bad relations between Qatar and Saudi Arabia to this day

[Music] in your work with Aramco how much consideration is given to cybersecurity from like a transportation side of like actually shipping oil and the navigation systems onboard those ships and other capabilities if I select on the production side in terms of like refineries and other cyber capabilities there so is there a focus on cyber security when dealing with shipping oil versus production now at the time that I joined Saudi Aramco had just sold what was the largest fleet of oil tankers in the world called Vela however it was also my job to monitor that particular shipping fleet in my office and I was with a crisis team for any physical threats we did have shortly after I

joined an Insider over in Saudi Arabia who was very peeved that he did not get the job he wanted to so he put on scripts some of our private communications channels which was then used by a group to try to take over our boats one of the boats and we had to call out a team to physically take everything back so I was I also did crisis management for that with a person who was from the Royal Navy who we had hired who was Scottish with the thickest Scottish accent I'd ever heard in my entire life so we had a large concentration on that because even though we did not own the ships themselves it was integral for the

logistics of the company to continue to make money so we had a lot of concentration on that and then also my background is I used to be a military aviator and to this day Aramco has the largest fleet of private aircraft so we're very concerned about issues with our aircraft where they were landing the physical security of that side too as well as we had a lot of concentration on that portion and because the crown jewels of the company were with the ICS production portion we had a lot of leeway with ICS vendors to say you might not be offering this type of security to your regular customers but we will not buy your products anymore unless you

offer us additional stuff do you really want to lose the contract for the most valuable company in the world No okay thank you you'll bent over oil so that's what we did the question this is just sort of an aside did they ever figure out why he was trying to spread rumors about the ambassador the British ambassador I think it was like what connector that was one of the weirdest ones because it didn't make any sense the two people had zero relationship they'd only maybe had been at at one time the Ambassador had been on the board the same board that she had been for a school and the UK that had been fined by something called Ofcom which is

like an educational thing there for having very controversial textbooks and then he got off the board and then she got reassigned to something else we have we have no idea yeah we have no idea why I think it was just an attempt to try to damage certain types of reputations and it could have been because this person was a very I suspend lis person it was a nicest person and the textbooks at the time were extremists that's what the UK government ruled that maybe there was some sort of something going on in his or her head to involve the doctor who had been involved with that particular school but to this day if they hadn't

like they weren't closely related at all the two of them they were not from the same family or the same branch and they had no relationship so it just appeared as though it was trying that the perpetrator was trying to damage little bits and pieces of the reputation as much as possible so it was it was very strange to be honest with you if the person was still alive we could ask him so so got time for some questions I'll make it quick sorry oh no no don't make it because he's so good uh we got about eight minutes so the perpetrator working in the embassy part of a very highly respected family how did the

family deal with the aftermath so how did the family deal with the aftermath I have no idea and yeah I have no idea to be honest with you so yeah that that would have been something that was over in Saudi Arabia so yeah I don't know you mentioned you were a military aviator do you mind sharing what you flew so I was military aviator I was a c5 galaxy loadmaster that's the person who does the weight and balancing calculations of the largest aircraft in the military inventory it's so big it opens from the front and the back the hydraulics will take it down completely do this way in that way and you can load other

airplanes tanks and it's the only aircraft that can load the portable US Army bridge that can go in there I can even or I once loaded up semi trucks several of them inside my aircraft and uh that particular duty you're also the ground commander and you also handle the physical security of the aircraft as well we you select a joke that we were typically assigned three guns on the aircraft one for the flight engineer two for each load master and there were by default three parachutes and guess who's getting the parachute right so that was a lot of fun and it gave me a lot of good experience in avionics airframe and aeronautical engineering and a lot of

maths so I'm very very good at math and I can pack for 19 days with no check-in bags thank bonus right who said the military didn't give you any teachable skills as a civilian right so yes yes so you've written two books do you think this will be a third very possibly very possibly very maybe very may be because there's actually a lot more that went on but this is only a so long of a talk and it was very uh it was one of the oddest points in my entire life because I never imagined that be sucked into all sorts of Prayer be Turkish teach me English lessons hit-list why am I being picked I

got spinach still in my mouth talking to the Ambassador so perhaps so if it was turned into a movie who-who would you want to play you I don't know I don't know Klaus I'm not sure so we stood five more minutes five more minutes I really care tap dance do I continue a relationship with the Ramco at times I was contacted I'm not sure if all of you are aware but in April of this year April or May there was an unusual incident that happened in Aramco in Saudi Arabia and there were three separate drone swarm attacks laden with explosives that took out strategically in three different areas of Saudi Arabia causing ecological damage as well and just blowing up stuff

what was interesting was at my office in The Hague next door to us which we were not in the embassy quarter because we're in the business quarter the many's the Yemen government purchased with cash the building next to us and we had no idea but we had our suspicions where that money came from and one day I'm talking to my boss and I see a drone on the outside and it was coming from the many embassy what was interesting about that was the people who launched the drone attacks were you many M rebels who are being backed by the Iranian government and those were our suspicions of who gave them the cash to buy and unfortunately we could not

legally tell them that they could not try to surveil us and point drones at us so we had to at that time because it was a separate incident not related to this actually had to get the diplomatic corps to speak to them as well because that that was a bit strange got a question so for the role I think you should have your own mastermind bad guy in a James Bond movie wrong I think he was also want to mention how you can talk about these things and how they're not covered by your Aramco NDA anymore just so people know oh well this information wasn't classified I also did not sign an NDA as well but I only discussed certain

things that I am permitted to discuss from the company because obviously I would not want to over in a relationship with them so all right and with that we're gonna wrap it so let's give a round of applause

[Applause]