That time a nation-state slid into my DMs and asked me to teach them how to hack nuclear facilities
By Chris Kubecka Author of How to Hack a Modern Dictatorship: The Digital CIA/OSS Sabotage Book and Hack the World With OSINT & cyber espionage target. New Series!
If you want to support further articles and research consider becoming a paid subscriber or buy one of my books :-)
Like most mornings, the day began with a strong cup of coffee and a scroll through social media. I was neck-deep in building my cybersecurity start-up, HypaSec, named after Hypatia, the brilliant Alexandrian mathematician murdered for daring to be a badass, respected, and a woman.
The irony wasn’t lost on me.
Start-ups are always a grind. Lead generation is harder when you're more comfortable reverse-engineering malware than crafting sales funnels. But nothing in my inbox that day prepared me for what came next.
They came slowly at first.
I mean, what freelancer wouldn’t be intrigued by a message that basically says,
“Let me give you some money”?
Sometimes, though, when an offer seems too good to be true…
…it comes with the risk of life imprisonment or execution in Iran.
It began when I was handpicked by Monica Witt, a former USAF intelligence airman turned defector who is still evading justice. She helped Iran build its offensive cyber operations playbook. “From January 2014 through May 2015, Witt used fraudulent Facebook accounts to investigate intelligence personnel and prepare "target packages" for Iran to use and attempt recruitment.”
Now, they wanted me to contribute a new chapter.
Bribery offers.
Sockpuppet profiles spun up with stolen likenesses.
Custom websites pretending to be legitimate businesses.
Messages from agent handlers that evolved into flattering, manipulative appeals, each more devious than the last.
Imagine if they’d had GenAI or Deepfake technology, frack me!
Over a gruelling four-year period, I was dragged deeper into the wilderness of mirrors.
An environment built on deception, dissident assassinations, agent provocateurs, and disinformation. Where it became nearly impossible to tell digital reality from illusion.
They spun a story of opportunity.
I saw it for what it was:
Espionage disguised as professional flattery. With a big cash bonus and a very short life span.
When I didn’t bite, after finally getting my report in to the right government agency. Boy oh boy the tone shifted!
It crept in like a shadow.
Growing.
Choking.
Suddenly, I was wanted.
Sometimes even hunted.
By a terrorist nation-state and its well-funded proxies.
Doxxing.
Assassination threats.
Then attempts.
They tried to ruin my name online.
They tried to erase me offline.
What did I do?
I hacked them back.
Over and over and over again. Using customer crafted dorks, wonderful internet methods of finding IOT camera using tools like Censys, and much, much more (insert trademark evil laugh).
I hate bullies.
That’s why my favourite media quote remains:
💥 “Revenge is best served over IoT.”
Iran and I? We've danced before. Fun times…
In 2012, Shamoon malware nearly took down Saudi Aramco, rippling across the global oil market.
I was recruited to help with the recovery, deep in the breach, restoring Aramco’s critical operations.
Two years later in 2014, the Royal Saudi Embassy in The Hague was hacked.
Iran's fingerprints were all over it, indirect, deniable, but visible if you knew where to look.
Their proxies demanded €50 million.
The threat? Destroying the Kurhaus, an iconic hotel in The Hague, holding the so-called City of Peace hostage.
Meanwhile:
Drones buzzed our office windows.
One of their probable proxies e was caught tunnelling under our EU HQ, trying to tap our fiber optic cables.
Now, for the first time, I’m telling my story.
The one behind the headlines.
In my words.
With memes.
👁️ Behind the sockpuppets and techniques used to recruit cyber spies.
🔥 Inside the web of cyber espionage.
🚫 Why I said no—and what happened next.
📚 Further Reading & Sources
🕵️♀️ Iranian Cyber Recruitment Campaign
• Ars Technica: Iran courted US security expert for years
• MEI Podcast: Hacker-for-Hire with Steph Shample
• DeepSec: Journey Into Iranian Cyber Espionage
🔥 The 2012 Shamoon Malware Attack
• CNN Business: Inside the biggest hack in history
• Darknet Diaries, Ep. 30: Shamoon & how we rebuilt
🏛️ The 2014 Saudi Embassy Hack – The Hague
• CyberScoop: Saudi embassy’s cyber wake-up call
• CSO Online: Inside the 2014 hack of a Saudi embassy
📌 More on Me
• Chris Kubecka – Wikipedia
#CyberSecurity #Espionage #Iran #NationStateThreats #Hacking #OSINT #Infosec #TheHacktress #NuclearSecurity
Chris Kubecka is the founder and CEO of Hypasec NL an esteemed cyberwarfare expert, advisor to numerous governments, UN groups and freelance journalist. She is the former Aramco Head of Information Protection Group and Joint Intelligence Group, former. Distinguished Chair of the Middle East Institute, veteran USAF aviator and U.S. Space Command. She specializes in critical infrastructure security and unconventional digital threats and risks. When not getting recruited by dodgy nation-states or embroiled in cyber espionage, she hacks dictatorships (affiliate link to my book) and drinks espresso.