KPN

Jordi Scharloo is no stranger to the police. Not because he does anything wrong, but because, as a researcher at KPN, he works alongside them to make the internet safer. In fact, Jordi and his team often join forces with organizations outside KPN’s corporate world. “One of the things we do is share our knowledge of information on the darknet.”
The fact that cybercrime is hardening is hardly a new phenomenon. “Criminals use ransomware to block access to your files, but they also leak your data if their attack didn’t have the desired result. We’re also seeing activities shifting to channels like Telegram, malware is becoming increasingly sophisticated, and more and more attacks are taking place on the supply chain, for example at service providers or software suppliers.” Those are the words of Jordi Scharloo, Team Lead of the Security Research Team at KPN Security. He and his team conduct research into all kinds of cybercrime. “We do a lot in terms of sharing knowledge, both internally and with external organizations. We fulfill KPN’s social role.”

A multidisciplinary team
What does that actually mean, a social role? Jordi: “Obviously, we’re a commercial organization, but issues such as sustainability and security are important to us. Initiatives like No More Leaks, in which we collaborate with the police, are widely embraced in the company.” Jordi has been a Team Lead at KPN Security for two years now. “As part of my role, I spend a lot of time working with technology, and I mentor both specialist researchers and young, ambitious, talented people who are pursuing a career in cyber. Our team is multidisciplinary, for example, we have someone who’s great at open-source intelligence and others who are experts in resource logging or hardware hacking. I mainly specialize in threat intelligence and network analyses.”
KPN sees cooperation with external partners as instrumental to ensuring customers’ digital security in various ways. “We try to be a knowledge partner and see where we could be of assistance in society. For example, the No More Leaks initiative launched by the police is fantastic.” Data breaches are happening all the time, and data dumps containing login credentials are popping up everywhere. “The police share the hashes of this data – encrypted, of course – with private partners with whom agreements have been made on issues such as security and ownership. These hashes are then stored on the internal systems of these partners, so when an attempt is made to log in using stolen credentials, the system can intervene automatically. The beauty of this partnership is that it helps to keep our users safe while at the same time undermining criminals’ business model.”

Investigating data breaches
Jordi communicates regularly with his colleagues in the police. “We share our ideas for using hashing algorithms or delivering data, for example. But the biggest wins are usually in the data we capture as by-products of investigations. Data dumps are routinely offered on darknet marketplaces or in chat rooms engaged in illegal activities. One of my team’s main tasks is to search for data breaches, which we genuinely do altruistically, driven by a sense of civic responsibility. We do this so that we can proactively inform organizations and help people who may be victims of a data breach. We also develop tools for this, for example based on Docker and Elasticsearch.”

Another partnership that Jordi is proud of is the Hack Right Program. “Young hackers in particular sometimes overstep the mark when committing intrusions. The police’s High Tech Crime team, in collaboration with the Dutch Probation Foundation, has set up an initiative where these young people can learn about being a security specialist within an organization. They don’t start working at KPN right away, but we do offer them guidance to help them successfully complete a study program, get a job, or just have a better future.”

Doing nothing isn’t an option
The Security Research Team is also frequently engaged in assessing innovative start-ups and new technologies. Hackers never sit still, so neither does KPN. But how do you know if a new product is the real deal, and how can you spot where the next step is ready to be made? “Examples here include innovative firewalls or organizations working on quantum computing. KPN has been supporting these kinds of organizations for a while now, and I also provide advice on which technology is of interest.”
For his colleagues at KPN Security, Jordi and his team produce publications on current developments and their impact. “This might cover new attack strategies, new types of malware, or new practices being used by cyber criminals. We stay on top of all that.” Beyond that, it is important to continue to educate and train young people. “There are few senior professionals in this relatively young field, so I’m regularly involved in student research projects and designing internships.” One of those research projects focused on smart homes and IoT. “Smart locks are starting to become quite popular, but they can still be unsafe if obsolete protocols are used or there’s no proper update policy. We run those kind of research projects through universities, but we also work with colleges. We come across talented and enthusiastic students at every level. Fortunately, my employer gives me the space to help them further; that’s a huge motivator.”

From dial-up modems to threat intelligence
How did Jordi actually end up in this line of work? “My background is in software development. Even when I was young, I knew I wanted to do something with computers. My first computer was one of those Windows 95 machines, with the primary memory still in megabytes. I can also remember having a dial-up modem at home, so I couldn’t surf the Internet if my mom wanted to make a phone call.” Jordi initially wanted to be a programmer, thinking that the rise of cloud computing would reduce the need for system and network administrators. “But at some point along the way I discovered security, so I did a degree in information security and went on to work as a malware analyst at a company that developed an antivirus package. There I picked apart samples of malware. At some stage, as we switched from antivirus software to network security, I became involved in threat intelligence and network detection.”
Within KPN, Jordi is given plenty of leeway to focus on what he thinks is important. “Although we’re a large organization in which processes are everything, I still have a lot of freedom. That also suits this kind of work. I want my team to feel that freedom as well. Some colleagues prefer to work at night and stay up until the early hours analyzing. As far as I’m concerned, they really don’t have to attend a stand-up meeting at 9.00 a.m. the next day; we’ll catch up with each other at lunch.” It is also common for a team member to “find something cool on, say, GitHub”, after which the team discusses how they can capitalize on it. “This team has a lot of energy and that’s sorely needed because we work in an ever-changing world. Sometimes you can spend two months working on a scraper for a darknet marketplace, and just like that it’s taken offline. That really sucks, but there’s always a new challenge to sink your teeth into.”