How a Teenage Saudi Hacker Went From Lockpicking to Ransomware

Younger speakers and researchers often garner plenty of interest at cybersecurity conferences, and these teenage stars often gain a following after it is over. Marco Liberale, a 13-year-old from Saudi Arabia who recently presented at the Black Hat Middle East and Africa on the subject of navigating ransomware, is likely no exception having taught himself lockpicking at 3; Python coding at 5; and malware writing shortly after that.

Liberale received praise for his presentation, in particular by researcher and Boom Supersonic CISO Chris Roberts, who said Liberale showed "how to write it, build it, design it, deploy it, and remediate systems against being taken over by it" — it being ransomware.

Dark Reading met with Liberale and his mother, Caterina Carna, to understand more about how this industry snagged his interest, and what's in store for the phenom going forward.

Marco Liberale on stage at Black Hat Middle East and Africa

How did you get interested in cybersecurity?

Marco: When I was three I was already interested in physical security, like locks and lock picking, then I learned Python when I was five and I kind of moved from there to cybersecurity. I made my first malware at the time; it was not very good though.

Was he lock picking from his crib?

Caterina: He was obsessed with chains and locks. He didn't want toys, he just wanted to go to hardware stores and buy locks and chains. My house was totally inaccessible to me because he was locking every room and I needed to ask him for permission to open it, but he was obsessed with this. But I always let him do it because I understood that there was something big inside him.

I just felt that I needed to support him as much as I could, and I let him know whatever he wanted to do to express himself in any possible way, but he was always attracted to security somehow.

How did you learn about cybersecurity, did you see it on TV and think that's something you want to do?

Marco: I mostly saw it on the news and stuff. I've always been interested in the security field and how people get in and how to stop people from getting in.

What about certifications, what are you doing now?

Marco: I study at Kings Interhigh online school, but I am way too young for most of the certifications. I'm still going to get Comptia Security+, I'm studying for that.

Are you finding a lot of opportunity to learn skills at events here?

Marco: I do have a lot of opportunities to do so. I've met a lot of people even like at KAUST [the King Abdullah University for Science and Technology]. There's a big IT field there as it is mostly focused on science and IT.

Do you have friends who are also doing this?

Marco: No, most kids my age are just playing soccer. That's what I've seen personally.

Do you have ambitions of where you want to do next, like study abroad, or work at certain companies?

Marco: I'm probably going to make a startup. I'm mostly self-taught in general, but I work with Chris [Roberts] a lot.

Caterina: We were here last year at the Black Hat conference and we met Chris, they got connected on LinkedIn and started to talk and during this conference this year, they did a talk together on the main stage. They had a lot of fun here and Chris is one of the most generous people I've ever met.

Do you look at people in the industry who inspire you?

Marco: Not that much. I don't have many inspirations, I mostly just work on my stuff. I don't really like getting inspired by other people.

How did you get to be involved in this conference?

Caterina: Marco met with Ed Sleiman, who is the head of cybersecurity at KAUST, and Ed recognized his talent. So Ed brought him to the Black Hat conference last year, connected us with the organizers and they were pretty excited about having a young speaker like that. He did a talk on OSINT, and this year they invited him to present again.

Do you have any plans for the future?

Marco: Now, I don't have any plans, I want to see what I can learn.