Junade Ali

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Junade Ali
Junade Ali and Troy Hunt.jpg
Junade Ali (left) with Troy Hunt (right)
Born1996 (age 25–26)[1]
CitizenshipUnited Kingdom
Known forCybersecurity research

Junade Ali CEng is a British computer scientist known for research in cybersecurity.[2][1][3][4][5][6]

Ali studied for a Master of Science degree aged 17 and was awarded Chartered Engineer status by 24.[2][7] He started his research career working on the UK's Motorway Incident Detection and Automatic Signalling network and working on the maximum coverage problem in road traffic sensor placement.[8][9][10][11]

Ali later worked for cybersecurity firm Cloudflare as an engineering manager where he worked on developing network diagnostic tooling, a security operations center and safety-engineered natural language processing.[12][13][14][15][16]

In February 2018, Ali created the first Compromised Credential Checking protocol (using k-anonymity and cryptographic hashing) to anonymously verify whether a password was in a data breach without fully disclosing the searched password.[17][18] This protocol was implemented as a public API and is now consumed by multiple websites and services, including password managers[19][20] and browser extensions.[21][22] This approach was later replicated by Google's Password Checkup feature and by Apple iOS.[23][24][25][26] Ali worked with academics at Cornell University to develop new versions of the protocol known as Frequency Smoothing Bucketization (FSB) and Identifier-Based Bucketization (IDB).[27] In March 2020, cryptographic padding was added to the protocol.[28] Ali's research was praised in Canadian cryptographer Carlisle Adams book, Introduction to Privacy Enhancing Technologies.[29]

Ali conducts cybersecurity research on North Korea and provides expert commentary to journalists at NK News.[30][31][32][33]

In January 2022, Ali told journalists at NK News and Reuters that he had observed North Korea's internet being taken offline in a second major outage that month following a missile test, Ali told journalists that data he collected was consistent with a DDoS attack.[34][35][36][37][38] South Korean Government officials responded by saying "we are monitoring the situation under coordination with relevant government agencies," without elaborating further.[39] Wired journalist, Andy Greenberg, later confirmed the downtime resulted from an attack and reported that a single American hacker by the pseudonym P4x had shared evidence of his responsibility.[40]

Ali currently owns the technology consultancy, Tansume Limited where he consults for cybersecurity firm Risk Ledger and engineering productivity company Haystack Analytics.[7][41] In July 2021, Ali commissioned a study by Survation for Haystack Analytics which found that 83% of software developers were suffering from burnout.[42][43][44] The poll also found 57% of software engineers agreed "to a great extent" or "to a moderate extent" with the phrase "Software reliability at my workplace concerns me".[45][46] Ali claimed this was "the first time representative opinion polling was used to understand software engineers."[47]

During the COVID-19 pandemic, Ali worked on security improvements to the (Google/Apple) Exposure Notification system used to create public health contact tracing apps.[48]

Selected Publications[edit]

  • Li, L., Pal, B., Ali, J., Sullivan, N., Chatterjee, R. and Ristenpart, T., 2019, November. Protocols for checking compromised credentials. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1387–1403).[27]
  • Ali, J. and Dyo, V. (2020). Practical Hash-based Anonymity for MAC Addresses. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT, ISBN 978-989-758-446-6; ISSN 2184-7711, pages 572–579. DOI: 10.5220/0009825105720579.[49]
  • Ali, J. and Dyo, V., 2021, January. Cross hashing: Anonymizing encounters in decentralised contact tracing protocols. In 2021 International Conference on Information Networking (ICOIN) (pp. 181–185). IEEE.[48]
  • Pikies, M. and Ali, J., 2019, April. String similarity algorithms for a ticket classification system. In 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT) (pp. 36–41). IEEE.[13]
  • Ali, J. and Dyo, V. (2017). Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 5: WINSYS, (ICETE 2017) ISBN 978-989-758-261-5, pages 83–88.[10]
  • Ali, J. (2016). Mastering PHP Design Patterns (book). Packt Publishing Ltd.[50]
  • Ali, J. and Pikies, M. (2019). Password Authentication Attacks at Scale. The 6th International Conference on Advanced Engineering – Theory and Applications 2019.[16]


  1. ^ a b CEng registration number 673221. https://www.engc.org.uk/regcheck
  2. ^ a b "From apprentice to Chartered Engineer: at just 24". theiet.org. Retrieved 29 January 2022.
  3. ^ Hollister, Sean (7 August 2020). "Have I Been Pwned – which tells you if passwords were breached – is going open source". The Verge. Retrieved 29 January 2022.
  4. ^ Oshin, Olafimihan (26 January 2022). "Cyberattack suspected in North Korean internet outage". The Hill.
  5. ^ Marks, Joseph (27 January 2022). "Analysis | The administration wants to prevent an attack on water supplies". The Washington Post. Retrieved 29 January 2022.
  6. ^ Saran, Cliff. "Team leaders urged to address developer mental health". Computer Weekly. Retrieved 29 January 2022.
  7. ^ a b "Junade Ali". leaddev.com. Retrieved 29 January 2022.
  8. ^ Smedley, Peggy (8 April 2021). "Are Software Engineers Burned Out? - Connected World". Archived from the original on 1 September 2021. Retrieved 8 April 2021.
  9. ^ Velisavljevic, Vladan; Cano, Eduardo; Dyo, Vladimir; Allen, Ben (December 2016). "Wireless Magnetic Sensor Network for Road Traffic Monitoring and Vehicle Classification". Transport and Telecommunication Journal. 17 (4): 274–288. doi:10.1515/ttj-2016-0024. S2CID 113767695.
  10. ^ a b Ali, Junade; Dyo, Vladimir (2017). "Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach". Proceedings of the 14th International Joint Conference on E-Business and Telecommunications: 83–88. doi:10.5220/0006469800830088. ISBN 978-989-758-261-5.
  11. ^ Ali, Junade; Dyo, Vladimir; Zhang, Sijing (October 2020). "Battery-assisted Electric Vehicle Charging: Data Driven Performance Analysis". 2020 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe): 429–433. arXiv:2010.14455. doi:10.1109/ISGT-Europe47291.2020.9248941. ISBN 978-1-7281-7100-5. S2CID 225075890.
  12. ^ Ali, Junade (2019). "Support Operations Engineering: Scaling Developer Products to the Millions". SRECon 2019. Usenix. Retrieved 29 January 2022.
  13. ^ a b Pikies, Malgorzata; Ali, Junade (April 2019). "String similarity algorithms for a ticket classification system". 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT): 36–41. doi:10.1109/CoDIT.2019.8820497. ISBN 978-1-7281-0521-5. S2CID 201832895. Retrieved 29 January 2022.
  14. ^ Pikies, Malgorzata; Ali, Junade (1 July 2021). "Analysis and safety engineering of fuzzy string matching algorithms". ISA Transactions. 113: 1–8. doi:10.1016/j.isatra.2020.10.014. ISSN 0019-0578. PMID 33092862. S2CID 225051510. Retrieved 29 January 2022.
  15. ^ Pikies, Malgorzata; Riyono, Andronicus; Ali, Junade (24 September 2020). "Novel Keyword Extraction and Language Detection Approaches". arXiv:2009.11832 [cs.CL].
  16. ^ a b Ali, Junade; Pikies, Malgorzata (2021). "Password Authentication Attacks at Scale". AETA 2019 - Recent Advances in Electrical Engineering and Related Sciences: Theory and Application. Lecture Notes in Electrical Engineering. Springer International Publishing. 685: 394–403. doi:10.1007/978-3-030-53021-1_40. ISBN 978-3-030-53020-4. S2CID 224838150. Retrieved 29 January 2022.
  17. ^ "Find out if your password has been pwned—without sending it to a server". Ars Technica. Retrieved 24 May 2018.
  18. ^ "1Password bolts on a 'pwned password' check – TechCrunch". techcrunch.com. Retrieved 24 May 2018.
  19. ^ "1Password Integrates With 'Pwned Passwords' to Check if Your Passwords Have Been Leaked Online". Retrieved 24 May 2018.
  20. ^ Conger, Kate. "1Password Helps You Find Out if Your Password Is Pwned". Gizmodo. Retrieved 24 May 2018.
  21. ^ Condon, Stephanie. "Okta offers free multi-factor authentication with new product, One App | ZDNet". ZDNet. Retrieved 24 May 2018.
  22. ^ Coren, Michael J. "The world's biggest database of hacked passwords is now a Chrome extension that checks yours automatically". Quartz. Retrieved 24 May 2018.
  23. ^ Wagenseil I, Paul (5 February 2019). "Google's New Chrome Extension Finds Your Hacked Passwords". laptopmag.com.
  24. ^ "Google Launches Password Checkup Extension to Alert Users of Data Breaches". BleepingComputer.
  25. ^ Dsouza, Melisha (6 February 2019). "Google's new Chrome extension 'Password CheckUp' checks if your username or password has been exposed to a third party breach". Packt Hub.
  26. ^ Hunt, Troy (7 August 2020). "I'm Open Sourcing the Have I Been Pwned Code Base". Troy Hunt. Retrieved 29 January 2022.
  27. ^ a b Li, Lucy; Pal, Bijeeta; Ali, Junade; Sullivan, Nick; Chatterjee, Rahul; Ristenpart, Thomas (6 November 2019). "Protocols for Checking Compromised Credentials". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM: 1387–1403. arXiv:1905.13737. Bibcode:2019arXiv190513737L. doi:10.1145/3319535.3354229. ISBN 978-1-4503-6747-9. S2CID 173188856.
  28. ^ Ali, Junade (4 March 2020). "Pwned Passwords Padding (ft. Lava Lamps and Workers)". The Cloudflare Blog. Retrieved 12 May 2020.
  29. ^ Adams, Carlisle (2021). Introduction to Privacy Enhancing Technologies. Springer. doi:10.1007/978-3-030-81043-6. ISBN 978-3-030-81042-9. S2CID 240157551. Retrieved 29 January 2022.
  30. ^ Choy, Min Chao (26 February 2021). "North Korean hackers breached sensitive defense network at Russian firm". NK PRO. Retrieved 29 January 2022.
  31. ^ Weisensee, Nils (2 April 2021). "North Koreans sharpen their cyberskills at online coding competitions". NK PRO.
  32. ^ Weisensee, Nils (25 May 2021). "North Korean websites go dark after botched server upgrade - NK News". NK News - North Korea News. Retrieved 29 January 2022.
  33. ^ Referenced in 13 articles from February 2021 to January 2022: https://www.nknews.org/?s=Junade+Ali
  34. ^ Weisensee, Nils (26 January 2022). "DDOS attack cuts off North Korea's internet after fifth missile test". NK PRO. Retrieved 29 January 2022.
  35. ^ Shull, Abbie. "North Korea recently disappeared from the internet for a little while, and it looks like it has happened again". Business Insider.
  36. ^ "North Korean Internet downed by suspected cyber attacks: Researchers". CNA.
  37. ^ Ward, Er; Thompson, Alex; Forgey, Quint. "The NSC's weekly Ukraine crisis club". Politico.
  38. ^ Smith, Josh (26 January 2022). "N.Korean internet downed by suspected cyber attacks -researchers". Reuters. Retrieved 2 February 2022.
  39. ^ "Seoul monitoring situation after N. Korea hit by suspected cyber attack". The Korea Herald. Yonhap. 27 January 2022. Retrieved 29 January 2022.
  40. ^ Greenberg, Andy. "North Korea Hacked Him. So He Took Down Its Internet". Wired. Retrieved 2 February 2022.
  41. ^ "Junade Ali". Retrieved 29 January 2022.
  42. ^ Anderson, Tim. "Report: 83% of UK software engineers suffer burnout, COVID-19 made it worse". The Register. Retrieved 29 January 2022.
  43. ^ Hughes, Owen. "Developers are exhausted. Here's what needs to change". ZDNet. Retrieved 29 January 2022.
  44. ^ Millman, Rene. "83% of developers suffer from burnout". IT PRO. Retrieved 29 January 2022.
  45. ^ Farrell, Nick. "Software reliability a key problem during 2021". fudzilla.com. Retrieved 29 January 2022.
  46. ^ Fadilpašić, Sead (1 October 2021). "Software reliability has become a bigger issue for developers". ITProPortal. Retrieved 29 January 2022.
  47. ^ Ali, Junade. "How to prevent developer burnout". Computer Weekly. Retrieved 29 January 2022.
  48. ^ a b Ali, Junade; Dyo, Vladimir (January 2021). "Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols". 2021 International Conference on Information Networking (ICOIN): 181–185. doi:10.1109/ICOIN50884.2021.9333939. ISBN 978-1-7281-9101-0. S2CID 218889457. Retrieved 29 January 2022.
  49. ^ Ali, Junade; Dyo, Vladimir (2020). "Practical Hash-based Anonymity for MAC Addresses". Proceedings of the 17th International Joint Conference on E-Business and Telecommunications: 572–579. arXiv:2005.06580. doi:10.5220/0009825105720579. ISBN 978-989-758-446-6. S2CID 218629946. Retrieved 29 January 2022.
  50. ^ Ali, Junade (2016). Mastering PHP design patterns : develop robust and reusable code using a multitude of design patterns for PHP 7. ISBN 9781785887130. Retrieved 29 January 2022.