Junade Ali

Junade Ali CEng FIET
Junade Ali (left) with Troy Hunt
Born	1996 (age 27–28)[1]
Nationality	British
Citizenship	United Kingdom
Known for	Cybersecurity research
Scientific career
Thesis	Cryptographic Hash-Based Anonymisation of Wireless Unique Identifiers (2022)
Doctoral advisor	Vladimir Dyo

Junade Ali CEng FIET is a British computer scientist known for research in cybersecurity.^{[2][1][3][4][5][6][7]}

Education & Regulatory Registration

Ali studied for a Master of Science degree aged 17, was awarded Chartered Engineer status at 23 and became the youngest ever Fellow of the IET at 27.^{[2][8][9][10][11]} He holds a PhD in cryptography.^[12][13]

Career

He started his research career working on the UK's Motorway Incident Detection and Automatic Signalling network and working on the maximum coverage problem in road traffic sensor placement.^{[14][15][16][17]}

Ali later worked for cybersecurity firm Cloudflare as an engineering manager where he worked on developing network diagnostic tooling, a security operations center and safety-engineered natural language processing.^{[18][19][20][21][22]}

In February 2018, Ali created the first Compromised Credential Checking protocol (using k-anonymity and cryptographic hashing) to anonymously verify whether a password was in a data breach without fully disclosing the searched password.^[23][24] This protocol was implemented as a public API and is now consumed by multiple websites and services, including password managers^[25][26] and browser extensions.^[27][28] This approach was later replicated by Google's Password Checkup feature and by Apple iOS.^{[29][30][31][32]} Ali worked with academics at Cornell University to develop new versions of the protocol known as Frequency Smoothing Bucketization (FSB) and Identifier-Based Bucketization (IDB).^[33] In March 2020, cryptographic padding was added to the protocol.^[34] Ali's research was praised in Canadian cryptographer Carlisle Adams book, Introduction to Privacy Enhancing Technologies.^[35]

Ali conducts cybersecurity research on North Korea and provides expert commentary to journalists at NK News.^{[36][37][38][39]}

In January 2022, Ali told journalists at NK News and Reuters that he had observed North Korea's internet being taken offline in a second major outage that month following a missile test, Ali told journalists that data he collected was consistent with a DDoS attack.^{[40][41][42][43][44]} South Korean Government officials responded by saying "we are monitoring the situation under coordination with relevant government agencies," without elaborating further.^[45] Wired journalist, Andy Greenberg, later confirmed the downtime resulted from an attack and reported that a single American hacker by the pseudonym P4x had shared evidence of his responsibility.^[46] In November 2022, news outlets reported that Ali had said that North Korea's internet was hit by the largest outages in months amid increased missile launches and other military activity, with Ali saying he'd "be surprised if this wasn’t an attack".^[47][48] In 2023, Ali told reporters at NK News that North Korea faced another 'total internet outage' in advance of the reported Malligyong-1 satellite launch.^[49]

Ali's consultancy clients have included cybersecurity firm Risk Ledger and engineering productivity company Haystack Analytics.^[8][50] In July 2021, Ali commissioned a study by Survation for Haystack Analytics which found that 83% of software developers were suffering from burnout.^[51][52][53] The poll also found 57% of software engineers agreed "to a great extent" or "to a moderate extent" with the phrase "Software reliability at my workplace concerns me".^[54][55] Ali claimed this was "the first time representative opinion polling was used to understand software engineers."^[56]

In November 2023, Ali served as principal investigator for an investigation by the software auditing firm Engprax, which identified that 53% of software engineers in the UK have suspected wrongdoing at work with 75% reporting they faced retaliation the last time they reported wrongdoing to their employers.^[57][58] The research also found that Worldpay had used a gagging clause banned by the Financial Conduct Authority and shed new light on gagging clauses by Post Office Limited during the British Post Office scandal.^{[59][60][61][62]} The research also found that "industry-standard" DORA metrics used for evaluating the DevOps performance of engineering teams were solely measuring factors that both software engineers and the wider public thought were least important when using computer systems.^[63]

During the COVID-19 pandemic, Ali worked on security improvements to the (Google/Apple) Exposure Notification system used to create public health contact tracing apps.^[64][7]

Selected publications

• Li, L., Pal, B., Ali, J., Sullivan, N., Chatterjee, R. and Ristenpart, T., 2019, November. Protocols for checking compromised credentials. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1387–1403).^[33]
• Ali, J. and Dyo, V. (2020). Practical Hash-based Anonymity for MAC Addresses. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT, ISBN 978-989-758-446-6; ISSN 2184-7711, pages 572–579. DOI: 10.5220/0009825105720579.^[65]
• Ali, J. and Dyo, V., 2021, January. Cross hashing: Anonymizing encounters in decentralised contact tracing protocols. In 2021 International Conference on Information Networking (ICOIN) (pp. 181–185). IEEE.^[64]
• Pikies, M. and Ali, J., 2019, April. String similarity algorithms for a ticket classification system. In 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT) (pp. 36–41). IEEE.^[19]
• Ali, J. and Dyo, V. (2017). Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 5: WINSYS, (ICETE 2017) ISBN 978-989-758-261-5, pages 83–88.^[16]
• Ali, J. (2016). Mastering PHP Design Patterns (book). Packt Publishing Ltd.^[66]
• Ali, J. and Pikies, M. (2019). Password Authentication Attacks at Scale. The 6th International Conference on Advanced Engineering – Theory and Applications 2019.^[22]

References

1. CEng registration number 673221. https://www.engc.org.uk/regcheck
2. "From apprentice to Chartered Engineer: at just 24". theiet.org. Retrieved 29 January 2022.
3. Hollister, Sean (7 August 2020). "Have I Been Pwned – which tells you if passwords were breached – is going open source". The Verge. Retrieved 29 January 2022.
4. Oshin, Olafimihan (26 January 2022). "Cyberattack suspected in North Korean internet outage". The Hill.
5. Marks, Joseph (27 January 2022). "Analysis | The administration wants to prevent an attack on water supplies". The Washington Post. Retrieved 29 January 2022.
6. Saran, Cliff. "Team leaders urged to address developer mental health". Computer Weekly. Retrieved 29 January 2022.
7. Dodds, Io (22 January 2023). "How faulty software has left society on the edge of disaster". The Independent. Retrieved 29 January 2023.
8. "Junade Ali". leaddev.com. Retrieved 29 January 2022.
9. "Computer scientist from Rugby named the youngest ever Fellow of the Institution of Engineering and Technology". Rugby Observer. Retrieved 27 June 2023.
10. Newmond, Jeff (26 June 2023). "IET Fellow Junade Ali Becomes Youngest Member Ever - BusinessMole". Retrieved 27 June 2023.
11. "Dr Junade Ali newly named youngest IET Fellow". www.theiet.org. Retrieved 4 July 2023.
12. Saran, Cliff. "A non-conventional career journey into IT security | Computer Weekly". ComputerWeekly.com. Retrieved 27 August 2023.
13. Ali, Junade (2022). "Cryptographic hash-based anonymisation of wireless unique identifiers". British Library EThOS. British Library. Retrieved 27 August 2023.
14. Smedley, Peggy (8 April 2021). "Are Software Engineers Burned Out? - Connected World". Archived from the original on 1 September 2021. Retrieved 8 April 2021.
15. Velisavljevic, Vladan; Cano, Eduardo; Dyo, Vladimir; Allen, Ben (December 2016). "Wireless Magnetic Sensor Network for Road Traffic Monitoring and Vehicle Classification". Transport and Telecommunication Journal. 17 (4): 274–288. doi:10.1515/ttj-2016-0024. hdl:10547/622026. S2CID 113767695.
16. Ali, Junade; Dyo, Vladimir (2017). "Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach". Proceedings of the 14th International Joint Conference on e-Business and Telecommunications. pp. 83–88. doi:10.5220/0006469800830088. hdl:10547/622159. ISBN 978-989-758-261-5.
17. Ali, Junade; Dyo, Vladimir; Zhang, Sijing (October 2020). "Battery-assisted Electric Vehicle Charging: Data Driven Performance Analysis". 2020 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe). pp. 429–433. arXiv:2010.14455. doi:10.1109/ISGT-Europe47291.2020.9248941. ISBN 978-1-7281-7100-5. S2CID 225075890.
18. Ali, Junade (2019). "Support Operations Engineering: Scaling Developer Products to the Millions". SRECon 2019. Usenix. Retrieved 29 January 2022.
19. Pikies, Malgorzata; Ali, Junade (April 2019). "String similarity algorithms for a ticket classification system". 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT). pp. 36–41. doi:10.1109/CoDIT.2019.8820497. ISBN 978-1-7281-0521-5. S2CID 201832895. Retrieved 29 January 2022.
20. Pikies, Malgorzata; Ali, Junade (1 July 2021). "Analysis and safety engineering of fuzzy string matching algorithms". ISA Transactions. 113: 1–8. doi:10.1016/j.isatra.2020.10.014. ISSN 0019-0578. PMID 33092862. S2CID 225051510. Retrieved 29 January 2022.
21. Pikies, Malgorzata; Riyono, Andronicus; Ali, Junade (24 September 2020). "Novel Keyword Extraction and Language Detection Approaches". arXiv:2009.11832 [cs.CL].
22. Ali, Junade; Pikies, Malgorzata (2021). "Password Authentication Attacks at Scale". AETA 2019 - Recent Advances in Electrical Engineering and Related Sciences: Theory and Application. Lecture Notes in Electrical Engineering. Vol. 685. Springer International Publishing. pp. 394–403. doi:10.1007/978-3-030-53021-1_40. ISBN 978-3-030-53020-4. S2CID 224838150. Retrieved 29 January 2022.
23. "Find out if your password has been pwned—without sending it to a server". Ars Technica. Retrieved 24 May 2018.
24. "1Password bolts on a 'pwned password' check – TechCrunch". techcrunch.com. 23 February 2018. Retrieved 24 May 2018.
25. "1Password Integrates With 'Pwned Passwords' to Check if Your Passwords Have Been Leaked Online". Retrieved 24 May 2018.
26. Conger, Kate. "1Password Helps You Find Out if Your Password Is Pwned". Gizmodo. Retrieved 24 May 2018.
27. Condon, Stephanie. "Okta offers free multi-factor authentication with new product, One App | ZDNet". ZDNet. Retrieved 24 May 2018.
28. Coren, Michael J. "The world's biggest database of hacked passwords is now a Chrome extension that checks yours automatically". Quartz. Retrieved 24 May 2018.
29. Wagenseil I, Paul (5 February 2019). "Google's New Chrome Extension Finds Your Hacked Passwords". laptopmag.com.
30. "Google Launches Password Checkup Extension to Alert Users of Data Breaches". BleepingComputer.
31. Dsouza, Melisha (6 February 2019). "Google's new Chrome extension 'Password CheckUp' checks if your username or password has been exposed to a third party breach". Packt Hub.
32. Hunt, Troy (7 August 2020). "I'm Open Sourcing the Have I Been Pwned Code Base". Troy Hunt. Retrieved 29 January 2022.
33. Li, Lucy; Pal, Bijeeta; Ali, Junade; Sullivan, Nick; Chatterjee, Rahul; Ristenpart, Thomas (6 November 2019). "Protocols for Checking Compromised Credentials". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM. pp. 1387–1403. arXiv:1905.13737. Bibcode:2019arXiv190513737L. doi:10.1145/3319535.3354229. ISBN 978-1-4503-6747-9. S2CID 173188856.
34. Ali, Junade (4 March 2020). "Pwned Passwords Padding (ft. Lava Lamps and Workers)". The Cloudflare Blog. Retrieved 12 May 2020.
35. Adams, Carlisle (2021). Introduction to Privacy Enhancing Technologies. Springer. doi:10.1007/978-3-030-81043-6. ISBN 978-3-030-81042-9. S2CID 240157551. Retrieved 29 January 2022.
36. Choy, Min Chao (26 February 2021). "North Korean hackers breached sensitive defense network at Russian firm". NK PRO. Retrieved 29 January 2022.
37. Weisensee, Nils (2 April 2021). "North Koreans sharpen their cyberskills at online coding competitions". NK PRO.
38. Weisensee, Nils (25 May 2021). "North Korean websites go dark after botched server upgrade - NK News". NK News - North Korea News. Retrieved 29 January 2022.
39. Referenced in 13 articles from February 2021 to January 2022: https://www.nknews.org/?s=Junade+Ali
40. Weisensee, Nils (26 January 2022). "DDOS attack cuts off North Korea's internet after fifth missile test". NK PRO. Retrieved 29 January 2022.
41. Shull, Abbie. "North Korea recently disappeared from the internet for a little while, and it looks like it has happened again". Business Insider.
42. "North Korean Internet downed by suspected cyber attacks: Researchers". CNA.
43. Ward, Er; Thompson, Alex; Forgey, Quint. "The NSC's weekly Ukraine crisis club". Politico.
44. Smith, Josh (26 January 2022). "N.Korean internet downed by suspected cyber attacks -researchers". Reuters. Retrieved 2 February 2022.
45. "Seoul monitoring situation after N. Korea hit by suspected cyber attack". The Korea Herald. Yonhap. 27 January 2022. Retrieved 29 January 2022.
46. Greenberg, Andy. "North Korea Hacked Him. So He Took Down Its Internet". Wired. Retrieved 2 February 2022.
47. Smith, Josh (17 November 2022). "North Korea's internet temporarily knocked offline, researcher says". Reuters. Retrieved 29 January 2023.
48. Jowitt, Tom (17 November 2022). "North Korea's Internet Knocked Offline | Silicon UK Tech News". Silicon UK. Retrieved 29 January 2023.
49. Reddy, Shreyas (29 May 2023). "'Total internet outage' hits North Korea in possible attack, expert says". NK PRO. Retrieved 27 June 2023.
50. "Junade Ali". Retrieved 29 January 2022.
51. Anderson, Tim. "Report: 83% of UK software engineers suffer burnout, COVID-19 made it worse". The Register. Retrieved 29 January 2022.
52. Hughes, Owen. "Developers are exhausted. Here's what needs to change". ZDNet. Retrieved 29 January 2022.
53. Millman, Rene. "83% of developers suffer from burnout". IT PRO. Retrieved 29 January 2022.
54. Farrell, Nick. "Software reliability a key problem during 2021". fudzilla.com. Retrieved 29 January 2022.
55. Fadilpašić, Sead (1 October 2021). "Software reliability has become a bigger issue for developers". ITProPortal. Retrieved 29 January 2022.
56. Ali, Junade. "How to prevent developer burnout". Computer Weekly. Retrieved 29 January 2022.
57. Clark, Lindsay. "Three quarters of software engineers face retaliation for whistleblowing". The Register. Situation Publishing. Retrieved 5 December 2023.
58. Collins, Benedict (20 November 2023). "Retaliation, gagging, flawed oversight - Software engineers face backlash if they report wrongdoing". TechRadar. Retrieved 5 December 2023.
59. Woollacott, Emma (21 November 2023). "Workplace retaliation is stopping software engineers from speaking out over malpractice". ITPro. Retrieved 5 December 2023.
60. Mitchell, Sean. "Unethical activities found prevalent in UK software engineering industry". IT Brief UK. Retrieved 5 December 2023.
61. Turner, Graham (20 November 2023). "Report: Software Engineers Face Backlash for Reporting Wrongdoing". DIGIT. Retrieved 5 December 2023.
62. Carr, Mathew (1 December 2023). "More than half of software developers suspect wrongdoing at work; 75% receive retaliation for speaking out". CarrZee Carbon. Retrieved 5 December 2023.
63. Saran, Cliff. "Software engineers worry about speaking out - Computer Weekly". ComputerWeekly.com. Retrieved 5 December 2023.
64. Ali, Junade; Dyo, Vladimir (January 2021). "Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols". 2021 International Conference on Information Networking (ICOIN). pp. 181–185. doi:10.1109/ICOIN50884.2021.9333939. ISBN 978-1-7281-9101-0. S2CID 218889457.
65. Ali, Junade; Dyo, Vladimir (2020). "Practical Hash-based Anonymity for MAC Addresses". Proceedings of the 17th International Joint Conference on e-Business and Telecommunications. pp. 572–579. arXiv:2005.06580. doi:10.5220/0009825105720579. ISBN 978-989-758-446-6. S2CID 218629946. Retrieved 29 January 2022.
66. Ali, Junade (2016). Mastering PHP design patterns : develop robust and reusable code using a multitude of design patterns for PHP 7. Packt Publishing, Limited. ISBN 9781785887130. Retrieved 29 January 2022.