Mustafa Al-Bassam

From Wikipedia, the free encyclopedia

Mustafa Al-Bassam
2017-12-27 Mustafa Al-Bassam 7793.jpg
Mustafa Al-Bassam giving a talk at the 34th Chaos Communication Congress (2017)
BornJanuary 1995 (age 28)
Other namestflow
Alma mater
AwardsForbes 30 Under 30
Scientific career
FieldsComputer science
ThesisSecurely scaling blockchain base layers (2020)
Doctoral advisorGeorge Danezis

Mustafa Al-Bassam (born January 1995) is a British computer security researcher, hacker, and co-founder of Celestia Labs.[1] Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches.[2][3] He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019.[4][5] In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers.[6] In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.[7]

Early life and education[edit]

Al-Bassam was born in Baghdad, Iraq in January 1995, and migrated to London, United Kingdom when he was five years old.[8] He received a BSc in Computer Science from King's College London,[9][10] and is currently a PhD student[needs update?] at University College London.[11]


In 2011 as a 16 year old teenager, Al-Bassam was one of the six core members of LulzSec during its 50-day hacking spree, going by the alias "tflow". The group used denial-of-service attacks and compromised a number of high profile organizations and corporations, including Sony, Fox, News International, Nintendo and the CIA.[3]

He was also affiliated with the online association of hacktivists known as Anonymous, where he was involved with the hacking of emails from HBGary Federal, an intelligence contractor for the U.S. government.[12] The emails revealed that HBGary Federal was working to develop astroturfing software to create an "army" of fake social media profiles,[13] and was hired by the U.S. Chamber of Commerce to spy on and smear political opponents with fake documents and communications.[14] As a result, members of the U.S. Congress called for an investigation into HBGary Federal.[14]

Arrest and legal proceedings[edit]

On 20 July 2011, it was announced on Fox News and other press outlets[15][16][17] that London's Metropolitan Police had arrested a 16-year-old student in London who was alleged to have used the nickname "Tflow" in a series of high-profile attacks on,[18] the FBI affiliate "Infragard",[19] PBS[20][21] and Sony.[22] For legal reasons, his name could not be disclosed for nearly two more years. On 9 April 2013, Tflow's full name was revealed along with his picture on multiple news outlets throughout the Internet.[23] He pleaded guilty to computer misuse and received a 20-month suspended sentence with 320 hours of unpaid community service work.[24] A nearly two-year internet ban imposed by police has since expired.[25][26]

Career and research[edit]

Distributed ledgers[edit]

Al-Bassam has published research on scaling blockchains and cryptocurrencies.[27] He contributed to the design and implementation of Chainspace, a blockchain protocol that makes use of sharding to increase transaction throughput.[28] Chainspace was later spun-out into a commercial company he co-founded, and was then acquired by Facebook in 2019 to become a part of the Libra project.[4][5] Al-Bassam has since been critical of Libra, stating that "the road to dystopia is paved with good intentions, and I'm concerned about Libra's model for decentralization".[4]

Privacy and surveillance[edit]

In 2014 Al-Bassam volunteered for Privacy International,[2] where he released research on the computer destruction techniques that GCHQ used when forcing journalists at The Guardian's London headquarters to destroy the computers on which they stored copies of classified documents provided by NSA whistleblower Edward Snowden.[29]

In an article for Motherboard, he revealed that GCHQ's Joint Threat Research Intelligence Group (JTRIG), had been involved with online sockpuppetry by creating a series of fake Twitter accounts and an URL shortener which was used as a honeypot for dissidents during the Arab spring, having been targeted by JTRIG himself.[30]

Awards and honours[edit]

In 2016, Al-Bassam was listed in the Forbes 30 Under 30 in the technology section for his work on uncovering government surveillance.[7]


  1. ^ "Celestia". Retrieved 29 August 2022.
  2. ^ a b Coleman, E. Gabriella, 1973- (2014). Hacker, hoaxer, whistleblower, spy : the many faces of Anonymous. London. ISBN 9781781685839. OCLC 890807781.{{cite book}}: CS1 maint: multiple names: authors list (link)
  3. ^ a b Robertson, Adi (16 May 2013). "LulzSec hackers sentenced to between one and three years in prison by UK court". The Verge. Retrieved 21 July 2019.
  4. ^ a b c Field, Matthew (26 June 2019). "The tiny UK start-up founded by UCL scientists now at the heart of Facebook's Libra currency". The Telegraph. ISSN 0307-1235. Retrieved 21 July 2019.
  5. ^ a b "Facebook Makes First Blockchain Acquisition With Chainspace: Sources". Cheddar. Retrieved 21 July 2019.
  6. ^ "Mustafa Al-Bassam - Research Homepage". Retrieved 29 August 2022.
  7. ^ a b "Mustafa Al-Bassam". Forbes. Retrieved 21 July 2019.
  8. ^ Miller, Carl (Researcher on social media) (2018). The death of the gods : the new global power grab. London. ISBN 9781785151330. OCLC 1051237704.
  9. ^ Bano, Shehar, Mustafa Al-Bassam, and George Danezis. "The road to scalable blockchain designs." USENIX; login: magazine (2017).
  10. ^ "Cyber defence unit 'may use hackers'". 22 October 2013. Retrieved 21 July 2019.
  11. ^ "Despite high-profile hacks, companies still aren't behaving securely: ex-LulzSec hacker". Retrieved 21 July 2019.
  12. ^ Bright, Peter (10 March 2012). "With arrests, HBGary hack saga finally ends". Ars Technica. Retrieved 21 July 2019.
  13. ^ Monbiot, George (23 February 2011). "The need to protect the internet from 'astroturfing' grows ever more urgent | George Monbiot". The Guardian. ISSN 0261-3077. Retrieved 21 July 2019.
  14. ^ a b Fogarty, Kevin (4 March 2011). "Congress eyes dirty tricks from HBGary, Chamber of Commerce". ITworld. Retrieved 21 July 2019.
  15. ^ "Leading Member of LulzSec Hacker Squad Arrested in London". Fox News. 19 July 2011. Retrieved 30 October 2013.
  16. ^ Bright, Peter (20 July 2011). "FBI arrests 16 Anons across US; UK police pick up LulzSec member". Ars Technica. Retrieved 30 October 2013.
  17. ^ "Hacker Arrests May Have Included Core Member Of LulzSec". Forbes. 19 July 2011. Retrieved 30 October 2013.
  18. ^ " Hacked By Group Lulz Security". 10 May 2011. Retrieved 30 October 2013.
  19. ^ Satter, Raphael G. (5 June 2011). "LulzSec Hackers Claim Breach Of FBI Affiliate Infragard Atlanta". Retrieved 30 October 2013.
  20. ^ "PBS website hacked, defaced after WikiLeaks documentary evokes online ire". 30 May 2011. Retrieved 30 October 2013.
  21. ^ "Sites Hacked; Readers' Data Not Compromised". PBS NewsHour. 30 May 2011. Retrieved 30 October 2013.
  22. ^ Albanesius, Chloe (3 June 2011). "Sony LulzSec Hack: What You Need to Know". Retrieved 30 October 2013.
  23. ^ "Mustafa Al-Bassam". Retrieved 30 October 2013.
  24. ^ How I Hacked The US Government Aged 16 | Minutes With | @LADbible TV, retrieved 11 September 2021
  25. ^ "Mustafa Al-Bassam (musalbas) on Twitter". Retrieved 30 October 2013.
  26. ^ "Were you banned from the internet for two years like Jake Davis? |". Archived from the original on 31 October 2013. Retrieved 30 October 2013.
  27. ^ "Mustafa Al-Bassam - Google Scholar Citations". Retrieved 21 July 2019.
  28. ^ Al-Bassam, Mustafa; Sonnino, Alberto; Bano, Shehar; Hrycyszyn, Dave; Danezis, George (2018). "Chainspace: A Sharded Smart Contracts Platform" (PDF). Proceedings 2018 Network and Distributed System Security Symposium. San Diego, CA: Internet Society. doi:10.14722/ndss.2018.23241. ISBN 9781891562495. S2CID 1360317.
  29. ^ McLaughlin, Jenna (26 August 2015). "The Way GCHQ Obliterated The Guardian's Laptops May Have Revealed More Than It Intended". The Intercept. Retrieved 21 July 2019.
  30. ^ Al-Bassam, Mustafa (29 July 2016). "British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents". Vice. Retrieved 21 July 2019.