Cyber-crimes on the rise in MENA region

Friday 08/05/2015
A tool for all uses

LONDON - The Saudi-owned, pan- Arab daily al-Hayat was attacked in April by hack­ers calling themselves the Yemen Cyber Army. The hackers kept the influential London-based newspaper offline for several hours and uploaded a picture of Hezbollah leader Hassan Nasrallah with the caption, “We are waiting for you.”
A mere 24 hours before that, pro-Saudi hackers compromised the YouTube and Twitter accounts affiliated with the Iranian state-owned Arabic news channel Al- Alam and tweeted a fabricated item about the death of Houthi leader Abdul Malik al-Houthi. The hack­ers topped it off by uploading a video of Saudi King Salman stand­ing in front of the Saudi flag with a patriotic Saudi song playing in the background.
Although these cyber-attack ex­amples were relatively harmless, in the last few years the level of am­bition and sophistication of cyber-crime operations have resulted in significant disruptions.
In August 2012 the world’s big­gest oil and gas company, Saudi Aramco, fell victim to a modified malware virus that infected 30,000 of the firm’s computers. The Sham­oon virus, which took Aramco ten days to eradicate, was courtesy of a politically motivated group calling itself the Cutting Sword of Justice, which US investigators say is tied to Iran, according to a report in the Wall Street Journal.
About the same time, Qatar’s RasGas was hit with the same vi­rus.
Cyber-crime is on the rise in the Middle East with a reported 37% of economic crimes attributed to computer-based operations. Cyber-crimes are the second most common form of economic crime reported, with the most widespread attempts coming via applications, systems and net­works. Mobile devices, remov­able storage devices and data held by third parties are also at significant risk, according to the PwC Middle East Economic Crime Survey.
This new reality, ushered in by the two 2012 major attacks, has prompted regional govern­ments to address the growing threat. The UAE introduced new cyber-crime laws, while Saudi Arabia enacted the 2012 Arab Cybercrime Agreement.
According to Saudi cy­ber laws, if an individual or group knowingly accesses a government network without authorisation, par­ticularly if the information accessed has national se­curity implications, this could lead to a $1.3 million fine and up to ten years in prison; the same pen­alty as for charges of supporting terrorism through the internet.
In terms of regional threats to the Gulf Cooperation Council (GCC), cyber-warfare is becoming a pre­ferred method. Iran for example, in just a few short years has gone from having grade D level capabili­ties to almost the same standard of sophistication of that of China and Russia, according to ana­lysts.
Even the Islamic State (ISIS), arguably the most tech-savvy mili­tant organisation, is in on the cyber-action, although its activities have been mostly re­stricted to Europe and the United States.
Ghareeb Saad, a sen­ior security researcher at Kaspersky Lab, an an­tivirus and internet se­curity software firm, told The Arab Weekly that po­litically motivated cyber-attacks were on the rise regionally.
“These attacks aim to steal politically sensitive information, intelligence or to track and monitor users who are of political inter­est to the hackers,” he said. “These types of attacks de­pend on something called ‘social engineering’, which is not a technically advanced attack but is a method where users are duped into down­loading files or following links that lead to their computer or network getting compro­mised.”
In terms of the financial cost of cyber-crimes in MENA region, Saad told The Arab Weekly, “In the last few years, especially with the trend of using online bank­ing and shopping, cyber-attacks caused by banking Trojans and spamming attacks have increased, causing significant financial losses to end-users, while the damage to enterprises and business has been massively increasing, we have been monitoring multiple attacks on banks, which has actually led to millions of dollars being stolen.”
The cyber-security expert em­phasised the negative ramifications go beyond the monetary and that damage to the business entity’s reputation might be irreversible.
“If you are using online banking and you are on the receiving end of a cyber-crime, the probability of you continuing banking through the internet after that experience is very slim.
This is more damaging to busi­nesses then just financial losses,” Saad said. In terms of awareness, governments in the MENA region have become wise, according to Saad.
“They are moving in the right direction and are adopting secu­rity solutions and policies to im­prove the safety of their networks. Governments are also building their own computer emergency response teams to tackle potential cyber-attacks,” he added.