Cyber-crimes on the rise in MENA region
LONDON - The Saudi-owned, pan- Arab daily al-Hayat was attacked in April by hackers calling themselves the Yemen Cyber Army. The hackers kept the influential London-based newspaper offline for several hours and uploaded a picture of Hezbollah leader Hassan Nasrallah with the caption, “We are waiting for you.”
A mere 24 hours before that, pro-Saudi hackers compromised the YouTube and Twitter accounts affiliated with the Iranian state-owned Arabic news channel Al- Alam and tweeted a fabricated item about the death of Houthi leader Abdul Malik al-Houthi. The hackers topped it off by uploading a video of Saudi King Salman standing in front of the Saudi flag with a patriotic Saudi song playing in the background.
Although these cyber-attack examples were relatively harmless, in the last few years the level of ambition and sophistication of cyber-crime operations have resulted in significant disruptions.
In August 2012 the world’s biggest oil and gas company, Saudi Aramco, fell victim to a modified malware virus that infected 30,000 of the firm’s computers. The Shamoon virus, which took Aramco ten days to eradicate, was courtesy of a politically motivated group calling itself the Cutting Sword of Justice, which US investigators say is tied to Iran, according to a report in the Wall Street Journal.
About the same time, Qatar’s RasGas was hit with the same virus.
Cyber-crime is on the rise in the Middle East with a reported 37% of economic crimes attributed to computer-based operations. Cyber-crimes are the second most common form of economic crime reported, with the most widespread attempts coming via applications, systems and networks. Mobile devices, removable storage devices and data held by third parties are also at significant risk, according to the PwC Middle East Economic Crime Survey.
This new reality, ushered in by the two 2012 major attacks, has prompted regional governments to address the growing threat. The UAE introduced new cyber-crime laws, while Saudi Arabia enacted the 2012 Arab Cybercrime Agreement.
According to Saudi cyber laws, if an individual or group knowingly accesses a government network without authorisation, particularly if the information accessed has national security implications, this could lead to a $1.3 million fine and up to ten years in prison; the same penalty as for charges of supporting terrorism through the internet.
In terms of regional threats to the Gulf Cooperation Council (GCC), cyber-warfare is becoming a preferred method. Iran for example, in just a few short years has gone from having grade D level capabilities to almost the same standard of sophistication of that of China and Russia, according to analysts.
Even the Islamic State (ISIS), arguably the most tech-savvy militant organisation, is in on the cyber-action, although its activities have been mostly restricted to Europe and the United States.
Ghareeb Saad, a senior security researcher at Kaspersky Lab, an antivirus and internet security software firm, told The Arab Weekly that politically motivated cyber-attacks were on the rise regionally.
“These attacks aim to steal politically sensitive information, intelligence or to track and monitor users who are of political interest to the hackers,” he said. “These types of attacks depend on something called ‘social engineering’, which is not a technically advanced attack but is a method where users are duped into downloading files or following links that lead to their computer or network getting compromised.”
In terms of the financial cost of cyber-crimes in MENA region, Saad told The Arab Weekly, “In the last few years, especially with the trend of using online banking and shopping, cyber-attacks caused by banking Trojans and spamming attacks have increased, causing significant financial losses to end-users, while the damage to enterprises and business has been massively increasing, we have been monitoring multiple attacks on banks, which has actually led to millions of dollars being stolen.”
The cyber-security expert emphasised the negative ramifications go beyond the monetary and that damage to the business entity’s reputation might be irreversible.
“If you are using online banking and you are on the receiving end of a cyber-crime, the probability of you continuing banking through the internet after that experience is very slim.
This is more damaging to businesses then just financial losses,” Saad said. In terms of awareness, governments in the MENA region have become wise, according to Saad.
“They are moving in the right direction and are adopting security solutions and policies to improve the safety of their networks. Governments are also building their own computer emergency response teams to tackle potential cyber-attacks,” he added.