SlideShare une entreprise Scribd logo

21st Century Threats and Middle East Dilemma

Mohamed N. El-Guindy
Mohamed N. El-Guindy

The document discusses cyber threats facing the Middle East in the 21st century. It outlines vulnerabilities in the region's ICT infrastructure and maturity levels. Major threats discussed include targeted attacks like Stuxnet, politically motivated hacktivism during the Arab Spring, and the growing cybercrime underground market. The region faces risks from threats tailored to its infrastructure and from being used as a launch point for global attacks due to vulnerabilities. Stronger security practices, regulations, and expertise are needed to protect critical systems and address cyber issues in the Middle East.

TechnologieBusiness
1  sur  23
Télécharger pour lire hors ligne
21st Century Cyber Threats and the Middle East Dilemma
21st Century Cyber Threats and the Middle East Dilemma 21st Century Cyber Threats and The Middle East Dilemma
21st Century Cyber Threats and the Middle East Dilemma Contents 4 5 7 8 8 9 21 24 26 26 27 28 29 12 11 Summary The state of ICT infrastructure in MENA Middle East ICT vulnerabilities Top 2011 Cyber threats and the Middle East Targeted Attacks Stuxnet Worm Politically motivated attacks Cybercrime and Underground Market Hardware Trojans and Digital Espionage Syrian Radars and Kill Switch Technology Satellite lost in Space US Chips will be controlled by the Pentagon Surveillance Systems Conclusion Credits
21st Century Cyber Threats and the Middle East Dilemma Summary By the end of the 20th century and the beginning of the 21st century, the Internet and cyberspace become major players in our daily lives. The globe is now connected from home users who just use computers for simple tasks to governments that implement ICT in critical infrastructure to cyber criminals, cyber warriors, and satellites. MENA countries will invest more in ICT and these investments will increase the broadband user base as prices will drop down. Cyberspace started to shape societies and introduced new tools and ideas that will change even the maps of the Middle East. But Is the Middle East ready to face the new cyber threats of the 21st century? In this whitepaper, we will understand the latest threats of cyberspace and their effect on the Middle East and North African countries.
21st Century Cyber Threats and the Middle East Dilemma The state of ICT infrastructure in MENA According to the latest research and reports1, there is huge investment in ICT infrastructure in the Middle East. But not all countries have the same maturity level of ICT readiness. Few countries are ranked at high maturity level such as UAE and others are ranked low such as Algeria. There is also big difference between ICT maturity level and ICT readiness. Some countries have good ICT infrastructure but low ICT readiness due to people readiness, awareness or government readiness in ICT. But there are two facts worth mentioning: 1- Most MENA countries trail behind rest of the world in ICT readiness 2- Most GCC2 members continue to progress in ICT readiness Fig.1 ICT Readiness in MENA 1 2 http://www.escwa.un.org/information/publications/edit/upload/ictd-09-12.pdf Gulf Cooperation Council
21st Century Cyber Threats and the Middle East Dilemma MENA countries invested billions of dollars in ICT applications and implementation until they become more reliant on it. Critical ICT infrastructure becomes part of their national security that is why security and protection for this infrastructure is becoming more important. Egypt for example spends LE 40 billion annually on Telecom industry. Over all telecommunication spending in the Middle East will rise to $395 billion in 2013, gowning at a 12.1% compound annual rate, the fastest growth in terms of percentage of any region3. Although few countries in GCC are investing in new ICT infrastructure, many other countries in the region have old infrastructure. Egypt for example has the oldest ICT infrastructure controlled by Egypt Telecom Company for over 150 years. But the advancement in ICT readiness and country’s maturity level are low and progressing slowly. However it is ranked number one in Africa for internet penetration according to number of population4. Fig.2 ICT Maturity level in MENA5 3 4 5 www.tiaonline.org http://www.internetworldstats.com UN: ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA
21st Century Cyber Threats and the Middle East Dilemma One of the obstacles in countries like Egypt is the monopoly and high level corruption6 that makes progression slow due to the nature of how policymakers are thinking of implementing advanced technology inside country’s infrastructure. But there is one common factor among MENA countries which is business first… This way of thinking leaves ICT infrastructure in the region vulnerable to all types of attacks and cyber threats. Middle East ICT vulnerabilities Implementation of ICT applications and growth of user base in the region are among the highest in the world. But there are always vulnerabilities when it comes to technology and people. People mistakes are the biggest vulnerabilities in the region in addition to poor or absent regulations and ICT expertise. Well-known vulnerabilities in MENA concluded as follows: - Poor awareness programs at individuals, corporations, and government levels Poor or absent cybercrime regulations Centralized ICT infrastructure and monopoly Off-the-Shelf technology and solutions Lack of skilled law enforcement and emergency teams Poor information security education for IT students Poor standards or lack of compliance with international standards for information security such as PCI, ISO27001 The attack vector will increase; and the Middle East will become big target and source for cybercrime in the upcoming years. Without doubt our region will face a lot of problems for implementing advanced ICT solutions without security in mind. Powering critical infrastructure with off-the-shelf solutions, importing low quality and untrusted hardware and solutions will increase number of incidents in MENA. But unfortunately there is no transparency in the availability of information related to the incidents occurred in the Middle East; and there are no specific laws for such problem. That is why experts in the region think that we are safer than rest of the world as number of incidents is not efficiently traced or recorded. But this is false security. 6 www.transparency.org
21st Century Cyber Threats and the Middle East Dilemma Top 2011 Cyber threats and the Middle East Hiding the problem is the biggest problem. We need to understand and address our cyber security problems to find suitable solutions. We will spot major cyber threats and cyber attacks started at the end of 20th century and beginning of 21st century and their relation to the Middle East region. Our inspection in such attacks and threats will give an overview for the attack vector in the upcoming years and how it might affect critical infrastructure, individuals, and corporations in MENA. Targeted Attacks Targeted7 attacks are developed for or directed at specific individual, government, sectors, or corporation. In this type of attack, cyber criminals need to gather information about specific target to find vulnerabilities that could be exploited during the attack session. Targeted attack is big topic in information security including many types of cyber threats from targeted phishing attack to critical infrastructure attacks. One obvious and sophisticated example of these targeted attacks is (Stuxnet Worm) which discovered in July 2010 and targeted Iran Uranium enrichment facilities. 7 http://www.symantec.com/connect/blogs/new-targeted-attack-exploiting-libyan-crisis
21st Century Cyber Threats and the Middle East Dilemma Stuxnet Worm Many experts believe that this worm is built specifically to target the SCADA8 systems of either Bushehr reactor9 or the Uranium enrichment plant in Natanz and both in Iran. Stuxnet was designed to target its attack on particular industry control systems—specifically, programmable logic Controllers (PLCs)—and to change the code to modify the frequency converter drives of the controller10. This was the first worm designed to target specific SCADA system. It is believed that it was a government-backed work between USA, Europe and Israel. Fig.3 Stuxnet infection mechanism using USB drive 8 SCADA 9 http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant http://www.symantec.com/connect/blogs/stuxnet-breakthrough 10
21st Century Cyber Threats and the Middle East Dilemma Stuxnet is very dangerous type of attack as it targets systems that might affect human lives if it fails. If this worm code is now on the wild, it might be used by terrorists and organized cybercrime gangs and it might open new door to cyber terrorism and Cyberwar11. Fig.4 Stuxnet Infections by country. Source Symantec In the upcoming months or years we might see new variants to Stuxnet and we don’t know who will be the next target in the region. SCADA systems are used in many countries to control water purification systems, Electrical grid, nuclear power generation etc. After Fukushima crisis in Japan, many western countries such as Germany started a plan to stop using nuclear reactors. But in our region other countries such as Saudi Arabia started to import nuclear facilities12. While USA supports13 Saudi Arabia’s project to use nuclear reactors, we can’t see this as safe step in the 21st century. 11 http://netsafe.me/2010/09/27/stuxnet-worm-is-it-a-real-cyber-war http://www.thenational.ae/business/energy/saudi-arabia-in-agreement-to-explore-nuclear-power 13 http://www.america.gov/st/peacesec-english/2008/May/20080516160353idybeekcm0.3394586.html 12
21st Century Cyber Threats and the Middle East Dilemma What will happen if something like Stuxnet is capable of creating new Fukushima in MENA14? There is lack of expertise in the region especially when it comes to SCADA systems that should make us think twice before implementing advanced technology solutions in our critical infrastructure. These technologies need to be protected and examined for any vulnerability. And we need to educate our workforce on how to deal with this advanced technology as any failure in these systems might endanger human lives. We believe that Cyberwar and cyber terrorism in the 21st century will have global effect and even will be used as effective methods instead of real physical attacks. If SCADA systems will be used we suggest the following mitigation15: - SCADA systems should be isolated from other networks, placed in DMZ Limiting access to this system over the internet is recommended If limiting access is not possible, specific traffic or protocol connections should only be allowing to communicate with SCADA systems IPSec and VPNs should be used Endpoint security products, vulnerability assessments and management solutions should be in place Compliance with Information systems security management standards such as ISO27002, NIST, and ISA-TR99.00.01200416 Log auditing is important IDS and monitoring system should be used to prevent attacks Implementing SCADA protocols17 14 http://rothkopf.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet_the_growing_thr eat_of_cyber_war 15 Securing SCADA Systems, Ronald L. Krutz, PhD. WILEY publishing 16 www.isa.org 17 http://www.isa.org/journals/intech/TP04ISA048.pdf
21st Century Cyber Threats and the Middle East Dilemma Politically motivated attacks18 Politically motivated attacks are one of the rising threats in 2011. The conflicts in Middle East region increased the number of politically motivated attacks or Hacktivism. Anonymous19 is one of the well-known examples for Hacktivism. They started to hit infrastructure of major payment companies such as PayPal, MasterCard and VISA, following their war on Wikileaks20. In the Middle East, Anonymous attacked government websites during Arab spring21 to support protests. Their attacks organized using DDoS attack against many government websites and infrastructure started by Operation Tunisia22 to Egypt23, Libya, and Syria. There are many examples of politically motivated attacks in the Middle East such as: - Attacks related to Bin Laden death24 This could be utilized with any other figure or political party Aljazeera TV channel Website attack25 Mass emailing during Arab spring26 Website defacement across the region27 Even scammers are taking advantage of Arab uprising in Egypt28 and Libya29. 18 http://netsafe.me/2011/03/02/cyber-attacks-and-politics-in-the-middle-east 19 http://en.wikipedia.org/wiki/Anonymous_(group 20 http://netsafe.me/2010/12/04/the-war-on-wikileaks%e2%80%a6 http://en.wikipedia.org/wiki/Arab_Spring http://netsafe.me/2011/01/04/operation-tunisia 21 22 23 24 http://netsafe.me/2011/01/27/operation-egypt-internet-as-a-battlefield http://netsafe.me/2011/05/07/bin-laden-killed-evil-appears-online http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracymovement-in-egypt/s2/a542649 26 http://blog.commtouch.com/cafe/email-marketing/mass-emailings-support-change-in-egypt-andnow-syria 27 http://www.thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html 28 http://www.symantec.com/connect/blogs/419-scammers-taking-advantage-egypts-revolution 29 http://www.symantec.com/connect/blogs/419-spammers-taking-advantage-libyan-unrest 25
21st Century Cyber Threats and the Middle East Dilemma Unfortunately there is a very thin line between pure Hacktivism and cyber attacks driven by governments such attack was conducted by Tunisian government against protesters during Tunisian uprising30. Fig.5 Man in the Middle Attack by Tunisian Government Syrian government also used the same technique but with fake SSL certificate31. The relation between Syrian regime and Iran might create a link between the Comodo hacker32 and the technique used by Syrian government to attack their users. We think these types of attacks will increase in the upcoming years. 30 http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernamesand-passwords 31 http://netsafe.me/2011/05/08/syrian-government-internet-enemy-and-cybercriminal 32 http://www.computerworld.com/s/article/9215245/Solo_Iranian_hacker_takes_credit_for_Comodo_cer tificate_attack
21st Century Cyber Threats and the Middle East Dilemma Cybercrime and Underground Market Underground cybercrime markets such as underground forums, social networks, IRC are growing threats in 2011. It is creating private relation between the buyer and the seller and online payment or WebMoney might be used to complete the deal. One of the well-known services offered at underground markets are Botnets which can be hired per service per time. It can be used to launch DDoS attack, Install malware, or spam service. Due to lack of security measures, poor security awareness and other ICT vulnerabilities in the Middle East, we can see large attacks targeted the region from underground market. Attackers in Russia or china might use Botnets and infected machines in Middle East to launch attacks in either Middle East or in other region across the globe! According to NetWitness33 company, Egypt and Saudi Arabia are the worst countries affected by a "dangerous new" Botnet that has control of 75,000 systems around the world. Also Saudi Arabia is ranked first spam source in the Middle East34. The Zeus35 Crimeware toolkit is one of the famous tools and Botnets available on black markets. This Crimeware is known to be guilty of 44% of the banking malware infections36. The advancement of technology makes it easy for unskilled or Script kiddies to conduct a sophisticated attack or even create very complicated malware using virus production tools and underground Crimeware that even avoid AV detection37. Such tools make cybercrime easier and make it hard to trained law enforcement, emergency teams and cyber security professional, that it is big reason to think twice about the situation38 in the Middle East39. 33 http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet http://www.alarabiya.net/articles/2010/11/10/125626.html 35 http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits 36 http://www.ecommerce-journal.com/news/18221_zeus_increasingly_avoids_pcs_detection 37 http://mobile.eweek.com/c/a/Security/Exploit-Toolkits-Software-That-Makes-CyberCrime-Easier411813 38 http://www.ameinfo.com/250282.html 39 http://www.outlookseries.com/A0996/Security/3957_Jeremy_Freeman_IronKey_CyberCriminals_Middle_East_Banks_ZeuS_SpyEye_OddJob_Sunspot_Jeremy_Freeman.htm 34
21st Century Cyber Threats and the Middle East Dilemma Fig.6 Spy Eye Crimeware (Source: Symantec40) When we take a look at Microsoft Security Intelligence Report, we can find that Middle East infections by Trojans, worms and other Crimeware is among the highest in the world. Fig.7 Malware infections in Egypt (Microsoft SIR41) 40 41 http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot http://www.microsoft.com/security/sir/default.aspx
21st Century Cyber Threats and the Middle East Dilemma Hardware Trojans and Digital Espionage Hardware Trojans42 are new and emerging threats that will change the face our digital life. Hardware Trojans refer to alteration of hardware, that could, under specific conditions, result in functional changes of the system. It can also be used as Time Bomb Trojan to disable system at future time. Hardware Trojans can also leak confidential information over a secrets channel when certain conditions are being met to trigger the Trojan. With all the electronics that are used in our daily lives from consumer electronics to mobile phones and devices in governments and military, we are in serious risk of hardware Trojans. Globalization and chip manufacturing in countries with special motivations such as China will increase the problem of hardware Trojans and digital espionage. Hardware such as chips, ICs or FPGAs can be altered at manufacturing or design time. A group of engineers had successfully demonstrated this threat43. These types of threats are not easy to be detected especially in countries such as in the Middle East. Syrian Radars and Kill Switch Technology An obvious example to this hardware Trojan threat which also called “Kill Switch Technology” Is the 2007 Israeli Air Force attack on a suspected44, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Syrian government officials said that it was a jamming system and an error in the radar systems which made them blind. But according to IEEE and NY Times, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 820045. 42 43 44 45 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5340158 http://vimeo.com/1437702 http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch http://www.nytimes.com/2009/10/27/science/27trojan.html?pagewanted=1
21st Century Cyber Threats and the Middle East Dilemma Satellite lost in Space On 23 October 2010, The NARSSS46 in Egypt announced that it lost control and communications with its remote sensing satellite (EgyptSat 1) since July 201047. However the satellite still can be tracked online using this link: http://www.n2yo.com/?s=31117 Egyptian government always purchases ready-made satellites such as Nile Sat. But EgyptSat 1 was the countries’ first scientific research satellite to be jointly48 built by Egypt with the Yuzhnoye Design Bureau in Ukraine49 and was launched onboard at Dnepr50 rocket on 17 April 2007. Although there is no evidence that this was an example of “Hardware Trojans”, many experts in Egypt failed to scientifically explain why the satellite disappeared51. Other Egyptian sources and experts suggested that the satellite was hijacked by Israel52. This type of technology is available for those who can afford it and the technical specifications of this type of satellite are not hard to obtain53. Scientists believed that Israel has long been the most advanced in the Middle East when it comes to aerospace arena54. Despite this fact, we can’t consider it as a hard evidence for satellite hijacking. 46 47 http://www.narss.sci.eg http://www.masrawy.com/News/Egypt/Politics/2010/october/23/sat.aspx 48 http://www.nkau.gov.ua/nsau/catalogNEW.nsf/proectE/3B41E4935D67F084C2256F2A003356A1?Op enDocument&Lang=E 49 http://www.yuzhnoye.com/index.php?lang=en 50 http://en.wikipedia.org/wiki/Dnepr-1 51 http://www.masrawy.com/News/Egypt/Politics/2010/october/25/satalight.aspx?ref=rss 52 http://www.alarab.com.qa/details.php?docId=155738&issueNo=1042&secId=15 53 https://directory.eoportal.org/get_announce.php?an_id=10001889 54 http://www.aiaa.org/aerospace/images/articleimages/pdf/Aerospace%20in%20Middle%20East_APR20 091.pdf
21st Century Cyber Threats and the Middle East Dilemma US Chips will be controlled by the Pentagon US started to manufacture chips55 which will be used in critical infrastructure and military in secure American companies controlled by the Pentagon to avoid hardware Trojans. There is currently cold Cyberwar between major players in the world such as US, China and Russia. Few evidences have been discovered tell the story about the true Cyberwar and digital espionage. The Sunday Times published an article in 2009 claimed that Chinese hackers are using ghost network to control embassy computers56. The Information Warfare57 Monitor website published an investigation for cyber espionage 2.0 which tells the complete story for evidence of cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Reports claimed that Huawei, a telecoms company run by the former director of the telecoms research arm of the Chinese Army might be involved in the attack. But the Chinese government denied involvement in such attacks58. Most technologies in MENA countries even in government and military are manufactured in China. They are importing all types of electronics to the market without inspection, analysis, or even quality assurance. This for sure will open the door to digital intelligence, economic and military espionage and we should be worry about protection of our critical infrastructure and even human privacy in the 21st century. 55 http://www.eecs.umich.edu/~imarkov/pubs/jour/DAC.COM-TrustedICs.pdf http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece 57 http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyberespionage-2-0 58 http://www.thefirstpost.co.uk/46883,news-comment,news-politics,china-denies-involvement-inghostnet-cyber-attacks 56
21st Century Cyber Threats and the Middle East Dilemma Surveillance Systems Surveillance systems are part of the digital espionage game and it plays an important role in politics, economy, and military. When countries in MENA region are importing advanced software59, devices or solutions to spy on their citizens, who could make sure that these devices are not themselves spying machines on the governments they use? United States and other European countries are cooperating in so called global wiretapping project (Echelon)60. This project contains nodes or black boxes installed at telecom carriers and ISPs to provide Deep Packet Inspection, traffic analysis and monitoring systems. It includes surveillance networks61 around the globe and satellite systems. Fig.8 NSA Surveillance System (Part of Echelon)62 59 60 61 62 http://www.f-secure.com/weblog/archives/00002114.html http://en.wikipedia.org/wiki/Echelon_(signals_intelligence http://www.nsawatch.org/networks.html www.nsawatch.org
21st Century Cyber Threats and the Middle East Dilemma Part of NSA system is based on NARUS63 solution which used by Egyptian government during the uprising to monitor traffic and block twitter and facebook64. It was easily implemented in MENA countries due to the nature of centralized ICT infrastructure and believed to be used back in 200565 to block VoIP services when it was not allowed by most MENA countries. NARUS also provided the surveillance solution to Libya66. Unfortunately, most countries in the region are using western technologies to censor or monitor internet traffic according to OpenNet initiative67. It is believed that the surveillance solutions provided to Middle East countries especially NARUS is just small part and not the entire solution. While these technologies didn’t prevent anything in real life scenarios and didn’t prevent people from accessing website or even organizing protests and other activities, we think that it open door for digital espionage in the Middle East. Fig.9 NARUS system installed at ISP68 63 http://richardbrenneman.wordpress.com/2011/01/29/mubaraks-israeli-created-internet-spyware http://en.wikipedia.org/wiki/Narus 65 http://spectrum.ieee.org/telecom/internet/the-voip-backlash 66 http://www.levantinecenter.org/levantine-review/articles/how-western-corporations-have-beenhelping-arab-tyrants 67 http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011 68 http://blogs.law.harvard.edu/surveillance 64
21st Century Cyber Threats and the Middle East Dilemma Conclusion Middle East governments need to address their ICT vulnerabilities before it is too late. Technology is faster than ever and the upcoming years will bring new cyber threats such as hardware Trojans, cyber armies, Cyberwar, and critical ICT infrastructure attacks that might affect human lives. Although many governments in the region are still using policing techniques such as old spying techniques from dark ages to control everything, they don’t understand that the attacks may come from inside their computers! MENA countries need to pay attention to all imported technologies, hardware, devices, and solutions. Security first! Cyber security is not the work of individuals, corporations, or governments. It is everyone’s responsibility. Governments need new strategies for awareness, and regulations. They need to enforce freedom of speech, transparency, and improve the education system at all levels. Education is the key in the 21st century
21st Century Cyber Threats and the Middle East Dilemma Credits Published 19 June 2011 Author Mohamed N. El Guindy ASK PC Academy, President ISSA Egypt Chapter, Founder & President elguindy@ieee.org elguindy@bcs.org
21st Century Cyber Threats and the Middle East Dilemma About ASK PC Academy ASK PC is an information technology training provider working in MENA region with registered offices in the UK and Middle East. ASK PC is providing IT training solutions corporate, governments, and individuals around the Middle East. It offers the highest quality services and internationally recognized IT qualifications in partnership with reputable international organizations to name few, the Institute of Electrical and Electronics Engineers (IEEE), the Chartered Institute for IT (BCS), Information Systems Security Association. Learn more about ASK PC services In English: www.askpc.net In Arabic: www.ask-pc.com For specific country offices and partners, please visit our websites. Copyright © 2011 ASK PC. All rights reserved. ASK PC and ASK PC Logo are trademarks or registered trademarks of ASK PC. Other mentioned names may be trademarks of their respective owners

Recommandé

Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
 
114-116
114-116114-116
114-116IKERIONWU FREDRICK
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030Scott Dickson
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 

Recommandé

Cyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastCyber Crime Challenges in the Middle East
Cyber Crime Challenges in the Middle EastMohamed N. El-Guindy
 
Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Cyber Security for Energy & Utilities Special Editorial Edition
Cyber Security for Energy & Utilities Special Editorial Edition Mohamed N. El-Guindy
 
114-116
114-116114-116
114-116IKERIONWU FREDRICK
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030A US Cybersecurity Strategy for 2030
A US Cybersecurity Strategy for 2030Scott Dickson
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementRicardo Reis
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the InternetMaurice Dawson
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Cyber Security, Cyber Warfare
Cyber Security, Cyber WarfareCyber Security, Cyber Warfare
Cyber Security, Cyber WarfareAmit Anand
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberwarfare
CyberwarfareCyberwarfare
CyberwarfareSpace Defense Newsletter
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismMaurice Dawson
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Economic-Cybercrime-Report
Economic-Cybercrime-ReportEconomic-Cybercrime-Report
Economic-Cybercrime-ReportDr Steve Strickland
 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security ThreatMichael Yatskievych
 

Contenu connexe

Tendances

Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceDr David Probert
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementRicardo Reis
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the InternetMaurice Dawson
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Cyber Security, Cyber Warfare
Cyber Security, Cyber WarfareCyber Security, Cyber Warfare
Cyber Security, Cyber WarfareAmit Anand
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismMaurice Dawson
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 

Tendances (20)

Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Cyber war
Cyber warCyber war
Cyber war
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in Cyberspace
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Cyber Security, Cyber Warfare
Cyber Security, Cyber WarfareCyber Security, Cyber Warfare
Cyber Security, Cyber Warfare
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 

En vedette

WP_Hiding_in_Plain_Sight-Part_2_reduced
WP_Hiding_in_Plain_Sight-Part_2_reducedWP_Hiding_in_Plain_Sight-Part_2_reduced
WP_Hiding_in_Plain_Sight-Part_2_reducedEli Marcus
 
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...Shubham Kumar Singh
 
The Dark Side of Social Media
The Dark Side of Social MediaThe Dark Side of Social Media
The Dark Side of Social MediaAref Jdey
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crimeAlisha Korpal
 
Cyberlaw and Cybercrime
Cyberlaw and CybercrimeCyberlaw and Cybercrime
Cyberlaw and CybercrimePravir Karna
 
Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)Professor Mary Aiken
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crimeishmecse13
 

En vedette (11)

Economic-Cybercrime-Report
Economic-Cybercrime-ReportEconomic-Cybercrime-Report
Economic-Cybercrime-Report
 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security Threat
 
WP_Hiding_in_Plain_Sight-Part_2_reduced
WP_Hiding_in_Plain_Sight-Part_2_reducedWP_Hiding_in_Plain_Sight-Part_2_reduced
WP_Hiding_in_Plain_Sight-Part_2_reduced
 
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
 
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
EUROPOL: THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015
 
The Dark Side of Social Media
The Dark Side of Social MediaThe Dark Side of Social Media
The Dark Side of Social Media
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Report of cyber crime
Report of cyber crimeReport of cyber crime
Report of cyber crime
 
Cyberlaw and Cybercrime
Cyberlaw and CybercrimeCyberlaw and Cybercrime
Cyberlaw and Cybercrime
 
Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)Pathways White Paper FINAL (1) (1)
Pathways White Paper FINAL (1) (1)
 
Case study on cyber crime
Case study on cyber crimeCase study on cyber crime
Case study on cyber crime
 

Similaire à 21st Century Threats and Middle East Dilemma

IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxSharifulShishir
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax Cybersec
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYijcsit
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Business Finland
 
AI & Cybersecurity meet 21stC GeoPolitics
AI & Cybersecurity meet 21stC GeoPoliticsAI & Cybersecurity meet 21stC GeoPolitics
AI & Cybersecurity meet 21stC GeoPoliticsDr David Probert
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...AmmLibera AL
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossierYury Chemerkin
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
Input on threat images against information society
Input on threat images against information societyInput on threat images against information society
Input on threat images against information societySomerco Research
 
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisCyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisIRJET Journal
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastMohamed N. El-Guindy
 

Similaire à 21st Century Threats and Middle East Dilemma (20)

RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
 
188
188188
188
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
 
The red book
The red book The red book
The red book
 
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRYTHE PROFESSIONALIZATION OF THE HACKER INDUSTRY
THE PROFESSIONALIZATION OF THE HACKER INDUSTRY
 
The Professionalization of the Hacker Industry
The Professionalization of the Hacker IndustryThe Professionalization of the Hacker Industry
The Professionalization of the Hacker Industry
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
 
AI & Cybersecurity meet 21stC GeoPolitics
AI & Cybersecurity meet 21stC GeoPoliticsAI & Cybersecurity meet 21stC GeoPolitics
AI & Cybersecurity meet 21stC GeoPolitics
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...
2013 Italian Report on Cyber Security - Critical Infrastructure and other sen...
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossier
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
Input on threat images against information society
Input on threat images against information societyInput on threat images against information society
Input on threat images against information society
 
Case study 11
Case study 11Case study 11
Case study 11
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisCyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle East
 

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

21st Century Threats and Middle East Dilemma

  • 1. 21st Century Cyber Threats and the Middle East Dilemma
  • 2. 21st Century Cyber Threats and the Middle East Dilemma 21st Century Cyber Threats and The Middle East Dilemma
  • 3. 21st Century Cyber Threats and the Middle East Dilemma Contents 4 5 7 8 8 9 21 24 26 26 27 28 29 12 11 Summary The state of ICT infrastructure in MENA Middle East ICT vulnerabilities Top 2011 Cyber threats and the Middle East Targeted Attacks Stuxnet Worm Politically motivated attacks Cybercrime and Underground Market Hardware Trojans and Digital Espionage Syrian Radars and Kill Switch Technology Satellite lost in Space US Chips will be controlled by the Pentagon Surveillance Systems Conclusion Credits
  • 4. 21st Century Cyber Threats and the Middle East Dilemma Summary By the end of the 20th century and the beginning of the 21st century, the Internet and cyberspace become major players in our daily lives. The globe is now connected from home users who just use computers for simple tasks to governments that implement ICT in critical infrastructure to cyber criminals, cyber warriors, and satellites. MENA countries will invest more in ICT and these investments will increase the broadband user base as prices will drop down. Cyberspace started to shape societies and introduced new tools and ideas that will change even the maps of the Middle East. But Is the Middle East ready to face the new cyber threats of the 21st century? In this whitepaper, we will understand the latest threats of cyberspace and their effect on the Middle East and North African countries.
  • 5. 21st Century Cyber Threats and the Middle East Dilemma The state of ICT infrastructure in MENA According to the latest research and reports1, there is huge investment in ICT infrastructure in the Middle East. But not all countries have the same maturity level of ICT readiness. Few countries are ranked at high maturity level such as UAE and others are ranked low such as Algeria. There is also big difference between ICT maturity level and ICT readiness. Some countries have good ICT infrastructure but low ICT readiness due to people readiness, awareness or government readiness in ICT. But there are two facts worth mentioning: 1- Most MENA countries trail behind rest of the world in ICT readiness 2- Most GCC2 members continue to progress in ICT readiness Fig.1 ICT Readiness in MENA 1 2 http://www.escwa.un.org/information/publications/edit/upload/ictd-09-12.pdf Gulf Cooperation Council
  • 6. 21st Century Cyber Threats and the Middle East Dilemma MENA countries invested billions of dollars in ICT applications and implementation until they become more reliant on it. Critical ICT infrastructure becomes part of their national security that is why security and protection for this infrastructure is becoming more important. Egypt for example spends LE 40 billion annually on Telecom industry. Over all telecommunication spending in the Middle East will rise to $395 billion in 2013, gowning at a 12.1% compound annual rate, the fastest growth in terms of percentage of any region3. Although few countries in GCC are investing in new ICT infrastructure, many other countries in the region have old infrastructure. Egypt for example has the oldest ICT infrastructure controlled by Egypt Telecom Company for over 150 years. But the advancement in ICT readiness and country’s maturity level are low and progressing slowly. However it is ranked number one in Africa for internet penetration according to number of population4. Fig.2 ICT Maturity level in MENA5 3 4 5 www.tiaonline.org http://www.internetworldstats.com UN: ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA
  • 7. 21st Century Cyber Threats and the Middle East Dilemma One of the obstacles in countries like Egypt is the monopoly and high level corruption6 that makes progression slow due to the nature of how policymakers are thinking of implementing advanced technology inside country’s infrastructure. But there is one common factor among MENA countries which is business first… This way of thinking leaves ICT infrastructure in the region vulnerable to all types of attacks and cyber threats. Middle East ICT vulnerabilities Implementation of ICT applications and growth of user base in the region are among the highest in the world. But there are always vulnerabilities when it comes to technology and people. People mistakes are the biggest vulnerabilities in the region in addition to poor or absent regulations and ICT expertise. Well-known vulnerabilities in MENA concluded as follows: - Poor awareness programs at individuals, corporations, and government levels Poor or absent cybercrime regulations Centralized ICT infrastructure and monopoly Off-the-Shelf technology and solutions Lack of skilled law enforcement and emergency teams Poor information security education for IT students Poor standards or lack of compliance with international standards for information security such as PCI, ISO27001 The attack vector will increase; and the Middle East will become big target and source for cybercrime in the upcoming years. Without doubt our region will face a lot of problems for implementing advanced ICT solutions without security in mind. Powering critical infrastructure with off-the-shelf solutions, importing low quality and untrusted hardware and solutions will increase number of incidents in MENA. But unfortunately there is no transparency in the availability of information related to the incidents occurred in the Middle East; and there are no specific laws for such problem. That is why experts in the region think that we are safer than rest of the world as number of incidents is not efficiently traced or recorded. But this is false security. 6 www.transparency.org
  • 8. 21st Century Cyber Threats and the Middle East Dilemma Top 2011 Cyber threats and the Middle East Hiding the problem is the biggest problem. We need to understand and address our cyber security problems to find suitable solutions. We will spot major cyber threats and cyber attacks started at the end of 20th century and beginning of 21st century and their relation to the Middle East region. Our inspection in such attacks and threats will give an overview for the attack vector in the upcoming years and how it might affect critical infrastructure, individuals, and corporations in MENA. Targeted Attacks Targeted7 attacks are developed for or directed at specific individual, government, sectors, or corporation. In this type of attack, cyber criminals need to gather information about specific target to find vulnerabilities that could be exploited during the attack session. Targeted attack is big topic in information security including many types of cyber threats from targeted phishing attack to critical infrastructure attacks. One obvious and sophisticated example of these targeted attacks is (Stuxnet Worm) which discovered in July 2010 and targeted Iran Uranium enrichment facilities. 7 http://www.symantec.com/connect/blogs/new-targeted-attack-exploiting-libyan-crisis
  • 9. 21st Century Cyber Threats and the Middle East Dilemma Stuxnet Worm Many experts believe that this worm is built specifically to target the SCADA8 systems of either Bushehr reactor9 or the Uranium enrichment plant in Natanz and both in Iran. Stuxnet was designed to target its attack on particular industry control systems—specifically, programmable logic Controllers (PLCs)—and to change the code to modify the frequency converter drives of the controller10. This was the first worm designed to target specific SCADA system. It is believed that it was a government-backed work between USA, Europe and Israel. Fig.3 Stuxnet infection mechanism using USB drive 8 SCADA 9 http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant http://www.symantec.com/connect/blogs/stuxnet-breakthrough 10
  • 10. 21st Century Cyber Threats and the Middle East Dilemma Stuxnet is very dangerous type of attack as it targets systems that might affect human lives if it fails. If this worm code is now on the wild, it might be used by terrorists and organized cybercrime gangs and it might open new door to cyber terrorism and Cyberwar11. Fig.4 Stuxnet Infections by country. Source Symantec In the upcoming months or years we might see new variants to Stuxnet and we don’t know who will be the next target in the region. SCADA systems are used in many countries to control water purification systems, Electrical grid, nuclear power generation etc. After Fukushima crisis in Japan, many western countries such as Germany started a plan to stop using nuclear reactors. But in our region other countries such as Saudi Arabia started to import nuclear facilities12. While USA supports13 Saudi Arabia’s project to use nuclear reactors, we can’t see this as safe step in the 21st century. 11 http://netsafe.me/2010/09/27/stuxnet-worm-is-it-a-real-cyber-war http://www.thenational.ae/business/energy/saudi-arabia-in-agreement-to-explore-nuclear-power 13 http://www.america.gov/st/peacesec-english/2008/May/20080516160353idybeekcm0.3394586.html 12
  • 11. 21st Century Cyber Threats and the Middle East Dilemma What will happen if something like Stuxnet is capable of creating new Fukushima in MENA14? There is lack of expertise in the region especially when it comes to SCADA systems that should make us think twice before implementing advanced technology solutions in our critical infrastructure. These technologies need to be protected and examined for any vulnerability. And we need to educate our workforce on how to deal with this advanced technology as any failure in these systems might endanger human lives. We believe that Cyberwar and cyber terrorism in the 21st century will have global effect and even will be used as effective methods instead of real physical attacks. If SCADA systems will be used we suggest the following mitigation15: - SCADA systems should be isolated from other networks, placed in DMZ Limiting access to this system over the internet is recommended If limiting access is not possible, specific traffic or protocol connections should only be allowing to communicate with SCADA systems IPSec and VPNs should be used Endpoint security products, vulnerability assessments and management solutions should be in place Compliance with Information systems security management standards such as ISO27002, NIST, and ISA-TR99.00.01200416 Log auditing is important IDS and monitoring system should be used to prevent attacks Implementing SCADA protocols17 14 http://rothkopf.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet_the_growing_thr eat_of_cyber_war 15 Securing SCADA Systems, Ronald L. Krutz, PhD. WILEY publishing 16 www.isa.org 17 http://www.isa.org/journals/intech/TP04ISA048.pdf
  • 12. 21st Century Cyber Threats and the Middle East Dilemma Politically motivated attacks18 Politically motivated attacks are one of the rising threats in 2011. The conflicts in Middle East region increased the number of politically motivated attacks or Hacktivism. Anonymous19 is one of the well-known examples for Hacktivism. They started to hit infrastructure of major payment companies such as PayPal, MasterCard and VISA, following their war on Wikileaks20. In the Middle East, Anonymous attacked government websites during Arab spring21 to support protests. Their attacks organized using DDoS attack against many government websites and infrastructure started by Operation Tunisia22 to Egypt23, Libya, and Syria. There are many examples of politically motivated attacks in the Middle East such as: - Attacks related to Bin Laden death24 This could be utilized with any other figure or political party Aljazeera TV channel Website attack25 Mass emailing during Arab spring26 Website defacement across the region27 Even scammers are taking advantage of Arab uprising in Egypt28 and Libya29. 18 http://netsafe.me/2011/03/02/cyber-attacks-and-politics-in-the-middle-east 19 http://en.wikipedia.org/wiki/Anonymous_(group 20 http://netsafe.me/2010/12/04/the-war-on-wikileaks%e2%80%a6 http://en.wikipedia.org/wiki/Arab_Spring http://netsafe.me/2011/01/04/operation-tunisia 21 22 23 24 http://netsafe.me/2011/01/27/operation-egypt-internet-as-a-battlefield http://netsafe.me/2011/05/07/bin-laden-killed-evil-appears-online http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracymovement-in-egypt/s2/a542649 26 http://blog.commtouch.com/cafe/email-marketing/mass-emailings-support-change-in-egypt-andnow-syria 27 http://www.thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html 28 http://www.symantec.com/connect/blogs/419-scammers-taking-advantage-egypts-revolution 29 http://www.symantec.com/connect/blogs/419-spammers-taking-advantage-libyan-unrest 25
  • 13. 21st Century Cyber Threats and the Middle East Dilemma Unfortunately there is a very thin line between pure Hacktivism and cyber attacks driven by governments such attack was conducted by Tunisian government against protesters during Tunisian uprising30. Fig.5 Man in the Middle Attack by Tunisian Government Syrian government also used the same technique but with fake SSL certificate31. The relation between Syrian regime and Iran might create a link between the Comodo hacker32 and the technique used by Syrian government to attack their users. We think these types of attacks will increase in the upcoming years. 30 http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernamesand-passwords 31 http://netsafe.me/2011/05/08/syrian-government-internet-enemy-and-cybercriminal 32 http://www.computerworld.com/s/article/9215245/Solo_Iranian_hacker_takes_credit_for_Comodo_cer tificate_attack
  • 14. 21st Century Cyber Threats and the Middle East Dilemma Cybercrime and Underground Market Underground cybercrime markets such as underground forums, social networks, IRC are growing threats in 2011. It is creating private relation between the buyer and the seller and online payment or WebMoney might be used to complete the deal. One of the well-known services offered at underground markets are Botnets which can be hired per service per time. It can be used to launch DDoS attack, Install malware, or spam service. Due to lack of security measures, poor security awareness and other ICT vulnerabilities in the Middle East, we can see large attacks targeted the region from underground market. Attackers in Russia or china might use Botnets and infected machines in Middle East to launch attacks in either Middle East or in other region across the globe! According to NetWitness33 company, Egypt and Saudi Arabia are the worst countries affected by a "dangerous new" Botnet that has control of 75,000 systems around the world. Also Saudi Arabia is ranked first spam source in the Middle East34. The Zeus35 Crimeware toolkit is one of the famous tools and Botnets available on black markets. This Crimeware is known to be guilty of 44% of the banking malware infections36. The advancement of technology makes it easy for unskilled or Script kiddies to conduct a sophisticated attack or even create very complicated malware using virus production tools and underground Crimeware that even avoid AV detection37. Such tools make cybercrime easier and make it hard to trained law enforcement, emergency teams and cyber security professional, that it is big reason to think twice about the situation38 in the Middle East39. 33 http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet http://www.alarabiya.net/articles/2010/11/10/125626.html 35 http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits 36 http://www.ecommerce-journal.com/news/18221_zeus_increasingly_avoids_pcs_detection 37 http://mobile.eweek.com/c/a/Security/Exploit-Toolkits-Software-That-Makes-CyberCrime-Easier411813 38 http://www.ameinfo.com/250282.html 39 http://www.outlookseries.com/A0996/Security/3957_Jeremy_Freeman_IronKey_CyberCriminals_Middle_East_Banks_ZeuS_SpyEye_OddJob_Sunspot_Jeremy_Freeman.htm 34
  • 15. 21st Century Cyber Threats and the Middle East Dilemma Fig.6 Spy Eye Crimeware (Source: Symantec40) When we take a look at Microsoft Security Intelligence Report, we can find that Middle East infections by Trojans, worms and other Crimeware is among the highest in the world. Fig.7 Malware infections in Egypt (Microsoft SIR41) 40 41 http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot http://www.microsoft.com/security/sir/default.aspx
  • 16. 21st Century Cyber Threats and the Middle East Dilemma Hardware Trojans and Digital Espionage Hardware Trojans42 are new and emerging threats that will change the face our digital life. Hardware Trojans refer to alteration of hardware, that could, under specific conditions, result in functional changes of the system. It can also be used as Time Bomb Trojan to disable system at future time. Hardware Trojans can also leak confidential information over a secrets channel when certain conditions are being met to trigger the Trojan. With all the electronics that are used in our daily lives from consumer electronics to mobile phones and devices in governments and military, we are in serious risk of hardware Trojans. Globalization and chip manufacturing in countries with special motivations such as China will increase the problem of hardware Trojans and digital espionage. Hardware such as chips, ICs or FPGAs can be altered at manufacturing or design time. A group of engineers had successfully demonstrated this threat43. These types of threats are not easy to be detected especially in countries such as in the Middle East. Syrian Radars and Kill Switch Technology An obvious example to this hardware Trojan threat which also called “Kill Switch Technology” Is the 2007 Israeli Air Force attack on a suspected44, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Syrian government officials said that it was a jamming system and an error in the radar systems which made them blind. But according to IEEE and NY Times, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 820045. 42 43 44 45 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5340158 http://vimeo.com/1437702 http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch http://www.nytimes.com/2009/10/27/science/27trojan.html?pagewanted=1
  • 17. 21st Century Cyber Threats and the Middle East Dilemma Satellite lost in Space On 23 October 2010, The NARSSS46 in Egypt announced that it lost control and communications with its remote sensing satellite (EgyptSat 1) since July 201047. However the satellite still can be tracked online using this link: http://www.n2yo.com/?s=31117 Egyptian government always purchases ready-made satellites such as Nile Sat. But EgyptSat 1 was the countries’ first scientific research satellite to be jointly48 built by Egypt with the Yuzhnoye Design Bureau in Ukraine49 and was launched onboard at Dnepr50 rocket on 17 April 2007. Although there is no evidence that this was an example of “Hardware Trojans”, many experts in Egypt failed to scientifically explain why the satellite disappeared51. Other Egyptian sources and experts suggested that the satellite was hijacked by Israel52. This type of technology is available for those who can afford it and the technical specifications of this type of satellite are not hard to obtain53. Scientists believed that Israel has long been the most advanced in the Middle East when it comes to aerospace arena54. Despite this fact, we can’t consider it as a hard evidence for satellite hijacking. 46 47 http://www.narss.sci.eg http://www.masrawy.com/News/Egypt/Politics/2010/october/23/sat.aspx 48 http://www.nkau.gov.ua/nsau/catalogNEW.nsf/proectE/3B41E4935D67F084C2256F2A003356A1?Op enDocument&Lang=E 49 http://www.yuzhnoye.com/index.php?lang=en 50 http://en.wikipedia.org/wiki/Dnepr-1 51 http://www.masrawy.com/News/Egypt/Politics/2010/october/25/satalight.aspx?ref=rss 52 http://www.alarab.com.qa/details.php?docId=155738&issueNo=1042&secId=15 53 https://directory.eoportal.org/get_announce.php?an_id=10001889 54 http://www.aiaa.org/aerospace/images/articleimages/pdf/Aerospace%20in%20Middle%20East_APR20 091.pdf
  • 18. 21st Century Cyber Threats and the Middle East Dilemma US Chips will be controlled by the Pentagon US started to manufacture chips55 which will be used in critical infrastructure and military in secure American companies controlled by the Pentagon to avoid hardware Trojans. There is currently cold Cyberwar between major players in the world such as US, China and Russia. Few evidences have been discovered tell the story about the true Cyberwar and digital espionage. The Sunday Times published an article in 2009 claimed that Chinese hackers are using ghost network to control embassy computers56. The Information Warfare57 Monitor website published an investigation for cyber espionage 2.0 which tells the complete story for evidence of cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Reports claimed that Huawei, a telecoms company run by the former director of the telecoms research arm of the Chinese Army might be involved in the attack. But the Chinese government denied involvement in such attacks58. Most technologies in MENA countries even in government and military are manufactured in China. They are importing all types of electronics to the market without inspection, analysis, or even quality assurance. This for sure will open the door to digital intelligence, economic and military espionage and we should be worry about protection of our critical infrastructure and even human privacy in the 21st century. 55 http://www.eecs.umich.edu/~imarkov/pubs/jour/DAC.COM-TrustedICs.pdf http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece 57 http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyberespionage-2-0 58 http://www.thefirstpost.co.uk/46883,news-comment,news-politics,china-denies-involvement-inghostnet-cyber-attacks 56
  • 19. 21st Century Cyber Threats and the Middle East Dilemma Surveillance Systems Surveillance systems are part of the digital espionage game and it plays an important role in politics, economy, and military. When countries in MENA region are importing advanced software59, devices or solutions to spy on their citizens, who could make sure that these devices are not themselves spying machines on the governments they use? United States and other European countries are cooperating in so called global wiretapping project (Echelon)60. This project contains nodes or black boxes installed at telecom carriers and ISPs to provide Deep Packet Inspection, traffic analysis and monitoring systems. It includes surveillance networks61 around the globe and satellite systems. Fig.8 NSA Surveillance System (Part of Echelon)62 59 60 61 62 http://www.f-secure.com/weblog/archives/00002114.html http://en.wikipedia.org/wiki/Echelon_(signals_intelligence http://www.nsawatch.org/networks.html www.nsawatch.org
  • 20. 21st Century Cyber Threats and the Middle East Dilemma Part of NSA system is based on NARUS63 solution which used by Egyptian government during the uprising to monitor traffic and block twitter and facebook64. It was easily implemented in MENA countries due to the nature of centralized ICT infrastructure and believed to be used back in 200565 to block VoIP services when it was not allowed by most MENA countries. NARUS also provided the surveillance solution to Libya66. Unfortunately, most countries in the region are using western technologies to censor or monitor internet traffic according to OpenNet initiative67. It is believed that the surveillance solutions provided to Middle East countries especially NARUS is just small part and not the entire solution. While these technologies didn’t prevent anything in real life scenarios and didn’t prevent people from accessing website or even organizing protests and other activities, we think that it open door for digital espionage in the Middle East. Fig.9 NARUS system installed at ISP68 63 http://richardbrenneman.wordpress.com/2011/01/29/mubaraks-israeli-created-internet-spyware http://en.wikipedia.org/wiki/Narus 65 http://spectrum.ieee.org/telecom/internet/the-voip-backlash 66 http://www.levantinecenter.org/levantine-review/articles/how-western-corporations-have-beenhelping-arab-tyrants 67 http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011 68 http://blogs.law.harvard.edu/surveillance 64
  • 21. 21st Century Cyber Threats and the Middle East Dilemma Conclusion Middle East governments need to address their ICT vulnerabilities before it is too late. Technology is faster than ever and the upcoming years will bring new cyber threats such as hardware Trojans, cyber armies, Cyberwar, and critical ICT infrastructure attacks that might affect human lives. Although many governments in the region are still using policing techniques such as old spying techniques from dark ages to control everything, they don’t understand that the attacks may come from inside their computers! MENA countries need to pay attention to all imported technologies, hardware, devices, and solutions. Security first! Cyber security is not the work of individuals, corporations, or governments. It is everyone’s responsibility. Governments need new strategies for awareness, and regulations. They need to enforce freedom of speech, transparency, and improve the education system at all levels. Education is the key in the 21st century
  • 22. 21st Century Cyber Threats and the Middle East Dilemma Credits Published 19 June 2011 Author Mohamed N. El Guindy ASK PC Academy, President ISSA Egypt Chapter, Founder & President elguindy@ieee.org elguindy@bcs.org
  • 23. 21st Century Cyber Threats and the Middle East Dilemma About ASK PC Academy ASK PC is an information technology training provider working in MENA region with registered offices in the UK and Middle East. ASK PC is providing IT training solutions corporate, governments, and individuals around the Middle East. It offers the highest quality services and internationally recognized IT qualifications in partnership with reputable international organizations to name few, the Institute of Electrical and Electronics Engineers (IEEE), the Chartered Institute for IT (BCS), Information Systems Security Association. Learn more about ASK PC services In English: www.askpc.net In Arabic: www.ask-pc.com For specific country offices and partners, please visit our websites. Copyright © 2011 ASK PC. All rights reserved. ASK PC and ASK PC Logo are trademarks or registered trademarks of ASK PC. Other mentioned names may be trademarks of their respective owners