The document discusses cyber threats facing the Middle East in the 21st century. It outlines vulnerabilities in the region's ICT infrastructure and maturity levels. Major threats discussed include targeted attacks like Stuxnet, politically motivated hacktivism during the Arab Spring, and the growing cybercrime underground market. The region faces risks from threats tailored to its infrastructure and from being used as a launch point for global attacks due to vulnerabilities. Stronger security practices, regulations, and expertise are needed to protect critical systems and address cyber issues in the Middle East.
2. 21st Century Cyber Threats and the Middle East Dilemma
21st Century Cyber Threats and
The Middle East Dilemma
3. 21st Century Cyber Threats and the Middle East Dilemma
Contents
4
5
7
8
8
9
21
24
26
26
27
28
29
12
11
Summary
The state of ICT infrastructure in MENA
Middle East ICT vulnerabilities
Top 2011 Cyber threats and the Middle East
Targeted Attacks
Stuxnet Worm
Politically motivated attacks
Cybercrime and Underground Market
Hardware Trojans and Digital Espionage
Syrian Radars and Kill Switch Technology
Satellite lost in Space
US Chips will be controlled by the Pentagon
Surveillance Systems
Conclusion
Credits
4. 21st Century Cyber Threats and the Middle East Dilemma
Summary
By the end of the 20th century and the beginning of the 21st
century, the Internet and cyberspace become major players in our
daily lives. The globe is now connected from home users who just
use computers for simple tasks to governments that implement ICT
in critical infrastructure to cyber criminals, cyber warriors, and
satellites.
MENA countries will invest more in ICT and these investments will
increase the broadband user base as prices will drop down.
Cyberspace started to shape societies and introduced new tools and
ideas that will change even the maps of the Middle East.
But Is the Middle East ready to face the new cyber threats of the
21st century?
In this whitepaper, we will understand the latest threats of
cyberspace and their effect on the Middle East and North African
countries.
5. 21st Century Cyber Threats and the Middle East Dilemma
The state of ICT infrastructure in MENA
According to the latest research and reports1, there is huge
investment in ICT infrastructure in the Middle East. But not all
countries have the same maturity level of ICT readiness. Few
countries are ranked at high maturity level such as UAE and others
are ranked low such as Algeria.
There is also big difference between ICT maturity level and ICT
readiness. Some countries have good ICT infrastructure but low ICT
readiness due to people readiness, awareness or government
readiness in ICT.
But there are two facts worth mentioning:
1- Most MENA countries trail behind rest of the world in ICT
readiness
2- Most GCC2 members continue to progress in ICT readiness
Fig.1 ICT Readiness in MENA
1
2
http://www.escwa.un.org/information/publications/edit/upload/ictd-09-12.pdf
Gulf Cooperation Council
6. 21st Century Cyber Threats and the Middle East Dilemma
MENA countries invested billions of dollars in ICT applications and
implementation until they become more reliant on it. Critical ICT
infrastructure becomes part of their national security that is why
security and protection for this infrastructure is becoming more
important.
Egypt for example spends LE 40 billion annually on Telecom
industry. Over all telecommunication spending in the Middle East
will rise to $395 billion in 2013, gowning at a 12.1% compound
annual rate, the fastest growth in terms of percentage of any
region3.
Although few countries in GCC are investing in new ICT
infrastructure, many other countries in the region have old
infrastructure.
Egypt for example has the oldest ICT infrastructure controlled by
Egypt Telecom Company for over 150 years. But the advancement
in ICT readiness and country’s maturity level are low and
progressing slowly. However it is ranked number one in Africa for
internet penetration according to number of population4.
Fig.2 ICT Maturity level in MENA5
3
4
5
www.tiaonline.org
http://www.internetworldstats.com
UN: ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA
7. 21st Century Cyber Threats and the Middle East Dilemma
One of the obstacles in countries like Egypt is the monopoly and
high level corruption6 that makes progression slow due to the
nature of how policymakers are thinking of implementing advanced
technology inside country’s infrastructure. But there is one common
factor among MENA countries which is business first…
This way of thinking leaves ICT infrastructure in the region
vulnerable to all types of attacks and cyber threats.
Middle East ICT vulnerabilities
Implementation of ICT applications and growth of user base in the
region are among the highest in the world. But there are always
vulnerabilities when it comes to technology and people. People
mistakes are the biggest vulnerabilities in the region in addition to
poor or absent regulations and ICT expertise.
Well-known vulnerabilities in MENA concluded as follows:
-
Poor awareness programs at individuals, corporations, and
government levels
Poor or absent cybercrime regulations
Centralized ICT infrastructure and monopoly
Off-the-Shelf technology and solutions
Lack of skilled law enforcement and emergency teams
Poor information security education for IT students
Poor standards or lack of compliance with international
standards for information security such as PCI, ISO27001
The attack vector will increase; and the Middle East will become big
target and source for cybercrime in the upcoming years.
Without doubt our region will face a lot of problems for
implementing advanced ICT solutions without security in mind.
Powering critical infrastructure with off-the-shelf solutions,
importing low quality and untrusted hardware and solutions will
increase number of incidents in MENA. But unfortunately there is no
transparency in the availability of information related to the
incidents occurred in the Middle East; and there are no specific laws
for such problem. That is why experts in the region think that we
are safer than rest of the world as number of incidents is not
efficiently traced or recorded. But this is false security.
6
www.transparency.org
8. 21st Century Cyber Threats and the Middle East Dilemma
Top 2011 Cyber threats and the Middle East
Hiding the problem is the biggest problem. We need to understand
and address our cyber security problems to find suitable solutions.
We will spot major cyber threats and cyber attacks started at the
end of 20th century and beginning of 21st century and their relation
to the Middle East region. Our inspection in such attacks and threats
will give an overview for the attack vector in the upcoming years
and how it might affect critical infrastructure, individuals, and
corporations in MENA.
Targeted Attacks
Targeted7 attacks are developed for or directed at specific
individual, government, sectors, or corporation. In this type of
attack, cyber criminals need to gather information about specific
target to find vulnerabilities that could be exploited during the
attack session.
Targeted attack is big topic in information security including many
types of cyber threats from targeted phishing attack to critical
infrastructure attacks. One obvious and sophisticated example of
these targeted attacks is (Stuxnet Worm) which discovered in July
2010 and targeted Iran Uranium enrichment facilities.
7
http://www.symantec.com/connect/blogs/new-targeted-attack-exploiting-libyan-crisis
9. 21st Century Cyber Threats and the Middle East Dilemma
Stuxnet Worm
Many experts believe that this worm is built specifically to target the
SCADA8 systems of either Bushehr reactor9 or the Uranium
enrichment plant in Natanz and both in Iran.
Stuxnet was designed to target its attack on particular industry
control systems—specifically, programmable logic Controllers
(PLCs)—and to change the code to modify the frequency converter
drives of the controller10.
This was the first worm designed to target specific SCADA system.
It is believed that it was a government-backed work between USA,
Europe and Israel.
Fig.3 Stuxnet infection mechanism using USB drive
8
SCADA
9
http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant
http://www.symantec.com/connect/blogs/stuxnet-breakthrough
10
10. 21st Century Cyber Threats and the Middle East Dilemma
Stuxnet is very dangerous type of attack as it targets systems that
might affect human lives if it fails. If this worm code is now on the
wild, it might be used by terrorists and organized cybercrime gangs
and it might open new door to cyber terrorism and Cyberwar11.
Fig.4 Stuxnet Infections by country. Source Symantec
In the upcoming months or years we might see new variants to
Stuxnet and we don’t know who will be the next target in the
region.
SCADA systems are used in many countries to control water
purification systems, Electrical grid, nuclear power generation etc.
After Fukushima crisis in Japan, many western countries such as
Germany started a plan to stop using nuclear reactors.
But in our region other countries such as Saudi Arabia started to
import nuclear facilities12.
While USA supports13 Saudi Arabia’s project to use nuclear reactors,
we can’t see this as safe step in the 21st century.
11
http://netsafe.me/2010/09/27/stuxnet-worm-is-it-a-real-cyber-war
http://www.thenational.ae/business/energy/saudi-arabia-in-agreement-to-explore-nuclear-power
13
http://www.america.gov/st/peacesec-english/2008/May/20080516160353idybeekcm0.3394586.html
12
11. 21st Century Cyber Threats and the Middle East Dilemma
What will happen if something like Stuxnet is capable of creating
new Fukushima in MENA14?
There is lack of expertise in the region especially when it comes to
SCADA systems that should make us think twice before
implementing advanced technology solutions in our critical
infrastructure.
These technologies need to be protected and examined for any
vulnerability. And we need to educate our workforce on how to deal
with this advanced technology as any failure in these systems might
endanger human lives.
We believe that Cyberwar and cyber terrorism in the 21st century
will have global effect and even will be used as effective methods
instead of real physical attacks.
If SCADA systems will be used we suggest the following
mitigation15:
-
SCADA systems should be isolated from other networks,
placed in DMZ
Limiting access to this system over the internet is
recommended
If limiting access is not possible, specific traffic or protocol
connections should only be allowing to communicate with
SCADA systems
IPSec and VPNs should be used
Endpoint security products, vulnerability assessments and
management solutions should be in place
Compliance with Information systems security management
standards such as ISO27002, NIST, and ISA-TR99.00.01200416
Log auditing is important
IDS and monitoring system should be used to prevent attacks
Implementing SCADA protocols17
14
http://rothkopf.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet_the_growing_thr
eat_of_cyber_war
15
Securing SCADA Systems, Ronald L. Krutz, PhD. WILEY publishing
16
www.isa.org
17
http://www.isa.org/journals/intech/TP04ISA048.pdf
12. 21st Century Cyber Threats and the Middle East Dilemma
Politically motivated attacks18
Politically motivated attacks are one of the rising threats in 2011.
The conflicts in Middle East region increased the number of
politically motivated attacks or Hacktivism.
Anonymous19 is one of the well-known examples for Hacktivism.
They started to hit infrastructure of major payment companies such
as PayPal, MasterCard and VISA, following their war on Wikileaks20.
In the Middle East, Anonymous attacked government websites
during Arab spring21 to support protests. Their attacks organized
using DDoS attack against many government websites and
infrastructure started by Operation Tunisia22 to Egypt23, Libya, and
Syria.
There are many examples of politically motivated attacks in the
Middle East such as:
-
Attacks related to Bin Laden death24
This could be utilized with any other figure or political party
Aljazeera TV channel Website attack25
Mass emailing during Arab spring26
Website defacement across the region27
Even scammers are taking advantage of Arab uprising in Egypt28
and Libya29.
18
http://netsafe.me/2011/03/02/cyber-attacks-and-politics-in-the-middle-east
19
http://en.wikipedia.org/wiki/Anonymous_(group
20
http://netsafe.me/2010/12/04/the-war-on-wikileaks%e2%80%a6
http://en.wikipedia.org/wiki/Arab_Spring
http://netsafe.me/2011/01/04/operation-tunisia
21
22
23
24
http://netsafe.me/2011/01/27/operation-egypt-internet-as-a-battlefield
http://netsafe.me/2011/05/07/bin-laden-killed-evil-appears-online
http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracymovement-in-egypt/s2/a542649
26
http://blog.commtouch.com/cafe/email-marketing/mass-emailings-support-change-in-egypt-andnow-syria
27
http://www.thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html
28
http://www.symantec.com/connect/blogs/419-scammers-taking-advantage-egypts-revolution
29
http://www.symantec.com/connect/blogs/419-spammers-taking-advantage-libyan-unrest
25
13. 21st Century Cyber Threats and the Middle East Dilemma
Unfortunately there is a very thin line between pure Hacktivism and
cyber attacks driven by governments such attack was conducted by
Tunisian government against protesters during Tunisian uprising30.
Fig.5 Man in the Middle Attack by Tunisian Government
Syrian government also used the same technique but with fake SSL
certificate31. The relation between Syrian regime and Iran might
create a link between the Comodo hacker32 and the technique used
by Syrian government to attack their users.
We think these types of attacks will increase in the upcoming years.
30
http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernamesand-passwords
31
http://netsafe.me/2011/05/08/syrian-government-internet-enemy-and-cybercriminal
32
http://www.computerworld.com/s/article/9215245/Solo_Iranian_hacker_takes_credit_for_Comodo_cer
tificate_attack
14. 21st Century Cyber Threats and the Middle East Dilemma
Cybercrime and Underground Market
Underground cybercrime markets such as underground forums,
social networks, IRC are growing threats in 2011. It is creating
private relation between the buyer and the seller and online
payment or WebMoney might be used to complete the deal.
One of the well-known services offered at underground markets are
Botnets which can be hired per service per time. It can be used to
launch DDoS attack, Install malware, or spam service.
Due to lack of security measures, poor security awareness and
other ICT vulnerabilities in the Middle East, we can see large attacks
targeted the region from underground market.
Attackers in Russia or china might use Botnets and infected
machines in Middle East to launch attacks in either Middle East or in
other region across the globe!
According to NetWitness33 company, Egypt and Saudi Arabia are the
worst countries affected by a "dangerous new" Botnet that has
control of 75,000 systems around the world. Also Saudi Arabia is
ranked first spam source in the Middle East34.
The Zeus35 Crimeware toolkit is one of the famous tools and Botnets
available on black markets. This Crimeware is known to be guilty of
44% of the banking malware infections36. The advancement of
technology makes it easy for unskilled or Script kiddies to conduct a
sophisticated attack or even create very complicated malware using
virus production tools and underground Crimeware that even avoid
AV detection37.
Such tools make cybercrime easier and make it hard to trained law
enforcement, emergency teams and cyber security professional,
that it is big reason to think twice about the situation38 in the Middle
East39.
33
http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet
http://www.alarabiya.net/articles/2010/11/10/125626.html
35
http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
36
http://www.ecommerce-journal.com/news/18221_zeus_increasingly_avoids_pcs_detection
37
http://mobile.eweek.com/c/a/Security/Exploit-Toolkits-Software-That-Makes-CyberCrime-Easier411813
38
http://www.ameinfo.com/250282.html
39
http://www.outlookseries.com/A0996/Security/3957_Jeremy_Freeman_IronKey_CyberCriminals_Middle_East_Banks_ZeuS_SpyEye_OddJob_Sunspot_Jeremy_Freeman.htm
34
15. 21st Century Cyber Threats and the Middle East Dilemma
Fig.6 Spy Eye Crimeware (Source: Symantec40)
When we take a look at Microsoft Security Intelligence Report, we
can find that Middle East infections by Trojans, worms and other
Crimeware is among the highest in the world.
Fig.7 Malware infections in Egypt (Microsoft SIR41)
40
41
http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot
http://www.microsoft.com/security/sir/default.aspx
16. 21st Century Cyber Threats and the Middle East Dilemma
Hardware Trojans and Digital Espionage
Hardware Trojans42 are new and emerging threats that will change
the face our digital life. Hardware Trojans refer to alteration of
hardware, that could, under specific conditions, result in functional
changes of the system. It can also be used as Time Bomb Trojan to
disable system at future time. Hardware Trojans can also leak
confidential information over a secrets channel when certain
conditions are being met to trigger the Trojan. With all the
electronics that are used in our daily lives from consumer
electronics to mobile phones and devices in governments and
military, we are in serious risk of hardware Trojans.
Globalization and chip manufacturing in countries with special
motivations such as China will increase the problem of hardware
Trojans and digital espionage.
Hardware such as chips, ICs or FPGAs can be altered at
manufacturing or design time. A group of engineers had
successfully demonstrated this threat43.
These types of threats are not easy to be detected especially in
countries such as in the Middle East.
Syrian Radars and Kill Switch Technology
An obvious example to this hardware Trojan threat which also called
“Kill Switch Technology” Is the 2007 Israeli Air Force attack on a
suspected44, partly-constructed Syrian nuclear reactor led to
speculation about why the Syrian air defense system did not
respond to the Israeli aircraft. Syrian government officials said that
it was a jamming system and an error in the radar systems which
made them blind. But according to IEEE and NY Times, an American
semiconductor industry executive said in an interview that he had
direct knowledge of the operation and that the technology for
disabling the radars was supplied by Americans to the Israeli
electronic intelligence agency, Unit 820045.
42
43
44
45
http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5340158
http://vimeo.com/1437702
http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch
http://www.nytimes.com/2009/10/27/science/27trojan.html?pagewanted=1
17. 21st Century Cyber Threats and the Middle East Dilemma
Satellite lost in Space
On 23 October 2010, The NARSSS46 in Egypt announced that it lost
control and communications with its remote sensing satellite
(EgyptSat 1) since July 201047. However the satellite still can be
tracked online using this link: http://www.n2yo.com/?s=31117
Egyptian government always purchases ready-made satellites such
as Nile Sat. But EgyptSat 1 was the countries’ first scientific
research satellite to be jointly48 built by Egypt with the Yuzhnoye
Design Bureau in Ukraine49 and was launched onboard at Dnepr50
rocket on 17 April 2007.
Although there is no evidence that this was an example of
“Hardware Trojans”, many experts in Egypt failed to scientifically
explain why the satellite disappeared51. Other Egyptian sources and
experts suggested that the satellite was hijacked by Israel52.
This type of technology is available for those who can afford it and
the technical specifications of this type of satellite are not hard to
obtain53.
Scientists believed that Israel has long been the most advanced in
the Middle East when it comes to aerospace arena54. Despite this
fact, we can’t consider it as a hard evidence for satellite hijacking.
46
47
http://www.narss.sci.eg
http://www.masrawy.com/News/Egypt/Politics/2010/october/23/sat.aspx
48
http://www.nkau.gov.ua/nsau/catalogNEW.nsf/proectE/3B41E4935D67F084C2256F2A003356A1?Op
enDocument&Lang=E
49
http://www.yuzhnoye.com/index.php?lang=en
50
http://en.wikipedia.org/wiki/Dnepr-1
51
http://www.masrawy.com/News/Egypt/Politics/2010/october/25/satalight.aspx?ref=rss
52
http://www.alarab.com.qa/details.php?docId=155738&issueNo=1042&secId=15
53
https://directory.eoportal.org/get_announce.php?an_id=10001889
54
http://www.aiaa.org/aerospace/images/articleimages/pdf/Aerospace%20in%20Middle%20East_APR20
091.pdf
18. 21st Century Cyber Threats and the Middle East Dilemma
US Chips will be controlled by the Pentagon
US started to manufacture chips55 which will be used in critical
infrastructure and military in secure American companies controlled
by the Pentagon to avoid hardware Trojans.
There is currently cold Cyberwar between major players in the world
such as US, China and Russia. Few evidences have been discovered
tell the story about the true Cyberwar and digital espionage.
The Sunday Times published an article in 2009 claimed that Chinese
hackers are using ghost network to control embassy computers56.
The Information Warfare57 Monitor website published an
investigation for cyber espionage 2.0 which tells the complete story
for evidence of cyber espionage network that compromised
government, business, and academic computer systems in India,
the Office of the Dalai Lama, and the United Nations.
Reports claimed that Huawei, a telecoms company run by the
former director of the telecoms research arm of the Chinese Army
might be involved in the attack. But the Chinese government denied
involvement in such attacks58.
Most technologies in MENA countries even in government and
military are manufactured in China. They are importing all types of
electronics to the market without inspection, analysis, or even
quality assurance.
This for sure will open the door to digital intelligence, economic and
military espionage and we should be worry about protection of our
critical infrastructure and even human privacy in the 21st century.
55
http://www.eecs.umich.edu/~imarkov/pubs/jour/DAC.COM-TrustedICs.pdf
http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece
57
http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyberespionage-2-0
58
http://www.thefirstpost.co.uk/46883,news-comment,news-politics,china-denies-involvement-inghostnet-cyber-attacks
56
19. 21st Century Cyber Threats and the Middle East Dilemma
Surveillance Systems
Surveillance systems are part of the digital espionage game and it
plays an important role in politics, economy, and military.
When countries in MENA region are importing advanced software59,
devices or solutions to spy on their citizens, who could make sure
that these devices are not themselves spying machines on the
governments they use?
United States and other European countries are cooperating in so
called global wiretapping project (Echelon)60. This project contains
nodes or black boxes installed at telecom carriers and ISPs to
provide Deep Packet Inspection, traffic analysis and monitoring
systems. It includes surveillance networks61 around the globe and
satellite systems.
Fig.8 NSA Surveillance System (Part of Echelon)62
59
60
61
62
http://www.f-secure.com/weblog/archives/00002114.html
http://en.wikipedia.org/wiki/Echelon_(signals_intelligence
http://www.nsawatch.org/networks.html
www.nsawatch.org
20. 21st Century Cyber Threats and the Middle East Dilemma
Part of NSA system is based on NARUS63 solution which used by
Egyptian government during the uprising to monitor traffic and
block twitter and facebook64. It was easily implemented in MENA
countries due to the nature of centralized ICT infrastructure and
believed to be used back in 200565 to block VoIP services when it
was not allowed by most MENA countries. NARUS also provided the
surveillance solution to Libya66. Unfortunately, most countries in the
region are using western technologies to censor or monitor internet
traffic according to OpenNet initiative67.
It is believed that the surveillance solutions provided to Middle East
countries especially NARUS is just small part and not the entire
solution.
While these technologies didn’t prevent anything in real life
scenarios and didn’t prevent people from accessing website or even
organizing protests and other activities, we think that it open door
for digital espionage in the Middle East.
Fig.9 NARUS system installed at ISP68
63
http://richardbrenneman.wordpress.com/2011/01/29/mubaraks-israeli-created-internet-spyware
http://en.wikipedia.org/wiki/Narus
65
http://spectrum.ieee.org/telecom/internet/the-voip-backlash
66
http://www.levantinecenter.org/levantine-review/articles/how-western-corporations-have-beenhelping-arab-tyrants
67
http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011
68
http://blogs.law.harvard.edu/surveillance
64
21. 21st Century Cyber Threats and the Middle East Dilemma
Conclusion
Middle East governments need to address their ICT vulnerabilities
before it is too late. Technology is faster than ever and the
upcoming years will bring new cyber threats such as hardware
Trojans, cyber armies, Cyberwar, and critical ICT infrastructure
attacks that might affect human lives.
Although many governments in the region are still using policing
techniques such as old spying techniques from dark ages to control
everything, they don’t understand that the attacks may come from
inside their computers!
MENA countries need to pay attention to all imported technologies,
hardware, devices, and solutions. Security first!
Cyber security is not the work of individuals, corporations, or
governments. It is everyone’s responsibility.
Governments need new strategies for awareness, and regulations.
They need to enforce freedom of speech, transparency, and
improve the education system at all levels.
Education is the key in the 21st century
22. 21st Century Cyber Threats and the Middle East Dilemma
Credits
Published 19 June 2011
Author
Mohamed N. El Guindy
ASK PC Academy, President
ISSA Egypt Chapter, Founder & President
elguindy@ieee.org
elguindy@bcs.org