21st Century Threats and Middle East Dilemma


Published on

This whitepaper discusses the 21st century cyber threats and its effect on Middle East countries in the upcoming years.

The paper also takes look at latest malware, hardware Trojans and cyber surveillance affecting the region. By the end of the year 2010 and the beginning of 2011, we entered into a new era of cyber threats and cyber activities. Advanced malware which might bypass Antivirus software are now easily developed using automated Crimeware that don’t need any programming or professional skills. This will introduce new generation of sophisticated attacks conducted by script-kiddies. Beside other hardware problems and cyber surveillance everywhere, I see that we need to think twice on how we implement and use advanced technology in our daily lives!

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

21st Century Threats and Middle East Dilemma

  1. 1. 21st Century Cyber Threats and the Middle East Dilemma
  2. 2. 21st Century Cyber Threats and the Middle East Dilemma 21st Century Cyber Threats and The Middle East Dilemma
  3. 3. 21st Century Cyber Threats and the Middle East Dilemma Contents 4 5 7 8 8 9 21 24 26 26 27 28 29 12 11 Summary The state of ICT infrastructure in MENA Middle East ICT vulnerabilities Top 2011 Cyber threats and the Middle East Targeted Attacks Stuxnet Worm Politically motivated attacks Cybercrime and Underground Market Hardware Trojans and Digital Espionage Syrian Radars and Kill Switch Technology Satellite lost in Space US Chips will be controlled by the Pentagon Surveillance Systems Conclusion Credits
  4. 4. 21st Century Cyber Threats and the Middle East Dilemma Summary By the end of the 20th century and the beginning of the 21st century, the Internet and cyberspace become major players in our daily lives. The globe is now connected from home users who just use computers for simple tasks to governments that implement ICT in critical infrastructure to cyber criminals, cyber warriors, and satellites. MENA countries will invest more in ICT and these investments will increase the broadband user base as prices will drop down. Cyberspace started to shape societies and introduced new tools and ideas that will change even the maps of the Middle East. But Is the Middle East ready to face the new cyber threats of the 21st century? In this whitepaper, we will understand the latest threats of cyberspace and their effect on the Middle East and North African countries.
  5. 5. 21st Century Cyber Threats and the Middle East Dilemma The state of ICT infrastructure in MENA According to the latest research and reports1, there is huge investment in ICT infrastructure in the Middle East. But not all countries have the same maturity level of ICT readiness. Few countries are ranked at high maturity level such as UAE and others are ranked low such as Algeria. There is also big difference between ICT maturity level and ICT readiness. Some countries have good ICT infrastructure but low ICT readiness due to people readiness, awareness or government readiness in ICT. But there are two facts worth mentioning: 1- Most MENA countries trail behind rest of the world in ICT readiness 2- Most GCC2 members continue to progress in ICT readiness Fig.1 ICT Readiness in MENA 1 2 http://www.escwa.un.org/information/publications/edit/upload/ictd-09-12.pdf Gulf Cooperation Council
  6. 6. 21st Century Cyber Threats and the Middle East Dilemma MENA countries invested billions of dollars in ICT applications and implementation until they become more reliant on it. Critical ICT infrastructure becomes part of their national security that is why security and protection for this infrastructure is becoming more important. Egypt for example spends LE 40 billion annually on Telecom industry. Over all telecommunication spending in the Middle East will rise to $395 billion in 2013, gowning at a 12.1% compound annual rate, the fastest growth in terms of percentage of any region3. Although few countries in GCC are investing in new ICT infrastructure, many other countries in the region have old infrastructure. Egypt for example has the oldest ICT infrastructure controlled by Egypt Telecom Company for over 150 years. But the advancement in ICT readiness and country’s maturity level are low and progressing slowly. However it is ranked number one in Africa for internet penetration according to number of population4. Fig.2 ICT Maturity level in MENA5 3 4 5 www.tiaonline.org http://www.internetworldstats.com UN: ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA
  7. 7. 21st Century Cyber Threats and the Middle East Dilemma One of the obstacles in countries like Egypt is the monopoly and high level corruption6 that makes progression slow due to the nature of how policymakers are thinking of implementing advanced technology inside country’s infrastructure. But there is one common factor among MENA countries which is business first… This way of thinking leaves ICT infrastructure in the region vulnerable to all types of attacks and cyber threats. Middle East ICT vulnerabilities Implementation of ICT applications and growth of user base in the region are among the highest in the world. But there are always vulnerabilities when it comes to technology and people. People mistakes are the biggest vulnerabilities in the region in addition to poor or absent regulations and ICT expertise. Well-known vulnerabilities in MENA concluded as follows: - Poor awareness programs at individuals, corporations, and government levels Poor or absent cybercrime regulations Centralized ICT infrastructure and monopoly Off-the-Shelf technology and solutions Lack of skilled law enforcement and emergency teams Poor information security education for IT students Poor standards or lack of compliance with international standards for information security such as PCI, ISO27001 The attack vector will increase; and the Middle East will become big target and source for cybercrime in the upcoming years. Without doubt our region will face a lot of problems for implementing advanced ICT solutions without security in mind. Powering critical infrastructure with off-the-shelf solutions, importing low quality and untrusted hardware and solutions will increase number of incidents in MENA. But unfortunately there is no transparency in the availability of information related to the incidents occurred in the Middle East; and there are no specific laws for such problem. That is why experts in the region think that we are safer than rest of the world as number of incidents is not efficiently traced or recorded. But this is false security. 6 www.transparency.org
  8. 8. 21st Century Cyber Threats and the Middle East Dilemma Top 2011 Cyber threats and the Middle East Hiding the problem is the biggest problem. We need to understand and address our cyber security problems to find suitable solutions. We will spot major cyber threats and cyber attacks started at the end of 20th century and beginning of 21st century and their relation to the Middle East region. Our inspection in such attacks and threats will give an overview for the attack vector in the upcoming years and how it might affect critical infrastructure, individuals, and corporations in MENA. Targeted Attacks Targeted7 attacks are developed for or directed at specific individual, government, sectors, or corporation. In this type of attack, cyber criminals need to gather information about specific target to find vulnerabilities that could be exploited during the attack session. Targeted attack is big topic in information security including many types of cyber threats from targeted phishing attack to critical infrastructure attacks. One obvious and sophisticated example of these targeted attacks is (Stuxnet Worm) which discovered in July 2010 and targeted Iran Uranium enrichment facilities. 7 http://www.symantec.com/connect/blogs/new-targeted-attack-exploiting-libyan-crisis
  9. 9. 21st Century Cyber Threats and the Middle East Dilemma Stuxnet Worm Many experts believe that this worm is built specifically to target the SCADA8 systems of either Bushehr reactor9 or the Uranium enrichment plant in Natanz and both in Iran. Stuxnet was designed to target its attack on particular industry control systems—specifically, programmable logic Controllers (PLCs)—and to change the code to modify the frequency converter drives of the controller10. This was the first worm designed to target specific SCADA system. It is believed that it was a government-backed work between USA, Europe and Israel. Fig.3 Stuxnet infection mechanism using USB drive 8 SCADA 9 http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant http://www.symantec.com/connect/blogs/stuxnet-breakthrough 10
  10. 10. 21st Century Cyber Threats and the Middle East Dilemma Stuxnet is very dangerous type of attack as it targets systems that might affect human lives if it fails. If this worm code is now on the wild, it might be used by terrorists and organized cybercrime gangs and it might open new door to cyber terrorism and Cyberwar11. Fig.4 Stuxnet Infections by country. Source Symantec In the upcoming months or years we might see new variants to Stuxnet and we don’t know who will be the next target in the region. SCADA systems are used in many countries to control water purification systems, Electrical grid, nuclear power generation etc. After Fukushima crisis in Japan, many western countries such as Germany started a plan to stop using nuclear reactors. But in our region other countries such as Saudi Arabia started to import nuclear facilities12. While USA supports13 Saudi Arabia’s project to use nuclear reactors, we can’t see this as safe step in the 21st century. 11 http://netsafe.me/2010/09/27/stuxnet-worm-is-it-a-real-cyber-war http://www.thenational.ae/business/energy/saudi-arabia-in-agreement-to-explore-nuclear-power 13 http://www.america.gov/st/peacesec-english/2008/May/20080516160353idybeekcm0.3394586.html 12
  11. 11. 21st Century Cyber Threats and the Middle East Dilemma What will happen if something like Stuxnet is capable of creating new Fukushima in MENA14? There is lack of expertise in the region especially when it comes to SCADA systems that should make us think twice before implementing advanced technology solutions in our critical infrastructure. These technologies need to be protected and examined for any vulnerability. And we need to educate our workforce on how to deal with this advanced technology as any failure in these systems might endanger human lives. We believe that Cyberwar and cyber terrorism in the 21st century will have global effect and even will be used as effective methods instead of real physical attacks. If SCADA systems will be used we suggest the following mitigation15: - SCADA systems should be isolated from other networks, placed in DMZ Limiting access to this system over the internet is recommended If limiting access is not possible, specific traffic or protocol connections should only be allowing to communicate with SCADA systems IPSec and VPNs should be used Endpoint security products, vulnerability assessments and management solutions should be in place Compliance with Information systems security management standards such as ISO27002, NIST, and ISA-TR99.00.01200416 Log auditing is important IDS and monitoring system should be used to prevent attacks Implementing SCADA protocols17 14 http://rothkopf.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet_the_growing_thr eat_of_cyber_war 15 Securing SCADA Systems, Ronald L. Krutz, PhD. WILEY publishing 16 www.isa.org 17 http://www.isa.org/journals/intech/TP04ISA048.pdf
  12. 12. 21st Century Cyber Threats and the Middle East Dilemma Politically motivated attacks18 Politically motivated attacks are one of the rising threats in 2011. The conflicts in Middle East region increased the number of politically motivated attacks or Hacktivism. Anonymous19 is one of the well-known examples for Hacktivism. They started to hit infrastructure of major payment companies such as PayPal, MasterCard and VISA, following their war on Wikileaks20. In the Middle East, Anonymous attacked government websites during Arab spring21 to support protests. Their attacks organized using DDoS attack against many government websites and infrastructure started by Operation Tunisia22 to Egypt23, Libya, and Syria. There are many examples of politically motivated attacks in the Middle East such as: - Attacks related to Bin Laden death24 This could be utilized with any other figure or political party Aljazeera TV channel Website attack25 Mass emailing during Arab spring26 Website defacement across the region27 Even scammers are taking advantage of Arab uprising in Egypt28 and Libya29. 18 http://netsafe.me/2011/03/02/cyber-attacks-and-politics-in-the-middle-east 19 http://en.wikipedia.org/wiki/Anonymous_(group 20 http://netsafe.me/2010/12/04/the-war-on-wikileaks%e2%80%a6 http://en.wikipedia.org/wiki/Arab_Spring http://netsafe.me/2011/01/04/operation-tunisia 21 22 23 24 http://netsafe.me/2011/01/27/operation-egypt-internet-as-a-battlefield http://netsafe.me/2011/05/07/bin-laden-killed-evil-appears-online http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracymovement-in-egypt/s2/a542649 26 http://blog.commtouch.com/cafe/email-marketing/mass-emailings-support-change-in-egypt-andnow-syria 27 http://www.thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html 28 http://www.symantec.com/connect/blogs/419-scammers-taking-advantage-egypts-revolution 29 http://www.symantec.com/connect/blogs/419-spammers-taking-advantage-libyan-unrest 25
  13. 13. 21st Century Cyber Threats and the Middle East Dilemma Unfortunately there is a very thin line between pure Hacktivism and cyber attacks driven by governments such attack was conducted by Tunisian government against protesters during Tunisian uprising30. Fig.5 Man in the Middle Attack by Tunisian Government Syrian government also used the same technique but with fake SSL certificate31. The relation between Syrian regime and Iran might create a link between the Comodo hacker32 and the technique used by Syrian government to attack their users. We think these types of attacks will increase in the upcoming years. 30 http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernamesand-passwords 31 http://netsafe.me/2011/05/08/syrian-government-internet-enemy-and-cybercriminal 32 http://www.computerworld.com/s/article/9215245/Solo_Iranian_hacker_takes_credit_for_Comodo_cer tificate_attack
  14. 14. 21st Century Cyber Threats and the Middle East Dilemma Cybercrime and Underground Market Underground cybercrime markets such as underground forums, social networks, IRC are growing threats in 2011. It is creating private relation between the buyer and the seller and online payment or WebMoney might be used to complete the deal. One of the well-known services offered at underground markets are Botnets which can be hired per service per time. It can be used to launch DDoS attack, Install malware, or spam service. Due to lack of security measures, poor security awareness and other ICT vulnerabilities in the Middle East, we can see large attacks targeted the region from underground market. Attackers in Russia or china might use Botnets and infected machines in Middle East to launch attacks in either Middle East or in other region across the globe! According to NetWitness33 company, Egypt and Saudi Arabia are the worst countries affected by a "dangerous new" Botnet that has control of 75,000 systems around the world. Also Saudi Arabia is ranked first spam source in the Middle East34. The Zeus35 Crimeware toolkit is one of the famous tools and Botnets available on black markets. This Crimeware is known to be guilty of 44% of the banking malware infections36. The advancement of technology makes it easy for unskilled or Script kiddies to conduct a sophisticated attack or even create very complicated malware using virus production tools and underground Crimeware that even avoid AV detection37. Such tools make cybercrime easier and make it hard to trained law enforcement, emergency teams and cyber security professional, that it is big reason to think twice about the situation38 in the Middle East39. 33 http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet http://www.alarabiya.net/articles/2010/11/10/125626.html 35 http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits 36 http://www.ecommerce-journal.com/news/18221_zeus_increasingly_avoids_pcs_detection 37 http://mobile.eweek.com/c/a/Security/Exploit-Toolkits-Software-That-Makes-CyberCrime-Easier411813 38 http://www.ameinfo.com/250282.html 39 http://www.outlookseries.com/A0996/Security/3957_Jeremy_Freeman_IronKey_CyberCriminals_Middle_East_Banks_ZeuS_SpyEye_OddJob_Sunspot_Jeremy_Freeman.htm 34
  15. 15. 21st Century Cyber Threats and the Middle East Dilemma Fig.6 Spy Eye Crimeware (Source: Symantec40) When we take a look at Microsoft Security Intelligence Report, we can find that Middle East infections by Trojans, worms and other Crimeware is among the highest in the world. Fig.7 Malware infections in Egypt (Microsoft SIR41) 40 41 http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot http://www.microsoft.com/security/sir/default.aspx
  16. 16. 21st Century Cyber Threats and the Middle East Dilemma Hardware Trojans and Digital Espionage Hardware Trojans42 are new and emerging threats that will change the face our digital life. Hardware Trojans refer to alteration of hardware, that could, under specific conditions, result in functional changes of the system. It can also be used as Time Bomb Trojan to disable system at future time. Hardware Trojans can also leak confidential information over a secrets channel when certain conditions are being met to trigger the Trojan. With all the electronics that are used in our daily lives from consumer electronics to mobile phones and devices in governments and military, we are in serious risk of hardware Trojans. Globalization and chip manufacturing in countries with special motivations such as China will increase the problem of hardware Trojans and digital espionage. Hardware such as chips, ICs or FPGAs can be altered at manufacturing or design time. A group of engineers had successfully demonstrated this threat43. These types of threats are not easy to be detected especially in countries such as in the Middle East. Syrian Radars and Kill Switch Technology An obvious example to this hardware Trojan threat which also called “Kill Switch Technology” Is the 2007 Israeli Air Force attack on a suspected44, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Syrian government officials said that it was a jamming system and an error in the radar systems which made them blind. But according to IEEE and NY Times, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 820045. 42 43 44 45 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5340158 http://vimeo.com/1437702 http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch http://www.nytimes.com/2009/10/27/science/27trojan.html?pagewanted=1
  17. 17. 21st Century Cyber Threats and the Middle East Dilemma Satellite lost in Space On 23 October 2010, The NARSSS46 in Egypt announced that it lost control and communications with its remote sensing satellite (EgyptSat 1) since July 201047. However the satellite still can be tracked online using this link: http://www.n2yo.com/?s=31117 Egyptian government always purchases ready-made satellites such as Nile Sat. But EgyptSat 1 was the countries’ first scientific research satellite to be jointly48 built by Egypt with the Yuzhnoye Design Bureau in Ukraine49 and was launched onboard at Dnepr50 rocket on 17 April 2007. Although there is no evidence that this was an example of “Hardware Trojans”, many experts in Egypt failed to scientifically explain why the satellite disappeared51. Other Egyptian sources and experts suggested that the satellite was hijacked by Israel52. This type of technology is available for those who can afford it and the technical specifications of this type of satellite are not hard to obtain53. Scientists believed that Israel has long been the most advanced in the Middle East when it comes to aerospace arena54. Despite this fact, we can’t consider it as a hard evidence for satellite hijacking. 46 47 http://www.narss.sci.eg http://www.masrawy.com/News/Egypt/Politics/2010/october/23/sat.aspx 48 http://www.nkau.gov.ua/nsau/catalogNEW.nsf/proectE/3B41E4935D67F084C2256F2A003356A1?Op enDocument&Lang=E 49 http://www.yuzhnoye.com/index.php?lang=en 50 http://en.wikipedia.org/wiki/Dnepr-1 51 http://www.masrawy.com/News/Egypt/Politics/2010/october/25/satalight.aspx?ref=rss 52 http://www.alarab.com.qa/details.php?docId=155738&issueNo=1042&secId=15 53 https://directory.eoportal.org/get_announce.php?an_id=10001889 54 http://www.aiaa.org/aerospace/images/articleimages/pdf/Aerospace%20in%20Middle%20East_APR20 091.pdf
  18. 18. 21st Century Cyber Threats and the Middle East Dilemma US Chips will be controlled by the Pentagon US started to manufacture chips55 which will be used in critical infrastructure and military in secure American companies controlled by the Pentagon to avoid hardware Trojans. There is currently cold Cyberwar between major players in the world such as US, China and Russia. Few evidences have been discovered tell the story about the true Cyberwar and digital espionage. The Sunday Times published an article in 2009 claimed that Chinese hackers are using ghost network to control embassy computers56. The Information Warfare57 Monitor website published an investigation for cyber espionage 2.0 which tells the complete story for evidence of cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Reports claimed that Huawei, a telecoms company run by the former director of the telecoms research arm of the Chinese Army might be involved in the attack. But the Chinese government denied involvement in such attacks58. Most technologies in MENA countries even in government and military are manufactured in China. They are importing all types of electronics to the market without inspection, analysis, or even quality assurance. This for sure will open the door to digital intelligence, economic and military espionage and we should be worry about protection of our critical infrastructure and even human privacy in the 21st century. 55 http://www.eecs.umich.edu/~imarkov/pubs/jour/DAC.COM-TrustedICs.pdf http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece 57 http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyberespionage-2-0 58 http://www.thefirstpost.co.uk/46883,news-comment,news-politics,china-denies-involvement-inghostnet-cyber-attacks 56
  19. 19. 21st Century Cyber Threats and the Middle East Dilemma Surveillance Systems Surveillance systems are part of the digital espionage game and it plays an important role in politics, economy, and military. When countries in MENA region are importing advanced software59, devices or solutions to spy on their citizens, who could make sure that these devices are not themselves spying machines on the governments they use? United States and other European countries are cooperating in so called global wiretapping project (Echelon)60. This project contains nodes or black boxes installed at telecom carriers and ISPs to provide Deep Packet Inspection, traffic analysis and monitoring systems. It includes surveillance networks61 around the globe and satellite systems. Fig.8 NSA Surveillance System (Part of Echelon)62 59 60 61 62 http://www.f-secure.com/weblog/archives/00002114.html http://en.wikipedia.org/wiki/Echelon_(signals_intelligence http://www.nsawatch.org/networks.html www.nsawatch.org
  20. 20. 21st Century Cyber Threats and the Middle East Dilemma Part of NSA system is based on NARUS63 solution which used by Egyptian government during the uprising to monitor traffic and block twitter and facebook64. It was easily implemented in MENA countries due to the nature of centralized ICT infrastructure and believed to be used back in 200565 to block VoIP services when it was not allowed by most MENA countries. NARUS also provided the surveillance solution to Libya66. Unfortunately, most countries in the region are using western technologies to censor or monitor internet traffic according to OpenNet initiative67. It is believed that the surveillance solutions provided to Middle East countries especially NARUS is just small part and not the entire solution. While these technologies didn’t prevent anything in real life scenarios and didn’t prevent people from accessing website or even organizing protests and other activities, we think that it open door for digital espionage in the Middle East. Fig.9 NARUS system installed at ISP68 63 http://richardbrenneman.wordpress.com/2011/01/29/mubaraks-israeli-created-internet-spyware http://en.wikipedia.org/wiki/Narus 65 http://spectrum.ieee.org/telecom/internet/the-voip-backlash 66 http://www.levantinecenter.org/levantine-review/articles/how-western-corporations-have-beenhelping-arab-tyrants 67 http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011 68 http://blogs.law.harvard.edu/surveillance 64
  21. 21. 21st Century Cyber Threats and the Middle East Dilemma Conclusion Middle East governments need to address their ICT vulnerabilities before it is too late. Technology is faster than ever and the upcoming years will bring new cyber threats such as hardware Trojans, cyber armies, Cyberwar, and critical ICT infrastructure attacks that might affect human lives. Although many governments in the region are still using policing techniques such as old spying techniques from dark ages to control everything, they don’t understand that the attacks may come from inside their computers! MENA countries need to pay attention to all imported technologies, hardware, devices, and solutions. Security first! Cyber security is not the work of individuals, corporations, or governments. It is everyone’s responsibility. Governments need new strategies for awareness, and regulations. They need to enforce freedom of speech, transparency, and improve the education system at all levels. Education is the key in the 21st century
  22. 22. 21st Century Cyber Threats and the Middle East Dilemma Credits Published 19 June 2011 Author Mohamed N. El Guindy ASK PC Academy, President ISSA Egypt Chapter, Founder & President elguindy@ieee.org elguindy@bcs.org
  23. 23. 21st Century Cyber Threats and the Middle East Dilemma About ASK PC Academy ASK PC is an information technology training provider working in MENA region with registered offices in the UK and Middle East. ASK PC is providing IT training solutions corporate, governments, and individuals around the Middle East. It offers the highest quality services and internationally recognized IT qualifications in partnership with reputable international organizations to name few, the Institute of Electrical and Electronics Engineers (IEEE), the Chartered Institute for IT (BCS), Information Systems Security Association. Learn more about ASK PC services In English: www.askpc.net In Arabic: www.ask-pc.com For specific country offices and partners, please visit our websites. Copyright © 2011 ASK PC. All rights reserved. ASK PC and ASK PC Logo are trademarks or registered trademarks of ASK PC. Other mentioned names may be trademarks of their respective owners