21st century threats and middle east dilemma

21st Century Cyber Threats and the Middle East Dilemma


21st Century Cyber Threats and

The Middle East Dilemma


Contents

Summary4

The state of ICT infrastructure in MENA5

Middle East ICT vulnerabilities7

Top 2011 Cyber threats and the Middle East8

Targeted Attacks8

Stuxnet Worm9

Politically motivated attacks21

Cybercrime and Underground Market24

Hardware Trojans and Digital Espionage26

Syrian Radars and Kill Switch Technology26

Satellite lost in Space27

US Chips will be controlled by the Pentagon28

Surveillance Systems29

Conclusion12

Credits11


SSuummmmaarryy

By the end of the 20th century and the beginning of the 21st

century, the Internet and cyberspace become major players in our daily lives. The globe is now connected from home users who just

use computers for simple tasks to governments that implement ICT in critical infrastructure to cyber criminals, cyber warriors, and

satellites.

MENA countries will invest more in ICT and these investments will

increase the broadband user base as prices will drop down.

Cyberspace started to shape societies and introduced new tools and ideas that will change even the maps of the Middle East.

But Is the Middle East ready to face the new cyber threats of the

21st century?

In this whitepaper, we will understand the latest threats of

cyberspace and their effect on the Middle East and North African countries.


TThhee ssttaattee ooff IICCTT iinnffrraassttrruuccttuurree iinn MMEENNAA

According to the latest research and reports1, there is huge investment in ICT infrastructure in the Middle East. But not all

countries have the same maturity level of ICT readiness. Few countries are ranked at high maturity level such as UAE and others

are ranked low such as Algeria.

There is also big difference between ICT maturity level and ICT

readiness. Some countries have good ICT infrastructure but low ICT readiness due to people readiness, awareness or government

readiness in ICT.

But there are two facts worth mentioning:

1- Most MENA countries trail behind rest of the world in ICT readiness

2- Most GCC2 members continue to progress in ICT readiness

Fig.1 ICT Readiness in MENA

1

http://www.escwa.un.org/information/publications/edit/upload/ictd-09-12.pdf 2

Gulf Cooperation Council


MENA countries invested billions of dollars in ICT applications and

implementation until they become more reliant on it. Critical ICT infrastructure becomes part of their national security that is why

security and protection for this infrastructure is becoming more

important.

Egypt for example spends LE 40 billion annually on Telecom industry. Over all telecommunication spending in the Middle East

will rise to $395 billion in 2013, gowning at a 12.1% compound annual rate, the fastest growth in terms of percentage of any

region3.

Although few countries in GCC are investing in new ICT infrastructure, many other countries in the region have old

infrastructure.

Egypt for example has the oldest ICT infrastructure controlled by Egypt Telecom Company for over 150 years. But the advancement

in ICT readiness and country’s maturity level are low and

progressing slowly. However it is ranked number one in Africa for internet penetration according to number of population4.

Fig.2 ICT Maturity level in MENA5

3

www.tiaonline.org 4

http://www.internetworldstats.com 5

UN: ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA


One of the obstacles in countries like Egypt is the monopoly and high level corruption6 that makes progression slow due to the

nature of how policymakers are thinking of implementing advanced technology inside country’s infrastructure. But there is one common

factor among MENA countries which is business first…

This way of thinking leaves ICT infrastructure in the region vulnerable to all types of attacks and cyber threats.

MMiiddddllee EEaasstt IICCTT vvuullnneerraabbiilliittiieess

Implementation of ICT applications and growth of user base in the region are among the highest in the world. But there are always

vulnerabilities when it comes to technology and people. People mistakes are the biggest vulnerabilities in the region in addition to

poor or absent regulations and ICT expertise.

Well-known vulnerabilities in MENA concluded as follows:

- Poor awareness programs at individuals, corporations, and government levels

- Poor or absent cybercrime regulations - Centralized ICT infrastructure and monopoly

- Off-the-Shelf technology and solutions

- Lack of skilled law enforcement and emergency teams - Poor information security education for IT students

- Poor standards or lack of compliance with international standards for information security such as PCI, ISO27001

The attack vector will increase; and the Middle East will become big

target and source for cybercrime in the upcoming years.

Without doubt our region will face a lot of problems for implementing advanced ICT solutions without security in mind.

Powering critical infrastructure with off-the-shelf solutions, importing low quality and untrusted hardware and solutions will

increase number of incidents in MENA. But unfortunately there is no transparency in the availability of information related to the

incidents occurred in the Middle East; and there are no specific laws

for such problem. That is why experts in the region think that we are safer than rest of the world as number of incidents is not

efficiently traced or recorded. But this is false security.

6

www.transparency.org


TToopp 22001111 CCyybbeerr tthhrreeaattss aanndd tthhee MMiiddddllee EEaasstt

Hiding the problem is the biggest problem. We need to understand and address our cyber security problems to find suitable solutions.

We will spot major cyber threats and cyber attacks started at the

end of 20th century and beginning of 21st century and their relation to the Middle East region. Our inspection in such attacks and threats

will give an overview for the attack vector in the upcoming years

and how it might affect critical infrastructure, individuals, and corporations in MENA.

TTaarrggeetteedd AAttttaacckkss

Targeted7 attacks are developed for or directed at specific

individual, government, sectors, or corporation. In this type of attack, cyber criminals need to gather information about specific

target to find vulnerabilities that could be exploited during the attack session.

Targeted attack is big topic in information security including many

types of cyber threats from targeted phishing attack to critical infrastructure attacks. One obvious and sophisticated example of

these targeted attacks is (Stuxnet Worm) which discovered in July 2010 and targeted Iran Uranium enrichment facilities.

7

http://www.symantec.com/connect/blogs/new-targeted-attack-exploiting-libyan-crisis


SSttuuxxnneett WWoorrmm

Many experts believe that this worm is built specifically to target the

SCADA8 systems of either Bushehr reactor9 or the Uranium enrichment plant in Natanz and both in Iran.

Stuxnet was designed to target its attack on particular industry control systems—specifically, programmable logic Controllers

(PLCs)—and to change the code to modify the frequency converter drives of the controller10.

This was the first worm designed to target specific SCADA system.

It is believed that it was a government-backed work between USA, Europe and Israel.

Fig.3 Stuxnet infection mechanism using USB drive

8

SCADA 9

http://en.wikipedia.org/wiki/Bushehr_Nuclear_Power_Plant 10

http://www.symantec.com/connect/blogs/stuxnet-breakthrough

http://en.wikipedia.org/wiki/SCADA

http://en.wikipedia.org/wiki/SCADA


Stuxnet is very dangerous type of attack as it targets systems that might affect human lives if it fails. If this worm code is now on the

wild, it might be used by terrorists and organized cybercrime gangs and it might open new door to cyber terrorism and Cyberwar11.

Fig.4 Stuxnet Infections by country. Source Symantec

In the upcoming months or years we might see new variants to

Stuxnet and we don’t know who will be the next target in the region.

SCADA systems are used in many countries to control water

purification systems, Electrical grid, nuclear power generation etc.

After Fukushima crisis in Japan, many western countries such as

Germany started a plan to stop using nuclear reactors. But in our region other countries such as Saudi Arabia started to

import nuclear facilities12.

While USA supports13 Saudi Arabia’s project to use nuclear reactors, we can’t see this as safe step in the 21st century.

11

http://netsafe.me/2010/09/27/stuxnet-worm-is-it-a-real-cyber-war 12

http://www.thenational.ae/business/energy/saudi-arabia-in-agreement-to-explore-nuclear-power 13

http://www.america.gov/st/peacesec-english/2008/May/20080516160353idybeekcm0.3394586.html


What will happen if something like Stuxnet is capable of creating

new Fukushima in MENA14?

There is lack of expertise in the region especially when it comes to SCADA systems that should make us think twice before

implementing advanced technology solutions in our critical infrastructure.

These technologies need to be protected and examined for any

vulnerability. And we need to educate our workforce on how to deal with this advanced technology as any failure in these systems might

endanger human lives.

We believe that Cyberwar and cyber terrorism in the 21st century will have global effect and even will be used as effective methods

instead of real physical attacks.

If SCADA systems will be used we suggest the following mitigation15:

- SCADA systems should be isolated from other networks,

placed in DMZ - Limiting access to this system over the internet is

recommended - If limiting access is not possible, specific traffic or protocol

connections should only be allowing to communicate with SCADA systems

- IPSec and VPNs should be used - Endpoint security products, vulnerability assessments and

management solutions should be in place

- Compliance with Information systems security management standards such as ISO27002, NIST, and ISA-TR99.00.01-

200416 - Log auditing is important

- IDS and monitoring system should be used to prevent attacks - Implementing SCADA protocols17

14

http://rothkopf.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet_the_growing_thr

eat_of_cyber_war 15

Securing SCADA Systems, Ronald L. Krutz, PhD. WILEY publishing 16

www.isa.org 17

http://www.isa.org/journals/intech/TP04ISA048.pdf


PPoolliittiiccaallllyy mmoottiivvaatteedd aattttaacckkss1188

Politically motivated attacks are one of the rising threats in 2011.

The conflicts in Middle East region increased the number of politically motivated attacks or Hacktivism.

Anonymous19 is one of the well-known examples for Hacktivism.

They started to hit infrastructure of major payment companies such as PayPal, MasterCard and VISA, following their war on Wikileaks20.

In the Middle East, Anonymous attacked government websites

during Arab spring21 to support protests. Their attacks organized using DDoS attack against many government websites and

infrastructure started by Operation Tunisia22 to Egypt23, Libya, and Syria.

There are many examples of politically motivated attacks in the

Middle East such as:

- Attacks related to Bin Laden death24 This could be utilized with any other figure or political party

- Aljazeera TV channel Website attack25 - Mass emailing during Arab spring26

- Website defacement across the region27

Even scammers are taking advantage of Arab uprising in Egypt28 and Libya29.

18

http://netsafe.me/2011/03/02/cyber-attacks-and-politics-in-the-middle-east

19http://en.wikipedia.org/wiki/Anonymous_(group

20http://netsafe.me/2010/12/04/the-war-on-wikileaks%e2%80%a6

21http://en.wikipedia.org/wiki/Arab_Spring

22http://netsafe.me/2011/01/04/operation-tunisia

23http://netsafe.me/2011/01/27/operation-egypt-internet-as-a-battlefield

24http://netsafe.me/2011/05/07/bin-laden-killed-evil-appears-online

25http://www.journalism.co.uk/news/al-jazeera-site-hacked-by-opponents-of-pro-democracy-

movement-in-egypt/s2/a542649 26

http://blog.commtouch.com/cafe/email-marketing/mass-emailings-support-change-in-egypt-and-

now-syria 27

http://www.thehackernews.com/2011/06/libyan-satellite-tv-website-hacked-by.html 28

http://www.symantec.com/connect/blogs/419-scammers-taking-advantage-egypts-revolution 29

http://www.symantec.com/connect/blogs/419-spammers-taking-advantage-libyan-unrest


Unfortunately there is a very thin line between pure Hacktivism and

cyber attacks driven by governments such attack was conducted by Tunisian government against protesters during Tunisian uprising30.

Fig.5 Man in the Middle Attack by Tunisian Government

Syrian government also used the same technique but with fake SSL certificate31. The relation between Syrian regime and Iran might

create a link between the Comodo hacker32 and the technique used by Syrian government to attack their users.

We think these types of attacks will increase in the upcoming years.

30

http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-

and-passwords 31

http://netsafe.me/2011/05/08/syrian-government-internet-enemy-and-cybercriminal

32

http://www.computerworld.com/s/article/9215245/Solo_Iranian_hacker_takes_credit_for_Comodo_cer

tificate_attack


CCyybbeerrccrriimmee aanndd UUnnddeerrggrroouunndd MMaarrkkeett

Underground cybercrime markets such as underground forums, social networks, IRC are growing threats in 2011. It is creating

private relation between the buyer and the seller and online payment or WebMoney might be used to complete the deal.

One of the well-known services offered at underground markets are

Botnets which can be hired per service per time. It can be used to launch DDoS attack, Install malware, or spam service.

Due to lack of security measures, poor security awareness and

other ICT vulnerabilities in the Middle East, we can see large attacks targeted the region from underground market.

Attackers in Russia or china might use Botnets and infected machines in Middle East to launch attacks in either Middle East or in

other region across the globe!

According to NetWitness33 company, Egypt and Saudi Arabia are the worst countries affected by a "dangerous new" Botnet that has

control of 75,000 systems around the world. Also Saudi Arabia is ranked first spam source in the Middle East34.

The Zeus35 Crimeware toolkit is one of the famous tools and Botnets

available on black markets. This Crimeware is known to be guilty of 44% of the banking malware infections36. The advancement of

technology makes it easy for unskilled or Script kiddies to conduct a sophisticated attack or even create very complicated malware using

virus production tools and underground Crimeware that even avoid

AV detection37.

Such tools make cybercrime easier and make it hard to trained law enforcement, emergency teams and cyber security professional,

that it is big reason to think twice about the situation38 in the Middle East39.

33

http://www.itp.net/579360-egypt-and-saudi-snared-in-dangerous-botnet 34

http://www.alarabiya.net/articles/2010/11/10/125626.html 35

http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits 36

http://www.ecommerce-journal.com/news/18221_zeus_increasingly_avoids_pcs_detection 37

http://mobile.eweek.com/c/a/Security/Exploit-Toolkits-Software-That-Makes-CyberCrime-Easier-

411813 38

http://www.ameinfo.com/250282.html 39

http://www.outlookseries.com/A0996/Security/3957_Jeremy_Freeman_IronKey_Cyber-

Criminals_Middle_East_Banks_ZeuS_SpyEye_OddJob_Sunspot_Jeremy_Freeman.htm


Fig.6 Spy Eye Crimeware (Source: Symantec40)

When we take a look at Microsoft Security Intelligence Report, we

can find that Middle East infections by Trojans, worms and other Crimeware is among the highest in the world.

Fig.7 Malware infections in Egypt (Microsoft SIR41)

40

http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot 41

http://www.microsoft.com/security/sir/default.aspx


HHaarrddwwaarree TTrroojjaannss aanndd DDiiggiittaall EEssppiioonnaaggee

Hardware Trojans42 are new and emerging threats that will change the face our digital life. Hardware Trojans refer to alteration of

hardware, that could, under specific conditions, result in functional changes of the system. It can also be used as Time Bomb Trojan to

disable system at future time. Hardware Trojans can also leak confidential information over a secrets channel when certain

conditions are being met to trigger the Trojan. With all the electronics that are used in our daily lives from consumer

electronics to mobile phones and devices in governments and military, we are in serious risk of hardware Trojans.

Globalization and chip manufacturing in countries with special

motivations such as China will increase the problem of hardware Trojans and digital espionage.

Hardware such as chips, ICs or FPGAs can be altered at manufacturing or design time. A group of engineers had

successfully demonstrated this threat43.

These types of threats are not easy to be detected especially in countries such as in the Middle East.

SSyyrriiaann RRaaddaarrss aanndd KKiillll SSwwiittcchh TTeecchhnnoollooggyy

An obvious example to this hardware Trojan threat which also called “Kill Switch Technology” Is the 2007 Israeli Air Force attack on a

suspected44, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not

respond to the Israeli aircraft. Syrian government officials said that it was a jamming system and an error in the radar systems which

made them blind. But according to IEEE and NY Times, an American semiconductor industry executive said in an interview that he had

direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli

electronic intelligence agency, Unit 820045.

42

http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5340158 43

http://vimeo.com/1437702 44

http://spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch 45

http://www.nytimes.com/2009/10/27/science/27trojan.html?pagewanted=1


SSaatteelllliittee lloosstt iinn SSppaaccee

On 23 October 2010, The NARSSS46 in Egypt announced that it lost control and communications with its remote sensing satellite

(EgyptSat 1) since July 201047. However the satellite still can be tracked online using this link: http://www.n2yo.com/?s=31117

Egyptian government always purchases ready-made satellites such

as Nile Sat. But EgyptSat 1 was the countries’ first scientific

research satellite to be jointly48 built by Egypt with the Yuzhnoye Design Bureau in Ukraine49 and was launched onboard at Dnepr50

rocket on 17 April 2007.

Although there is no evidence that this was an example of “Hardware Trojans”, many experts in Egypt failed to scientifically

explain why the satellite disappeared51. Other Egyptian sources and experts suggested that the satellite was hijacked by Israel52.

This type of technology is available for those who can afford it and

the technical specifications of this type of satellite are not hard to obtain53.

Scientists believed that Israel has long been the most advanced in

the Middle East when it comes to aerospace arena54. Despite this

fact, we can’t consider it as a hard evidence for satellite hijacking.

46

http://www.narss.sci.eg 47

http://www.masrawy.com/News/Egypt/Politics/2010/october/23/sat.aspx 48

http://www.nkau.gov.ua/nsau/catalogNEW.nsf/proectE/3B41E4935D67F084C2256F2A003356A1?Op

enDocument&Lang=E 49

http://www.yuzhnoye.com/index.php?lang=en 50

http://en.wikipedia.org/wiki/Dnepr-1 51

http://www.masrawy.com/News/Egypt/Politics/2010/october/25/satalight.aspx?ref=rss 52

http://www.alarab.com.qa/details.php?docId=155738&issueNo=1042&secId=15 53

https://directory.eoportal.org/get_announce.php?an_id=10001889

54

http://www.aiaa.org/aerospace/images/articleimages/pdf/Aerospace%20in%20Middle%20East_APR20

091.pdf

http://www.n2yo.com/?s=31117


UUSS CChhiippss wwiillll bbee ccoonnttrroolllleedd bbyy tthhee PPeennttaaggoonn

US started to manufacture chips55 which will be used in critical infrastructure and military in secure American companies controlled

by the Pentagon to avoid hardware Trojans.

There is currently cold Cyberwar between major players in the world such as US, China and Russia. Few evidences have been discovered

tell the story about the true Cyberwar and digital espionage.

The Sunday Times published an article in 2009 claimed that Chinese

hackers are using ghost network to control embassy computers56.

The Information Warfare57 Monitor website published an investigation for cyber espionage 2.0 which tells the complete story

for evidence of cyber espionage network that compromised government, business, and academic computer systems in India,

the Office of the Dalai Lama, and the United Nations.

Reports claimed that Huawei, a telecoms company run by the former director of the telecoms research arm of the Chinese Army

might be involved in the attack. But the Chinese government denied involvement in such attacks58.

Most technologies in MENA countries even in government and military are manufactured in China. They are importing all types of

electronics to the market without inspection, analysis, or even quality assurance.

This for sure will open the door to digital intelligence, economic and

military espionage and we should be worry about protection of our critical infrastructure and even human privacy in the 21st century.

55

http://www.eecs.umich.edu/~imarkov/pubs/jour/DAC.COM-TrustedICs.pdf 56

http://www.timesonline.co.uk/tol/news/uk/crime/article5996253.ece 57

http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-into-cyber-

espionage-2-0 58

http://www.thefirstpost.co.uk/46883,news-comment,news-politics,china-denies-involvement-in-

ghostnet-cyber-attacks


SSuurrvveeiillllaannccee SSyysstteemmss

Surveillance systems are part of the digital espionage game and it plays an important role in politics, economy, and military.

When countries in MENA region are importing advanced software59,

devices or solutions to spy on their citizens, who could make sure that these devices are not themselves spying machines on the

governments they use?

United States and other European countries are cooperating in so

called global wiretapping project (Echelon)60. This project contains nodes or black boxes installed at telecom carriers and ISPs to

provide Deep Packet Inspection, traffic analysis and monitoring systems. It includes surveillance networks61 around the globe and

satellite systems.

Fig.8 NSA Surveillance System (Part of Echelon)62

59

http://www.f-secure.com/weblog/archives/00002114.html 60

http://en.wikipedia.org/wiki/Echelon_(signals_intelligence 61

http://www.nsawatch.org/networks.html 62

www.nsawatch.org


Part of NSA system is based on NARUS63 solution which used by Egyptian government during the uprising to monitor traffic and

block twitter and facebook64. It was easily implemented in MENA countries due to the nature of centralized ICT infrastructure and

believed to be used back in 200565 to block VoIP services when it was not allowed by most MENA countries. NARUS also provided the

surveillance solution to Libya66. Unfortunately, most countries in the region are using western technologies to censor or monitor internet

traffic according to OpenNet initiative67.

It is believed that the surveillance solutions provided to Middle East countries especially NARUS is just small part and not the entire

solution.

While these technologies didn’t prevent anything in real life

scenarios and didn’t prevent people from accessing website or even organizing protests and other activities, we think that it open door

for digital espionage in the Middle East.

Fig.9 NARUS system installed at ISP68

63

http://richardbrenneman.wordpress.com/2011/01/29/mubaraks-israeli-created-internet-spyware 64

http://en.wikipedia.org/wiki/Narus 65

http://spectrum.ieee.org/telecom/internet/the-voip-backlash 66

http://www.levantinecenter.org/levantine-review/articles/how-western-corporations-have-been-

helping-arab-tyrants 67

http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011 68

http://blogs.law.harvard.edu/surveillance


CCoonncclluussiioonn

Middle East governments need to address their ICT vulnerabilities

before it is too late. Technology is faster than ever and the upcoming years will bring new cyber threats such as hardware

Trojans, cyber armies, Cyberwar, and critical ICT infrastructure attacks that might affect human lives.

Although many governments in the region are still using policing techniques such as old spying techniques from dark ages to control

everything, they don’t understand that the attacks may come from inside their computers!

MENA countries need to pay attention to all imported technologies,

hardware, devices, and solutions. Security first!

Cyber security is not the work of individuals, corporations, or governments. It is everyone’s responsibility.

Governments need new strategies for awareness, and regulations.

They need to enforce freedom of speech, transparency, and improve the education system at all levels.

Education is the key in the 21st century


CCrreeddiittss

Published 19 June 2011

Author

Mohamed N. El Guindy

ASK PC Academy, President ISSA Egypt Chapter, Founder & President

[email protected]

[email protected]

mailto:[email protected]

mailto:[email protected]


About ASK PC Academy

ASK PC is an information technology training provider working in

MENA region with registered offices in the UK and Middle East.

ASK PC is providing IT training solutions corporate, governments, and individuals around the Middle East. It offers the highest quality

services and internationally recognized IT qualifications in partnership with reputable international organizations to name few,

the Institute of Electrical and Electronics Engineers (IEEE), the Chartered Institute for IT (BCS), Information Systems Security

Association.

Learn more about ASK PC services

In English: www.askpc.net In Arabic: www.ask-pc.com

For specific country offices

and partners, please visit our websites.

Copyright © 2011 ASK PC. All rights

reserved. ASK PC and ASK PC Logo are

trademarks or registered trademarks of ASK PC.

Other mentioned names may be trademarks

of their respective owners

http://www.askpc.net/

http://www.ask-pc.com/