Closing the net

For most of us, the mantra ‘out of sight, out of mind', holds true. The 21st century pace of business life is so fast that we have little or no time to contemplate anything that isn't immediately under our noses. Sadly, it has taken a flurry of cybercrime attacks in the Gulf in recent weeks to alert the business community to the dangers of online fraud.

The two most high-profile attacks were foiled, fortunately, but caused enough damage to make people stand up and take notice. The first, an internet fraud ring in which criminals targeted investors by pretending to operate out of the Dubai International Financial Centre, was shortly followed by the thwarted hacking attempts on several eGovernment websites which resulted in service ‘downtime' as well as the loss of large amounts of data. Salem Al Shair, e-services director at Dubai eGovernment, concedes that while these instances were the first to be "successful", there have been a number of previous hacking attempts on its websites.

Internet security firm Symantec's latest threat report shows that the UAE is the regional leader for cybercrime in the Gulf. The country ranks 46th out of 180 countries monitored globally, both in terms of origination of cyber attacks, as well as being a regular target for online fraudsters.

"The UAE's high-profile economic position, twinned with the fact that it is among the first to adopt the latest technologies, makes the country even more prone to online attacks than other GCC countries," explains Kevin Isaac, regional director of Symantec.

Something has to be done, and fast, before the problem becomes unsolvable. And the authorities are reacting. In recognition of the fact that cybercrime has reached worrying levels, the UAE's Telecom Regulatory Authority (TRA) announced earlier this month it setting up a special anti-cybercrime body - the United Arab Emirates Computer Emergency Response Team. Dubbed aeCERT, the cyber security body will initially consist of ten people and operations will begin towards the end of 2007. The body's aim is to "facilitate the detection, prevention and response to cybercrime".

"aeCERT arose out of the need to safeguard the critical information and communication technology infrastructure residing under the government, business, and education sectors," Mohammed Al Ghanim, TRA director, tells Arabian Business. The TRA has already counteracted several attacks this year, mainly website defacement and phishing (mimicking an existing website to deceive investors), and Ghanim has openly admitted that "these caused great damage to businesses."

The government's first public stance against cybercrime came in February 2006 when it issued the Cybercrime Law No. 2 which states that cybercrimes in the UAE carry a maximum penalty of 10 years in prison and a US$55,000 fine. aeCERT will consolidate this law, says Al Ghanim.

"The new squad will no doubt enhance the Cybercrime Law and assist in the creation of new rules and regulations governing internet crime," he continued.

The creation of aeCERT, however, marks a crucial turning point for the region, as the TRA will now not only be a reactive body, but also act as a pro-active agency against cybercrime.

"aeCERT will provide a central trust point of contact for incident reporting as well as establish a national centre to disseminate information about threats, vulnerability and cyber security incidents. There will also be sector-based Computer Security Incidents Research Teams (CSIRTs) that will co-ordinate with domestic and international CSIRTs and related organisations," explains Al Ghanim.

Consequently, its existence will not only serve as a deterrent to hackers but also help to raise the profile of IT security in the country, an increasing concern given the huge percentage of the Arab population choosing to go online.

According to figures released by Madar Research, the number of internet users in the Arab world stood at 26.3 million at the end of 2005, a stark increase in comparison to 14 million users in 2004 and 4.5 million users in 2002.

This means the growth rate of internet use increased substantially over 2004 levels to average at around 55%, with a few countries where internet penetration is lowest witnessing triple-digit growth. This led to a pan-Arab penetration rate of 8.50 % in 2005, with the UAE having the highest rates, followed by Qatar and Bahrain.

Furthermore, Arab internet usage is forecast to double to 50 million by 2009 among the 290 million people in the region, according to Google chief Eric Schmidt.

This forecast is further reinforced by the fact that computer purchase orders in the region are soaring due to the high standards of living in parts of the Middle East.