By Courtney Trenwith
Cyber attacks have been responsible for destroying nuclear centrifuges in Iran and computer networks in Saudi Arabia, as well as causing stock market crashes in the US. The threat today is larger than it has ever been — but are Gulf companies paying attention?
It’s being referred to as the fifth pillar of war. It targets just about everything: governments, critical infrastructure, significant companies such as oil and gas producers, financial institutions and unsuspecting, every day people. Its frequency and severity is only escalating and analysts warn it will one day — any day — cause devastating consequences.
“The world is hyper-connected, and once a malware genie is out of the bottle it cannot be put back,” says Eugene Kaspersky, the co-founder of Kaspersky Lab, and one of the world’s foremost cyber security experts. “It will attack computers in MENA, in Europe, South America — basically every computer having a similar OS, software and vulnerabilities as the initial victim. So the whole world is a hotbed for modern cyber criminals. I would even say it’s a cyber criminals’ paradise.”
Cyber crime, or a cyber war, takes only a computer, some sophisticated software and access to the internet for anyone technically minded to achieve severe damage, from stealing millions of dollars, to shutting down the network of one of the world’s largest oil producers, to infecting electricity grids. It has already been used to infiltrate a nuclear facility in Iran and fry almost the entire computer network of Saudi Arabia’s national oil company.
In just a few decades internet crime has escalated from mischievous individual hackers sending mostly email-linked viruses affecting a relatively small number of PCs to all-out government-funded operations with targets as big as nuclear facilities and military operations.
And the Middle East is becoming a hotbed for harvesting cyber criminals as well as a major target.
“Over the last year [the Middle East] has been one of the highest [cyber crime active regions] we’ve seen in the world,” the president of McAfee for Europe, the Middle East and Africa, Gert-Jan Schenk, says. “Also with all the geopolitical events that clearly drives a lot of cyber crime and cyber war activities.”
The Middle East’s strategic location, massive oil and gas reserves, geopolitical tensions, financial hubs and nuclear facilities make it a prime breeding ground for cyber crime.
“More and more of the world’s economics are dependent on the Middle East region,” Schenk says.
“A lot of transport between Asia and Europe and the rest of the world is coming through the Middle East. Oil and gas, a critical asset to the world, is coming from the Middle East.
“You’ve got the importance of Dubai as one of the major hubs in the world; [with] Emirates Airline being based out of Dubai there’s clearly a need for protection.
“Dubai is one of the key critical internet exchanges in the world. A lot of the internet traffic through the world coming from different continents is also coming to Dubai.
“With all these activities — we’re not even talking about everything that’s happening in the political landscape in the region — we’ve also seen that the intensity of cyber criminals has grown significantly in the region.”
Kaspersky, whose firm already has a major hub in the Middle East, agrees about the size of the threat in the region.
“They are protected as poorly as in other countries,” he says. “They have the same computers, the same software and the same networks, and business processes are similar. There’s no major difference.”
“The situation with IT security in the MENA region is absolutely the same as in the rest of the world, and recent attacks in the region with the standard scenario confirm this.
“Don’t forget, the internet doesn’t have borders. We are all on the same battlefield.”
McAfee acknowledged the increasing seriousness of cyber crime in the Middle East by launching the region’s first dedicated cyber defence security centre in Dubai earlier this month.
The need for permanent expertise in the region was highlighted in August last year when a virus dubbed Shamoon wiped clean nearly 30,000 computer hard drives at Saudi Aramco, the national oil company of the world’s largest oil producer, Saudi Arabia. The attack, which failed to disrupt production but was one of the most destructive hacker strikes against a single business, forced Aramco to shut its main internal network for more than a week.
A group called Cutting Sword of Justice claimed responsibility for the politically motivated attack, blaming Saudi Arabia’s support of the Sunni leaders in Bahrain and rebels in Syria.
Schenk says the attack was a wake-up call for not only Aramco but institutions across the region, many of which had naively believed they were paying enough attention to their cyber security.
“[After Aramco] there was generally a feeling that there were lots of companies with great intent but little specialist knowledge about the region and what was happening in the region,” he says. “At that point we at McAfee decided to build a special centre.
“This is a major step forward for the region.”
Schenk adds that the centre, with an initial staff of ten, would supply information to a variety of customers, such as government entities, institutions and businesses on both a proactive and reactive basis.
“It’s really providing them with the information about what’s happening in their environment and also providing them with the context of what they’re seeing in their environment from a cyber crime perspective,” he says. “It’s not just about telling you that you’re infected or being attacked; it’s providing you with the context about what [the perpetrators] are after and where it’s coming from.”
But Stuart Robb-Poole, founder and managing director of UK-based strategic intelligence, risk and security management company Knightsbridge Company Services (KCS Group), says governments, institutions and individuals remained seriously ignorant about the significance of cyber crime.
“There is a total lack of awareness by the public to the level of threat from cyber attacks,” he tells Arabian Business. “There’s people in government who haven’t got a clue what’s going on.
“Attacks are occurring hourly, daily, across the whole region. It’s a much more serious situation than the press are indicating.”
Robb-Poole says cyber crime is already shifting the global balance of power and state intelligence agencies needed funding, in some cases, greater than gross domestic product in order to build up the expertise required. But even then, most countries, including in the Middle East, are already far behind in the new arms race.
“One of the biggest fears that they have is that they’ve woken up to something that’s actually been going on since the early 1990s, if not before,” Robb-Poole says.
“A lot of the laws were put in place 25-30 years ago, before cyber criminal activity became as sophisticated as it is today. There’s a huge disconnect between the boards of most companies and the CIOs [chief information officers] — the technical people who actually run the systems.
“There’s never the budgets or technical capabilities to actually stop a concerted cyber criminal attack. That’s the biggest problem: there’s absolutely no defence... all you can do is mitigate against it.”
The diverse nature of cyber attacks has shown that every sector of society is at threat, while there are numerous motivations, including causing physical damage to systems or infrastructure, collecting information, stealing money and making a political point.
But it’s the attacks between governments that potentially pose the greatest threat to society as the internet is progressively being used as a weapon. One of the most significant attacks believed to be state-backed was the Stuxnet computer virus that hit an Iranian nuclear facility. Discovered in June 2010, it is believed to have been created by the US and Israel and could have been in the infected computer network for several years.
In a significant advancement in cyber crime, Stuxnet was the most complex malware to date and the first known to spy on industrial control systems, spreading from computer to computer without being detected, according to Symantec, which analysed the worm.
Experts said Stuxnet was the largest and most expensive malware development in history. Sources that blame the US and Israeli governments claim the allies were attempting to interfere with Iran’s nuclear ambitions. American scientists later said Stuxnet likely destroyed up to 1,000 centrifuges, or 10 percent of the plant’s capacity. It was also reported that the attack delayed Iran’s nuclear enrichment programme by about two years.
Since then, Iran has reportedly directed more attention towards cyber capabilities and has launched retaliatory attacks against US banks. Israel, China and Russia are also known to have dedicated significant funds and resources to their cyber capabilities, with cyber attacks becoming a more feasible option than traditional military attacks that tend to take longer to achieve, cause deaths on the perpetrator’s side and often require political approval.
Israel’s chief of military intelligence, major general Amos Yadlin, revealed in December 2009 that cyber crime was the military’s new pillar of warfare. Israel viewed hacking as one of its national threats, as serious as an Iranian nuclear attack, he said.
The military was beefing up its cyber warfare capabilities, including the ability to use computer networks for espionage or to carry out sabotage by planting malicious software into sensitive control systems, the senior spymaster said.
“Israel is 15 years ahead of most of the countries,” Robb-Poole says. “Even if you actually put somebody through university now — a seven-year course — to try and bring them up to the level, the rest of the market is not going to sit still. There is, in reality, a cyber war going on today.”
For example, the US has launched 200-300 cyber attacks in the last 12 months against various institutions, he says.
“That’s actually illegal, you’re declaring war on somebody but it’s happening. I’m fairly sure it’s also happening in Europe and maybe in the Gulf,” he says, adding that he believed Russian cyber criminals were operating in Dubai.
The Syrian Electronic Army has emerged as one of the most prominent, politically motivated cyber crime groups and was the Middle East’s first virtual army to publicly launch cyber attacks, according to analyst Helmi Noman.
Some have suggested it is an arm of Syria’s Bashar Al Assad regime but the organisation claims to be only allied with the government, while acting independently.
Its hackers have managed to take over the Twitter accounts of key international media outlets including the New York Times and the Associated Press (AP). On 23 April, it hijacked the AP Twitter page and posted that the White House had been bombed and president Barack Obama was injured. The false claim caused stock markets to temporarily plunge.
The region was recently hit by a global cyber crime ring that stole $45m from the Bank Muscat and National Bank of Ras Al Khaimah (RAKBANK) in what was one of the largest-ever bank heists. By hacking into credit card processing firms, the group managed to withdrew money from ATMs in 27 countries simultaneously.
US authorities say the group operated from New York and their “surgical precision”, global operations and speed proved the sheer sophistication of cyber criminal gangs.
“In the place of guns and masks, this cyber crime organisation used laptops and the internet,” US attorney Loretta Lynch said after the May attack. “Moving as swiftly as data over the internet, the organisation worked its way from the computer systems of international corporations to the streets.”
Cyber crime is estimated to have caused $388bn worth of global losses in 2011, according to a white paper published by financial services firm First Clearing, as well as online security firm Norton.
Others suggest that figure is conservative, but even so, that makes cyber crime more lucrative than the drug trafficking market — and, according to Robb-Poole, that money is enticing more criminals to become involved.
Despite the sums involved, there’s a worry that individuals, corporates and governments are reluctant to commit to the investment required to combat the threat. “There’s not enough investment — by a long way, and it’s the same globally,” Kaspersky says. “Actually I’m afraid the situation with investment in cyber security will remain as it is until something bad happens. Until big bada boom!”
Meanwhile, attacks on critical infrastructure such as water and electricity systems, which so far have been minimal according to public records, also pose one of the biggest cyber threats, with the potential to affect thousands, if not millions, of citizens.
“Disruption of critical infrastructure means disruption of society and critical infrastructure can be the water supply, can be the sewerage systems, electricity, the production of oil and gas,” Schenk says.
“When any of these things stop, it has a major impact to the society but also the countries that are using that infrastructure. You can imagine what it would do to one of the major airports, which today... are clearly being seen as critical infrastructure.”
Robb-Poole says part of the problem was the inability for institutions to protect themselves proactively because of outdated legislation, while the public needed to be better educated about their online security risks, which could also impact on businesses.
“We need to make people more aware of the problem and perhaps tell themselves to be a little sharper about what emails they open, what they do on Twitter and Facebook. All those things are portals or outlets for the people who want to get in,” he says.
McAfee MENA regional director Hamed Diab says with one-third of the population now online, the region was obviously at a greater threat of cyber attack.
“We’ve seen a major change in the ball game here related to activism and cyber crime,” he says. “This is why we believe it’s not enough to be reactive, we really need to be proactive and understand what’s happening. Security is no longer an option; it’s a must.”
But can the war be won? Definitely, says Kaspersky. “International collaboration and information sharing in cyber security is increasing, Cyberpol will be opened soon, enterprises are paying more and more attention to cyber security, and critical infrastructure operators are finally taking seriously protection in their field too,” he says. “I’m paranoid but optimistic: all together — we will win.”
Brillant overview of the cyber activity in the region