Category Archives: Cyber Security

IEEE interviewed Dr. El-Guindy

IEEEGOLDRUSH-Guindy

 

 

 

Cyber security expert and host of a television show? It is not every day that we come across an IEEE volunteer involved in these two distinct fields. Dr. El Guindy is a frequent blogger on Middle East cyber security issues, human rights, digital surveillance and cyber threats. In addition, he publishes whitepapers on critical issues related to technology and Middle East. Furthermore, he is the author of variety of books, study guides and IT courses in English and Arabic which are approved by international reputable organizations. Dr. El Guindy was involved in developing Arabic booklets for an Internet Awareness Project “Saleem Net” in Saudi Arabia. Mohamed is an authority in the filed of cybercrime study in the Middle East and his contributions cited in UN reports and university research around the world.

Dr. Eddie Custovic, the Editor-in-Chief of GOLDRush, interviewed Dr. Mohamed N. El-Guindy

Please click here for full interview

Cyber Security Is Everyone’s Responsibility

Dr El-Guindy

 

 

 

 

New Senior Member and ISSA Egypt Chapter President Mohamed N. El-Guindy has taken to the airwaves, interviewed with newspapers and magazines, participated in NGOs and governmental initiatives, and much more in his struggles to advance the state of cybersecurity in Egypt and the region, and his efforts are starting to pay off ISSA asked El-Guindy if he would be willing to comment on the state of infosec in Egypt, some of the challenges Egypt faces, what he has been doing to improve the environment, and his advice to other ISSA chapter leaders. Here is what he had to say:

Read full interview, click here

“This interview was taken from the February 2015 issue of the ISSA Journal©. It has been made available with permission of ISSA international™. Published monthly, the Journal is an ISSA members-only benefit. For more information, visit www.issa.org,” or email Editor@issa.org.  

Hacking Team in Middle East: From Italy with Love!

hackingteam-stealthIt’s now indisputable fact that governments in the Middle East are using spyware to spot political activists rather than terrorists or criminals. I wrote many articles about this phenomenon since the revelation of WikiLeaks SpyFiles. But the latest discovery should make us think twice about cybersecurity in the region.

Today, The Citizen Lab at the University of Toronto and Kaspersky Lab both published detailed analysis on software called “Remote Control System” from Hacking Team in Italy. According to the Italian firm, this surveillance and spying product is sold only to countries looking to track suspects and criminals and they don’t sell to repressive regimes. Unfortunately, this claim is not true at all..!

The latest analysis reveals that this company offers its remote control spyware to governments in the Middle East, and the most shocking part is that they have also “Command-and-Control Servers” inside Middle East countries. The researchers discovered that this malware comprises at least 326 servers in 40 countries around the world. It’s not surprising that the US and other western countries have the largest servers but what makes sense is that couple of servers is located inside Middle East. The only meaning to this is that Middle East countries, especially Law Enforcement are keen to cooperate with this malware gang, Hacking Team. They need these servers inside their countries to have full control over what’s going on. In addition, they don’t need too much hassle with legal issues related to servers located outside their borders!

As revealed by Citizen Lab, this map shows countries in the Middle East suspected of using this malware.

SUN_NOON_WORLD1

 

To trace the location of HackingTeam servers, researchers at Kaspersky scanned the entire IPV4 Internet address space, using a special “fingerprinting” method it developed that can identify RCS command-and-control servers (C2s). These servers are used as hidden infrastructure to deploy the malware and infect targets. In the Middle East, these C2s are found in Saudi Arabia, Egypt and Morocco. Some of the IP addresses revealed appeared to be connected directly to government authorities, according to the researchers.

There are many incidents in the Middle East prove that this malware has been used by governments to suppress human rights activists and even journalists.

The Italian company claims that its malware can’t be detected and it’s invisible to users who will be targeted by the infection. In fact, this somehow true if the user is not aware enough or not practicing information security at all. The exploit or the payload of this malware depends on many things to trick the target, for example:

–          Exploit unpatched software (if you don’t regularly update your software or OS, you are in danger)

–          Social Engineering tactics (If you normally open email attachments from untrusted or unknown sources, you might be infected. If you download many Apps on your mobile phone from Google Play, then you could be infected. If you jailbreak your iPhone, you can easily be infected!)

–          Fake update from trusted source (sometimes, they use fake update sent from trusted service provider that may cooperate with government authority to infect your cell phone for example. The update or any other malicious software could be signed by fake or stolen certificates)

With poor security awareness in the Middle East, this malware could be easily used to trick users and infect their devices. But one of the dangerous consequences, beside violation of human rights, is the national security of those countries that are using this peace of malware. Even if they have servers located inside their borders and controlled by government authorities to target civilians, without strict security measures these surveillance tools could be used against the government itself.

What will happen if this so called “hidden infrastructure” of the command and control servers got hacked?

What will be the consequences on national security when foreign intelligence agencies cooperate with this malware gang to hack your infrastructure?

Governments that use off-the shelf technologies to hack their people will not be able to defend their infrastructure if hacked by cyber-mercenaries!

 

Resources FYI:

Police Story: Hacking Team’s Government Surveillance Malware

Mapping Hacking Team’s “Untraceable” Spyware

HackingTeam 2.0: The Story Goes Mobile

Did Hacking Team receive Italian public funding?

Wikileaks (HackingTeam Presentation)

Enemies of the Internet (HackingTeam case)