Category Archives: ICT in MENA

Middle East and NSA leaks

nsa-leak-snowden-live-updates2222.siThe latest NSA documents leaked by Edward Snowden[i] sparked constitutional clash in the US and other European countries. These leaks revealed also that Middle East countries were under surveillance in a program called “Boundless Informant”[ii]. This program reminds me of Echelon[iii] project which was (or still) a secret agreement for signal intelligence (SIGNIT). Echelon project is actually a vast network of electronic spy stations located around the world and maintained by five countries (USA, UK, Canada, Australia, and New Zealand).

In 1945, the US started secret project called “Shamrock”[iv] to spy on telegraphic data entering into and exiting from the United States. The NSA was not known at this time but the FBI, CIA and defense department were granted daily access to telegraph messages without any warrant.

In 1952, President Harry Truman established the NSA[v] with a presidential directive to help break secret codes gathered during WWII. But this was just the beginning until the NSA started to be involved in everything.   In my opinion, this is the tip of the iceberg when it comes to surveillance and digital spying. This might be the norm due to unwarranted influence of the military and police state in the US.

Accordingly, the surveillance state is not new in the US but citizens are tend to forget or even don’t have time to search or read history.  One of the well-known scandals related to NSA was the AT&T case in 2006[vi] which brought the Israeli company, NARUS[vii], to the surface.

The latest NSA leaks in addition to AT&T scandal in 2006 revealed the rule of NARUS software and gears in Internet surveillance. NARUS, which acquired by Boeing in 2010, was founded in Israel in 1997. Since 2004, NARUS was major player in Middle East surveillance when it comes to blocking VoIP services[viii]. Arab dictators were overwhelmed by the new VoIP technologies, especially Skype, when governments in Egypt and Saudi Arabia wanted to block it due to economic and political issues. VoIP services helped activists bypass government surveillance in Middle East. It was also very cheap or free when compared to local telephone services. This company, NARUS, helped also Arab regimes in Egypt[ix], Libya[x] and other countries to spy on their citizens using deep packet inspection technology (DPI). They also used these tools to block specific services and websites that might contain materials against governments or religious issues. In Middle East, under the cloak of “National Security”, everything can be blocked, no questions asked!

Do Arab countries understand what they installed in their ICT infrastructure?

Human Rights and the Internet in Middle East

Controlling the Internet

“The Internet treats censorship as a malfunction and routes around it.”

– John Perry Barlow

 

Since its appearance in Middle East, the Internet has played crucial role in all aspects of life and  changed the way we live, study, work, communicate, interact and become “the the largest free virtual country to which everyone is migrating.”

Backed with their long history of censorship, Mideast countries wanted always to apply the same old rules of local telephone networks on the Internet and Information Technology. Governments are struggling to implement and enforce new laws and regulations to repress people on the Internet.

While policymakers are not serious to draft dedicated cybercrime laws, they may use it as a loophole to implement their Hi-Tech oppression. For example, the UAE updated its cybercrime law with new controversial articles that violate privacy, human rights and freedom of expression. The new ultra-controversial constitution in Egypt includes also strange articles that will help enforcing more oppression and control flow of Information in 21st century.

In our region, several laws are available for online and offline oppression under national security cloak, but fewer regulations on privacy and data protection.

Most, if not all Mideast governments don’t respect the UN Declaration on Human Rights and violate the privacy of their citizens.

From government surveillance to Internet Shutdown, many cases prove without a doubt that we insist to apply the same wrong method and expect different results. Any attempt by Middle East countries to control, censor or shutdown the Internet to prevent flow of information may be understood. What is surprising is the support of the UN through ITU to control the Internet.

Representatives from 193 nations gathered in Dubai to attend The World Conference on International Telecommunications and discuss the new Telecommunications Regulations, especially the most controversial model of the “sender pays”. This Conference might look like new war between East and West on who will control the Internet. The secretive nature of the conference makes it vulnerable to criticism, especially when Internet giants companies like Google started to attack ITU. International Organizations such as the Internet Society feel also that this gathering in Dubai will have an impact on the open Internet model and submitted special statement to ITU.

Whatever the consequences, I understand that this conference will affect the Internet and might bring new players to the arena such as China and Russia. It might also allow authoritarian governments to control the Internet under their own regulations and here lies the problem.

But it doesn’t mean that Middle East countries will succeed in this situation even if they apply the most restrictive measures or even shutdown the Internet.

The latest unfolding events in the region from Tunisian uprising to current complex situation in Syria assure that Middle East will be changing in the 21st century. Whether this change will be good or bad depends on our ability to adapt. The more oppression we apply, the more chaotic our region will be!

Governments need to solve their problems from inside-out and must respect Human Rights because laws and regulations will not solve the problem. Instead, we need to build better people and invest in our human resources.

“Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.” – Plato

 

 

Further Reading

Internet Timeline, Silicon Valley Historical Association

Cybercrime Legislation in the Middle East, Whitepaper by Mohamed N. El-Guindy

Reading the Draft Constitution of Egypt, by Chibli Mallat

Jail for indecent posts, UAE cybercrime law updated

Wikileaks: The Spy Files, Article by Mohamed N. El-Guindy

How Government Spies on You, Article by Mohamed N. El-Guindy

– Human Rights and the Internet, by Steven Hick,
Edward F. Halpin and Eric Hoskins (November 2000, ISBN: 0333777336)

– UN Human Rights, International Covenant on Civil and Political Rights, Article 19

The Universal Declaration of Human Rights

U.N. report: Internet access is a human right, LA Times

– UN’s ITU should be dismantled, former White House official says, TECHWORLD

– Dear ITU, please don’t bill Internet use like phone calls, ARSTECHNICA

– World Conference on International Telecommunications (WCIT-12)

– The leaked ITU document by Cryptome.org

Statement by the Internet Society

Proposals for New Interconnection Model Comes Up Short, by
Internet Society

Middle East loses control in the Cyber Battlefield

 

Kaspersky Lab announced the discovery of a highly sophisticated malicious program that is actively being used as a cyber weapon attacking entities in several countries. The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date. This malware discovered by Kaspersky Lab’s experts during an investigation prompted by the ITU to look into reports of suspicious computer activity.
The malware according to BBC is called “Flame” and Kaspersky Lab told the BBC that this malware had been operating since 2010 and it is state-sponsored malware!

The malware is a sophisticated spying toolkit that collects private data from Middle East countries. Kaspersky Lab considered this toolkit as the most sophisticated cyber weapon yet unleashed.  The “Flame” malware shares many characteristics with Duqu and Stuxnet while the features are different.  Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on, according to Kaspersky Lab.

The problem with this malware is that it updates itself by installing additional modules that perform specific tasks and upgrade its functionality, the same as you install Apps for your iPhone. Researchers discovered that this malware is written by a programming language called “Lua” which can be extended using C or C++ code.

Middle East countries seem to be the target for this sophisticated attack. Infections are found in Iran, Egypt, Saudi Arabia, Syria, Lebanon, and finally Israel which might logically be in Palestine.

According to RT, Iranian cyber defense group confirmed that highly ranked Iranian officials’ computers have been infected with this malware and Iran still believes that this malware was “Made by Tel-Aviv”. On the other side, Israel sees Iran as a significant threat and Israeli’s deputy prime minister chose not to deny Israeli responsibility for this malware. On same day, Iranian News Agency “FARS” stated in a press release that “Israel Admits to Waging Cyber War on Iran”.  While most infections are found in Iran, I think it is still hard if not impossible to technically know who is behind this sophisticated toolkit.  “Inability” to determine the source of an attack is the most dangerous issue in Cyberwarfare and might be the reason behind unjust wars.

Iran is the most capable nation in the Middle East to deal with such attacks but what about other countries?

Unfortunately Middle East countries are not aware of Cyberwar and cyber attacks. They will be the biggest losers in Cyberwar era. I mentioned in one my articles that global powers will write malicious codes instead of military actions and we started to see evidences in the 21st century.

Middle East governments are using western technologies to spy on their citizens and global powers are spying on both!