Category Archives: ICT in MENA

Cybercrime Legislation in the Middle East

ICTs investments in MENA countries are overtaking the rest of the world but they didn’t improve their cyber legislation systems. Cybercrime in the region is rising alarmingly and there no efforts to tackle this phenomenon. Lack of legislative and technical capabilities are common factors in most Middle East countries along with poor security awareness and education. I’m delighted to introduce my latest research to address these latest cybercrime issues in the region. This research includes extensive study for Internet penetration in MENA, country by country assessment, legal frameworks, and challenges facing legislators in the region.

Download your FREE copy

My Publications

Wikileaks: The Spy Files!

During the last two years I have been talking about Middle East regimes and their relations with western companies that provided them with Hi-Tech repression tools. With evidences collected during Arab uprisings we started to understand that there is multibillion-dollar market between western companies and oppressive regimes in MENA. My latest article explained how Arab dictators used these tools to track, hack, and kill innocent people. But it seems that this is not the end of the story…!

Wikileaks released the long-awaited leak of the year (THE SPY FILES)

 

“Who here has an iPhone? Who here has a Blackberry?” asked Julian Assange at a press conference in London. “Who uses Gmail? Well, you’re all screwed.” 

All these services are selling details to mass surveillance companies across world, he said. Assange also said that”Right now, no banking transaction on the internet can be considered secure”.

Police and intelligence services can “take over computers without the help or knowledge of the telecommunication providers,” said a WikiLeaks statement. “Users’ physical location can be tracked if they are carrying a mobile phone, even if it is only on standby.”

The Spy Files Portal published 287 file so far and still hundreds to come!
It includes Catalogues, brochures, manuals, presentations, contracts, and papers for all kind of surveillance and spying tools that are used around the world and also by Arab dictators!

The following map represents valuable data for those looking to understand the origin of specific software from specific country around the world. It is also called:
The United Nations of Surveillance

This huge leak requires extensive study and research for each document and links it with the events on current Geo-political map. I can’t really think of spying and surveillance tools without keeping politics in mind..!

The followings are fast findings and highlights for Middle East links:

Egypt

GAMMA Group software (Arabic)
GAMMA Group (German)
Israeli Technology Monitors Egypt’s Cell Phone (NARUS)
Vendor(s): GAMMA

Libya

A Guide to Libya’s Surveillance Network
listening in on Libya
Gaddafi Surveillance
Vendor(s): AMESYS : VASTECH

Tunisia

Microsoft aided Ben Ali’s regime! (Wikileaks cable)

Bahrain

Vendor(s): Bluecoat : TROVICOR : GAMA
Nokia Siemens helps Bahrain
BBC Radio (Government Spies on People in Bahrain)

Iran

Vendor(S): CREATIVITY  : ERICSSON : TROVICOR

OMAN

Vendor(S): GAMMA

Qatar

Vendor(s): Bluecoat  : NETSWEEPER
Aiding repression or just doing business?

Saudi Arabia

Vendor(s): GAMMA

Syria

Vendor(s): AREAUTIMACOQOSMOSBLUECOATSEIMENS

UAE

Vendors: BLUECOATNETSWEEPERSS8 (Wikileaks Cable source)
(Spy Files)

Yemen

Vendors: NETSWEEPERGAMMA

It looks like this industry booming after 9/11 and at the beginning of War on Terror. Western companies sold surveillance and spying tools especially to Middle East as an effective technical weapon against terrorists. Since western governments wanted the dictators to be part of the game, they supplied them with surveillance and spying technology.

When the so called “Global War on Terrorism” started to bankrupts, dictators and their tools started to fall and new maps begin to unfold..!

How Government Spies on You?

Governments around the world are spying on their people. This act is well-known in the Middle East by oppressive regimes but now it is obvious that all governments are doing it. People believe that their government is using Internet surveillance technology but they don’t understand how they use it, what they get, and which tools are they using.

If you live in a country ruled by a dictator, you should understand that surveillance is a daily routine for law enforcements without any warrant!

I stated in one of my latest articles about “Lawful Interception” that western companies offer special surveillance and hacking tools to oppressive regimes in Middle East. Instead of using these tools to protect their cyber and physical security, they use it to hack their people!

But do you know how your government is spying on you? What tools are they using?

The Wall Street Journal published the so called “Surveillance Catalogue” which contains leaked brochures from secret conference for surveillance and security in Washington DC. I mentioned this conference before which is “ISS World” for sure!
Checking sponsors link on their website will give you a clue of what’s inside.

In order to understand what these western countries are offering to our oppressive regimes, you need to carefully browse and study the leaked brochures on WSJ website.

There are many interesting findings in the leaked brochures which I will highlight as follows:

GAMMA Group

This company seems like the best choice for Middle East governments when it comes to hacking, surveillance, and interception. It is the only company which offers Arabic brochures!

It is the same company which supplied Mubarak’s regime with hacking and intrusion tools known as FinFisher and FinSpy. The company offers full hacking and intrusion package with training for law enforcement and intelligence. 

From what Middle East countries did during Arab uprising, we can easily tell that these tools by GAMMA were extensively used. Let’s see the scenarios found on their brochures and link them to what governments did…

Tunisian government used special web code to hack into users’ accounts on facebook, hotmail, yahoo and other networks. That was done using crafted JavaScript code on fake login pages. According to FINFLY WEB tool brochures, that this tactic can easily be implemented since the government has a centralized ISP in which this tool can be used!

Government can infect websites with malicious code and they can target specific user or even the entire network by implementing the infection code through the ISP. Any user will use the ISP to connect to “Facebook” for example will be infected with the malicious monitoring code!!! 

Government can also use the full package to integrate ISP infection, web infection, and hacking through malicious software update.

Mubarak’s regime used FINSPY to target specific users using their “User names” provided by their ISP. All ISPs in Egypt and most Middle East countries provided their users with dynamic IPs with “User names and password” for easy identification. While the IP is changing each time user restarted the router, it can still be identified using the “User name”!

The FINSPY solution that is used by Egyptian government can infect and remote control any target, anywhere around the world as claimed by GAMMA group. This tool can also bypass 40 regularly tested antiviruses and can silently open your webcam and microphone!

The FINSPY MOBILE can be used the same way to hack into mobile phones and extract evidences, data, and even record voice and video!

According to the FINSPY MOBILE brochure, it was successfully used with BlackBerry mobiles…
This scenario reminds us of what Etisalat has done with users in UAE!

This hacking technique depends on infecting the mobile software with malicious code using MMS, SMS, UMTS or Wi-Fi. They trick the user to open the MMS or other configuration files as it looks like “system update” or “critical software update”. Once open, the backdoor is installed and everything on your phone could be accessed and monitored.

In Most Arab countries Skype are used by internet users to conduct cheap or free voice communications with applied encryption to avoid government surveillance. But GAMMA Company claimed that their FINFISHER tool can intercept and monitor Skype conversations. The leaked documents reveal that this capability doesn’t depend on cracking the encryption. The whole process depends on infecting the target computer with malicious code or Trojan created by FINFISHER tool which could be able to intercept the conversation on “Sender’s PC” before it is being encrypted or on “Receiver’s PC” after it is being decrypted as shown in the following diagram provided by WSJ.

Manufacturers of such tools always claim that they are aware of export laws and also make sure that their software will not be abused by authoritarian regimes. But what is really happening is that these companies are extensively selling to Middle East regimes that use these technologies to repress their people and invade their privacy without any warrant!
They said it is a moral dilemma and we can’t control how our software is being abused by law enforcements. It is like a knife!

Deciphering Speech

One company offered a very interesting solution that can decipher speech in any language and analyze voices when intercepted. The software can determine which words are being said, what topics and in some cases who is talking!

Other companies are offering language analyses even in Arabic. But it looks challenging when it comes to Arabic as one word might have several meanings and might change according to the sequence of the speech as well.

Hacking and Vulnerabilities

Other companies offer hacking platforms for law enforcements that might look like “Metasploit” but with extensive functionalities. Most tools depend on exploiting unpatched software vulnerabilities or even trick the user to install fake update to infect the target PC. “HackingTeam” is one of those companies that offer full hacking and monitoring platform for law enforcement and intelligence. According to the leaked document, this platform can be deployed on any platform from Windows to BlackBerry. The created malware can bypass antivirus, firewall, and antispyware! 

 

There are many other companies that offer large number of tools that can be used by your government to intercept communication, trace your location, hack into your system, and even analyze your speech. One obvious example is Netoptics the company behind Chinese mobile phone tracking and surveillance systems. They offer solutions for major mobile operator to conduct real-time monitoring of cell phone internet contents. This act is not legal in USA for example without court warrant but it is legal in china!

So it is really a big dilemma when you talk about the law and the usage of such tools.

 

From what we found in these leaked documents and brochures, we can understand that it is a new big market for private western companies to sell their “double edged weapons”. Companies said that they can’t control how their software can be used after they sell it. They understand that their software can be used to kill someone!!!

Since the US and other western governments have interests in the Middle East and with authoritarian regimes, they will not do anything. They understand that these tools can threaten human life not only invasion of privacy!

But we are talking about billions of dollars industry that can’t be controlled ethically..!

Countries with instability, repression, and lack of user awareness such as in Middle East are competing to own these surveillance tools.

On the other side, national security agencies in western governments are not using these tools, they are using custom built and more complicated ones. They can even hack other government security measures and exploit those private tools to collect information from national security agencies in Middle East governments!

Most law enforcements in Middle East lack proper education and training to efficiently operate and use these private tools. They can use it to spy on anyone even their families; there are no codes of ethics, cyber laws, electronic investigation rules or even policies.

Our countries’ national security is not only vulnerable to cyber attacks but also to Geo-political strategies and these private solutions will not prevent anything.

Authoritarian regimes that are using surveillance technology to trace innocent people instead of criminals are easily overthrown by technology itself