Category Archives: Legislations

West and East: Security for insecurity

There is no doubt that all Middle East and North African countries are using technologies designed or developed in Western countries. Information technology is Billion-Dollar industry and most western companies are fighting to penetrate the Middle East as a new market for IT solutions, services, and industries. When it comes to ICT, we will find a lot of problems in the Middle East as usual. The problems vary according to what those countries are trying to do:

–          Critical Infrastructure Security

–          Cybercrime prevention

–          Cyber terrorism investigation

–          Freedom of speech (censorship)

–          Activism (crackdown, interception, or eavesdropping)

–          Pornography or illegal contents (censorship or blocking)

One of the biggest problems is that they can’t (or don’t) identify the differences between freedom of speech and illegal or inappropriate contents!

MENA Governments might legally buy a software or solution from western company to filter online pornographic contents. But who will guarantee that those filters or solutions won’t be used to censor freedom of speech?

This is normal in the Middle East as most countries in the region are fighting their people.

Most western companies don’t care about this issue as long as they are making money!

ONI has documented the filtering situation in MENA and how it is affecting freedom of speech. It explained carefully how western technologies are used to censor the Middle East. But content filtering or censorship is not always the case.

National Security is additional boogeyman used in the Middle East to breach security by governments themselves. State Security Agency in Egypt was an obvious example. Egyptian government used (Lawful Interception) tool to illegally intercept and hack into users computers!

UAE Telecom Company installed a spyware on Blackberry in 2009 as an update. It was not an update for sure! They wanted to spy or crackdown activists. When RIM discovered the problem and started to fix it, governments in the Middle East vowed that they will ban Blackberry services. They said that the upcoming ban on Blackberry services would remain in effect until RIM becomes fully compliant with UAE regulatory requirements.

Finally UAE didn’t ban Blackberry services as RIM reached special agreement with UAE government. There is no explanation for this agreement. But we can understand that UAE government can now access the data on RIM servers.

Those examples are common in most Arab countries and will not be easily justified. Governments should respect human rights, privacy, and freedom of speech. Drafting regulations is not the case as it might be a double-edged weapon in Middle East.

Western countries need to understand that their image will be affected in our region as long as they are putting the right solutions into the wrong hands..!

Middle East Fragile Infrastructure!

In the past 2 years cyber attacks and cyber crimes in the Middle East revealed fragile ICT infrastructure. 

I mentioned always in my research that Middle East and North African countries are becoming more reliant on ICT. But unfortunately there are many problems associated with this implementation of ICT without security in place. In addition to poor legislations and low level awareness, most IT companies, service providers, ISPs, and governments don’t take it seriously when it comes to information security. 

It is normal to see lots of troubles related to cybercrime in our countries. The number of incidents doubled each year and businesses in the region become vulnerable to all types of cyber attacks! 

While governments don’t pay much attention to securing their ICT infrastructure, hackers are doing better job to explore and launch their attacks… 

 I’m afraid that they start to realize the threat at point of no return! 

It’s never been easier to launch a sophisticated cyber attack using automated tools, but you can’t defend against these types of attacks using the same tactic…They need to invest more in information security and to better train their IT professionals. Young Cyber-Experts in the Middle East started to explore the world of ethical hacking and that reveals more threats as they realized that their countries’ infrastructure is too easy to hack!  

It is shocking when business leaders in the region understand that they lose millions of dollars each year due to increase of cyber attacks.  

According to top Interpol official, Banks and financial institutions in the region face a lot of troubles due to lack of basic security measures!  

There are lots of cyber attacks in other regions of the word such as USA and Europe and there is no need to spread this information about our weak Infrastructure”, IT experts argue. They even claim that they have most up to date technology to defend against cyber attacks in addition to compliance with top standards such as ISO27001…  

Other experts mentioned that we have one of the lowest levels of cyber threats in the world…  

Worldwide statistics might reveal that Middle East is lower than US, but that doesn’t mean we are safe!  

It is important to understand that there’s big difference between being a source or target for cybercrime!  

When researching the situation in the Middle East and North Africa, we will not find complete and specific treaty or legislations to deal with cyber crimes or cyber attacks!  

Legislation frameworks, policies, expertise, awareness, and International cooperation are always the key to deal with this new phenomenon. It makes cybercriminals think twice before conducting any attack in countries with strong capabilities. It will not prevent the attack but will make it easy to handle the case and even pursue cyber criminals.  

The situation is completely diffident in the Middle East as it might be hard or even impossible in many cases to deal with cyber attacks from both technical and legal views. At large we can see Middle East as big target for cybercriminals and malware infection but it is also source of other cybercrime activities. Security experts revealed that most Middle East countries are among the worst when it comes to botnets and zombies!!!  

We can see lots of investments in implementing ICT and the higher rates of ICT maturity in the region especially in Gulf countries, but they are still too far in developing technical and legislative capabilities.  

Click on the links in the article and check below for more information:  

Cyber attacks double in GCC  

Bank e-security is low  

Increase in Cybercrime  

Cybercrime a threat for 50% of UAE users!  

57% of ME business face cyber attack  

I’m not expecting better situation in 2011 as well…Happy New Year!

The Dark Side of the Internet in the Middle East

Middle East countries are heavily investing in ICT infrastructure. We can easily find lots of ICT applications in the region especially in GCC countries. ICT makes many things easier such as dealing with E-Government services, E-banking, employment, and business. I found in my previous research related to cybercrime that Internet penetration in the Middle East is growing fast and will outpace rest of the world!

Although I am feeling happy with the ICT implementation in our region, lots of troubles started coming their way!

Countries around the world have their own ICT problems. But many of them especially member states of the council of Europe started to implement new and dedicated laws to investigate and deal with the growing misuses of ICT including cybercrime.

There are many legislations and policies for cybercrime and misuses of ICT around the world but there’s no international treaty to deal with this phenomenon. Even a proposal for global cybercrime treaty was rejected by the United Nations at the 12th UN Crime Congress in Salvador, Brazil. It looks like developing countries and others who are not willing to cooperate at international level didn’t reach an agreement to pass this treaty. It is not strange… if they agree, they will be involved in many cases that they will not be able to solve because of local problems especially in the Middle East, China, and Russia!

Each country has special treatment for this phenomenon and even the definitions of cybercrime and other ICT misuses are complicated and considered dilemma everywhere.

But The Council of Europe Convention on Cybercrime is considered one of the best completed treaties to deal with ICT misuses.

Countries in the Middle East need to study this treaty and even get involved. Policymakers, governments, and private sectors need to cooperate to tackle cybercrime.

Most Arab countries still use normal or emergency laws to deal with activities that could be considered ICT misuses or even cybercrime. They can’t even differentiate the activities. Political blogging, activism, freedom of speech, or even facebook activities might be considered a crime in many Middle East countries!

Since we have lots of cultural, social, economic, religious, and political problems in our countries, we will still see more activities online. These activities might vary from freedom of speech, blogging, activism, Hactivism, online Jihad, cyber terrorism, and cybercrime.

Berkman Center for Internet & Society published this complete research for mapping the Arabic blogosphere. It reflects what I mentioned about the diversity of such activities online and especially on blogs.

Frankly Speaking:  “Welcome to the Dark side of the Internet in the Middle East