Chronicle of the Middle East and North Africa

Cyberattacks a Major Concern in the Middle East

Bou Ali Sina Petrochemical Complex blaze caused by cyberattack
Firefighters try to extinguish a blaze, allegedly caused by a cyberattack, at the Bou Ali Sina Petrochemical Complex, in the Imam Khomeini port, Iran, 4 July 2016. Photo AP

The global ransomware attack on 12 May 2017 had a limited impact in the Middle East. However, cybersecurity remains a major concern for government and corporate actors as well as civil society organizations.

Cyberattacks in the Middle East have typically been carried out by hackers targeting the oil and gas sectors and other key industries, and by governments targeting activists and journalists within their own countries.

Egypt was the only country in the region among the top 20 countries affected by the WannaCry ransomware attack, which hit targets including hospitals and telecommunications firms in at least 99 countries. Ransomware is a type of malware that encrypts a user’s data and then demands payment in exchange for unlocking it. Egypt ranked 19 on the list of the 20 most-affected countries, according to security researchers at Kaspersky Lab.

A 2015 report by the United States-based consulting firm Strategy& noted that security measures by governments and companies in the Middle East are lagging behind the rate of digitization in the region. ‘Indeed, governments and large organizations in almost every vital sector of the region have sustained damage from cyberattacks,’ the report said.

These have included viruses used to steal financial information from individuals, corporations and governments, such as an attack on two banks in Oman and the United Arab Emirates (UAE) that resulted in a loss of $45 million in a few hours. There have also been attacks on the computer networks of petrochemical companies, including a virus that breached the security of 75 per cent of computers in one of the region’s major oil and gas companies, the report noted.

A 2012 attack on Saudi Aramco, the world’s biggest oil company, using malware known as Shamoon, destroyed 35,000 computers within hours. Employees were forced to conduct operations with typewriters and fax machines, putting at risk the company’s ability to supply about 10 per cent of the world’s oil. US intelligence officials blamed the attack, and a subsequent attack on the Qatari natural gas company RasGas, on Iran.

The same malware surfaced again in late 2016 in a smaller-scale attack that targeted Saudi government ministries, including the county’s aviation agency. The attacks did not affect operations at the country’s airports, but Bloomberg News reported that it destroyed thousands of computers at the headquarters of the General Authority of Aviation, ‘erasing critical data and bringing operations there to a halt for several days’.

Iran itself had been the target of an extensive cyberattack on its nuclear enrichment facilities by the US and Israel. The Stuxnet virus attacked computer systems at the Natanz uranium-enrichment plant, sabotaging centrifuges. The covert operation was exposed in 2010. A leaked document from the US National Security Agency suggested that Iran had learned from attacks on its own nuclear and oil facilities to launch the attack on Saudi Aramco.

Private companies in the Middle East also suffer substantial losses due to cyberattacks, according to a 2015 survey of 300 companies by the consultancy firm PwC. Fifty-six per cent lost more than $500,000 in the last year, compared to 33 per cent globally, and 18 per cent of respondents had experienced more than 5,000 attacks, compared to 9 per cent globally. The researchers also noted that the number of virus-infected computers in the Middle East is more than four times the global average.

Richard Clarke, chief executive of Good Harbor Security Risk Management and former national coordinator for security, infrastructure protection and counter-terrorism for the US, wrote in The National newspaper that ‘Middle East governments did not learn from the mistakes made by the United States, Europe and Asia’ in countering cyberthreats. The countries have focused on securing government networks, while leaving ‘private sector companies, infrastructure operators and civilian ministries … largely undefended’, he wrote.

‘Yet they are the most frequent targets for sophisticated hackers seeking to steal money, identity, intellectual property and valuable financial information,’ Clarke continued. ‘Moreover, it is by attacking the infrastructure operators that an enemy could cripple an economy or a nation.’

Recently, Qatar said its state news agency had been the target of hackers after comments were posted that praised Iran and Hezbollah, criticized American President Donald Trump and claimed that Qatar had ordered its ambassadors to withdraw from several Arab nations – including Saudi Arabia – for allegedly plotting against Qatar. In response, Saudi Arabia, the UAE, Egypt and Bahrain blocked Qatari news sites including al-Jazeera.

Attacks on Civil Society and Activists

Apart from the cyberattacks launched by foreign governments and hacking groups attacking state and corporate targets, there have been widespread cyberattacks on activists, journalists and civil society organizations in the Middle East.

A burgeoning market in digital spy tools  has been a boon to governments looking to track their citizens or clamp down on dissent, with dozens of companies around the world selling the digital spy technology to state actors.

Earlier this year, the Egyptian Initiative for Personal Rights and Citizen Lab, a project of the University of Toronto’s Munk School of Global Affairs, reported that Egyptian human rights groups were being targeted by a phishing campaign, a type of attack that aims to get targets to reveal personal information like passwords, which was suspected of coming from the country’s intelligence agency.

In December 2016, lawyer and women’s rights advocate Azza Soliman was arrested at her home. A few hours later, staff working with several NGOs received e-mails purporting to come from the file-sharing site Dropbox with a file described as the police report for her arrest. The attack sought to get the targets to enter their Dropbox password in a form that was controlled by the operator of the attack. The Egyptian Initiative for Human Rights blamed government sources for the attack. Citizen Lab did not name a culprit, but wrote ‘it is clear that it is yet another component of the increasingly intense pressure faced by Egyptian civil society’.

Other Citizen Lab investigations looked at cyberattacks on human rights activists and journalists in the UAE. In a 2016 incident, human rights activist Ahmed Mansoor received text messages on his iPhone with a link allegedly providing information on detainees being tortured in UAE jails. Mansoor sent the messages to researchers at Citizen Lab. They determined that if he had clicked on the link, his phone would have been infected with spyware and his phone ‘would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements’.

The group traced the attack to NSO Group, an Israel-based company that sells Pegasus, a spyware product used by governments. It was not the first time Mansoor had been the target of a cyberattack. Before his arrest in 2011, he had been targeted by spyware sold by the Germany-based company Finfisher and the Italy-based Hacking Team. The UAE was Hacking Team’s second-largest customer, behind Morocco, according to invoices that surfaced after the company itself was hacked in 2015.

user placeholder
written by
All Fanack articles