Cyber-criminals taking advantage of Egypt unrest

Short URLs through social networking can take users to fake sites

Tags: Cyber crimeCyber espionageEgyptSophosUnited Arab Emirates
  • E-Mail
Cyber-criminals taking advantage of Egypt unrest James Lyne, senior technologist from Sophos says that cyber-criminals are taking advantage of the political unrest in Egypt.
By  Georgina Enzer Published  January 31, 2011

Spammers and those involved in cyber-crime are taking advantage of the current political climate in Egypt and are targeting internet users both inside and outside Egypt using social networking and fake links, according to James Lyne senior technologist from internet security firm Sophos.

"What we have to remember is that the bad guys are better at following the hot topics on the internet than any other PR company, news agency or vendor. They are great at this.When Michael Jackson passed away, the top three hits on Google for a period of time were fake anti-virus sites, above CNN.com who spend an astronomical amount of money trying to do search engine optimisation, so be very cautious of the links you click online whether you are from Egypt or not. Whilst this is a hotspot of press activity, the bad guys will be looking to use you," Lyne told ITP.net.

The internet in Egypt is still blocked, forcing people to use dial-up alternatives to get online and share what is happening in the country via social networking.

"The theory is that the infrastructure has been taken offline to control the message, and people have been routing around that, routing to other countries and finding really creative ways to stay on the web. Some people have been dialing up to services in Finland with modems and bouncing off and going by satellites to stay online," said Lyne.

It is currently estimated that there is only 8% of internet capacity from Egypt still available on one ISP that is still online. Lyne said that it is theorised that the last remaining ISP has been allowed to stay online because it is the ISP that deals with Egypt's stock market.

"An interesting demonstration of how offline Egypt is, is spam. We have this graph and this global hotspot map that shows where spam is coming from at any point in time and when this activity kicked off, we saw an 85% drop in the [global] quantity of spam originating. So I guess one way to stop the spammers is to do these kinds of things like Egypt," said Lyne.

Along with the blocking of most of the ISP's in Egypt came reports of hacktivism; groups initialising denial of service attacks against government websites to protest against the internet block and these types of attacks are on the increase.

"Over the last year we have seen so many occasions where Anonymous [hacking group] and alike have attacked online services for political reasons. The reason for the increase is simple, we are all putting more of our lives online, governments and general public are putting more of their critical infrastructure online so it is an ideal way to attack. It is more anonymous than storming physically, it is less of a risk and it is as, if not more disruptive than a physical protest because so many of us rely on those services," said Lyne.

With the internet becoming so central to most governments, businesses and individuals, the increase in serious cyber-warfare is inevitable, said Lyne.

"Malware today isn't just about Trojans designed to steal credit cards, it is not just about the guy trying to sell you that $5 Rolex is it? We have seen Stuxnet trying to take over command and control systems associated with nuclear reactors, which could have had catastrophic impact. It could have been so much worse," said Lyne.

These more serious types of cyber-attacks and cyber-warfare are set to increase as more and more of country's infrastructure becomes cyber-based, he said: "As we put more and more of ourselves online, smartgrid infrastructures that control power and key services into our homes, the possibility of us being attacked through electronic systems increases every day and the bad guys are learning about these technologies far faster than the rest of the world. They have embraced the cloud, something that many enterprises have not done."

The major cyber-crime organisations are now running businesses worth millions of dollars and have better infrastructures, resources and funding than enterprises or governments, according to Lyne.

"When you look at some of the money that the bad guys are making, they have more funds and resources available than legitimate vendors and governments. Of course they do, you can steal 80,000 computers in a day very easily, if you are a bad guy, getting 80,000 computers as a business takes a little more work," he said.

This means that it is very difficult to combat the spread of attacks on governments and high-level enterprise facilities. Lyne said that both the public and private sectors need to work together to combat cyber-terrorism and that the first step in stopping the attacks is to build a cyber-army.

"We need a cyber-defence army and we have a huge challenge on an international basis in doing that... In the UK we have seen the government preaching a programme of public-private sector collaboration, they are saying we cannot do this alone, we can no longer protect the borders against cyber-criminals without the help of the private sector. They are admitting this problem and different countries all over the globe are starting programmes to get people involved and fight the bad guys together," added Lyne.

According to Lyne, recently cyber-crime came up as number four on the risk register, just above nuclear warfare, so countries are beginning to recognise just how much of a threat cyber-crime is.

"We have an enemy with more resources, who is anonymous, who is very skilled, but there are many, many things that we can do to improve that picture very quickly. It is refreshing to see governments all over the world recognising this issue, starting to create these collaboration's and starting to put cyber-security on the risk register," said Lyne.

In addition to the risks faced by every country when dealing with cyber-threats, the Middle east has a problem specific to the region.

"Here [in the Middle East], we have got these businesses and individuals coming to the internet fresh, getting really high speed connections and the latest technology, not necessarily having had the pain of the internet growing up slowly, getting used to privacy issues, learning lots of lessons. Having people connected [to the internet] with less experience, with high end technology in a region that has an astronomical amount of money and resources making them a wonderful target for the bad guys is a challenging situation," said Lyne.

He added that the Middle East needs to educate the business and consumer communities to the dangers of the internet and drive a higher standard of security.

If you would like to get more updates on the situation join Lyne on Twitter at @jameslyne

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code