Home / The growing threat

The growing threat

First Dubai International Financial Centre, and now Dubai eGovernment has been the target of cyber-criminals. All the signs are there that these incidents are not ‘one-offs’ and the region can expect more attacks. IT Weekly assesses the dangers facing the Middle East.

First Dubai International Financial Centre, and now Dubai eGovernment has been the target of cyber-criminals. All the signs are there that these incidents are not ‘one-offs’ and the region can expect more attacks. IT Weekly assesses the dangers facing the Middle East.

When David Knott, CEO of Dubai Financial Services Authority (DFSA), announced last month that his organisation had uncovered an online fraud ring that was targeting would-be investors in the Dubai International Financial Centre (DIFC), he went into extensive detail as to just what the criminals had done and how they had operated.

He did so, he said, “for good reason”, hoping to alert members of the public to the scam and others like it and to the increased dangers that internet users face in the Middle East.

The announcement by Dubai eGovernment this week that it has successfully fought off a hacking attack on some of its web sites — an attack which forced it to temporarily take down a number of those sites — shows that such dangers are all too real.

The Middle East is hardly alone in facing these dangers of course. According to figures quoted by Dubai eGovernment, the US alone has seen 19,000 reported incidents of hacking this year already, compared to 23,000 for the whole of last year and just 5,000 for the whole of 2005.

“Dubai eGovernment adopts a high-security system to prevent hacking, but this doesn’t mean that it is completely impregnable as there are always vulnerabilities with software and networks,” Salem Al Shair, e-services director for Dubai eGovernment, said in a statement this week. “This problem is not unique to us as it has happened to other high-profile organisations in other countries. One of the positives from this incident is that it has allowed Dubai eGovernment to learn more about the latest techniques and strategies used by the hackers. This way, we were able to close the gaps in our system and take the appropriate action to prevent similar incidents.”

The incidents last month are the latest in a number of cyber-attacks on organisations in the region, with banks, unsurprisingly, being targeted. Some of the regions biggest banks — including Emirates Bank, HSBC, National Bank of Abu Dhabi (NBAD) and Mashreq Bank — have been hit by phishing attacks in the past year or so.

Another form of cyber-attack that is particularly dangerous is a denial of service (DoS) attack, which, according to Etisalat e-security product manager Rashed Al-Abbar, hackers are using to blackmail companies.

“[The attackers] say we will attack your systems and bring them down unless you pay us a certain amount of money and if this is the bread and butter of the company they will definitely pay off the hacker just to not let him attack their systems,” he said.

Sometimes the attackers will provide a preview of the main attack, for example, by attacking one system, to convince the victim of the seriousness of their threat, Al-Abbar explained.

As the sum of money requested is often relatively small compared to what companies stand to lose if the service goes down, they will often pay up to avoid loss of business and damage to their reputation, he added.

Experts think that the introduction of the UAE’s Cyber Crime Law No 2 in 2006 has gone some way in helping to tackle incidents of cybercrime.

The law allows authorities to prosecute perpetrators of cybercrimes with penalties including fines and imprisonment. Installing software to cause damage can, for example, result in temporary imprisonment and a minimum US$13,600 fine.

However, laws alone will only go so far in stopping the level of cybercrime increasing: Ivor Rankin, senior security consultant at Symantec Middle East and North Africa (MENA) told IT Weekly that companies need to be more proactive in reporting attacks.

“If people start reporting these incidences to law enforcement rather than trying to handle them themselves, I think sooner or later the attackers will move elsewhere,” he said.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.