tech talk

Hack
with
Qatar playing such a prominent role in the region now, how susceptible is the country to more of these attacks and, what is being done to minimise their impact? Hacktivism, broadly speaking, is the use of computers and computer networks to promote political ends through free speech, human rights and information ethics. It’s the electronic cousin of more conventional methods of protest, activism and civil disobedience. Hacktivists are generally seen as terrorists, yet in some situations they are simply exposing a hidden truth. Whatever their motive might be, it’s understood that they can infiltrate highly secure networks and have their way. Patriot groups, such as the ones from Syria, organised themsleves into “cyber armies” to have their way on popular Qatari platforms recently. Whilst

Attack
Two of Qatar’s flagship enterprises, Qatar Foundation and Al Jazeera, recently found their networks compromised by malicious cyber attacks from Syrian loyalists who cited Qatar’s continuing support for the rebels in their war-torn country as their motive.
by rory coe n

the damage caused was cosmetic, the significance of their attacks shouldn’t be underestimated. Up to now they have concentrated on the defacement of popular websites or distributed denial-of-service (DoS) attacks but these will improve in sophistication and aggressiveness, and their favourite targets will continue to be societies that denounce the extremist governments they support. At the end of last month, South Korean broadcast networks and banks were compromised by an IP address in China, but it was suspected to be another attack from North Korea. “Nation states and armies will be more frequent actors and victims of cyber threats,” says Essam Ahmed, MENA Pre-Sales Manager for security software company McAfee. “Many of the world’s military units are on the front line of social networks. Professional forums such as Company Command and profes-

The Internet is a vast network with no boundaries, attacks can be done from anywhere in the world.”
McAfee

Anti-Virus software

50-60%
effective (RSA)

of enterprise security professionals believe they have been targeted by an APT (McAfee)

59%

the reduction in the number of infected machines in Qatar (2008-2012)
april 2013

80%

Qatar Today 6 5

tech talk

Khalid Al-Hashmi,
Executive Director, Qatar Cyber Emergency Response Team (Q-CERT), ictQATAR.

New legislation

D

ependency on ICT systems and networks that support the nation’s critical sectors such as energy, utilities and the financial sector continues to increase; thus, in order to proactively address the cyber risks and threats rapidly facing those critical systems, ictQATAR has drafted the Critical Infrastructure Information Protection legislation, due to be finalised in 2013, that introduces strategies for protecting the most critical information infrastructure systems in the country, including those used for power grids, oil and gas production, financial transactions, healthcare and government operations.

“Aligned with similar legislation being introduced around the world, as well as recommendations issued by international bodies like the International Telecommunication Union (ITU), large and critical entities delivering services that are crucial to the well-being of the nation will be required to have an information security management system (ISMS) in place. "ictQATAR has also drafted Information Privacy Protection legislation designed to acknowledge and protect private and personal information for the citizens in this digital and networked age.” - Khalid Al-Hashmi, ictQATAR Cyber Security on any organisation. “Advanced Persistent Threats (APTs) are sophisticated attacks where adversaries break into systems undetected using long-term access to infiltrate data at will. Although the threats become more advanced once they gain access into a network, the entry point with many attacks is convincing a user to click on a link. However, once the APT breaks into a system, it is very sophisticated in what it does and how it works,” he explains. This is pretty much how the attackers compromised the networks at Al Jazeera and Qatar Foundation. They convinced somebody at those organisations to click on an enticing link that was loaded with tools to download critical security information. It’s a process called “phishing”. “Most attacks are a because of exploiting policy shortcomings, lack of awareness and contemporary training methodologies,” says Khalid Al-Hashmi, Executive Director, Qatar Cyber Emergency Response Team (Q-CERT) in ictQATAR's Cyber Security Division. “The reason [attacks] are successful is because the operator is not fully aware of how to deal with fraudulent messages. If nobody explained the

Cyber Security firms are too reactive. Their budgets are:

on prevention

80% 5%
(RSA)

10-15%
on response

on detection

sional wikis involve the development of online collaborative work. Furthermore, military operations use the Internet for e-mailing, social networking and, unfortunately, visiting dubious websites. All of these elements will increase the possibilities of infiltration and unintentional information leakage. “Experts are no longer reluctant to predict national responsibility in military and industrial espionage or precision attacks that cause physical damage, as in the case of Stuxnet or Shamoon. State-related threats will increase and make the headlines, and suspicions about government-sponsored attacks will grow,” says Ahmed. Sophistication How much preparation goes into these attacks and does it matter where the perpetrators are based when they carry them out? How sophisticated do they have to be to beat the high-level security systems that governments and corporates are investing in? “The internet is a vast network with no boundaries; attacks can be done from anywhere in the world,” says Ahmed. “A simple example is the ability to buy botnets (zombies) which can launch a targeted attack

6 6 Qatar Today

april 2013

tech talk
consequences of opening a distrustful link or what constitutes a distrustful link with no policy around it, why not open it?” Collaboration So is Qatar’s high-profile foreign policy and its relentless drive towards the 2030 National Vision proving to be a thorn in the side of the Cyber Security Division at ictQATAR? Al-Hashmi insists collaboration is the key: “The Middle East has seen unprecedented changes in recent years, helped in no small part by information and communication technologies (ICT),” he says. “As all sectors become more reliant on ICT to provide core services, the security of the critical IT infrastructure becomes ever more important. In Qatar, 70% of our GDP comes directly from the petroleum and natural gas industries, making the protection of the IT infrastructure essential for our national well-being. Similarly, across the government more and more core functions depend on secure, reliable networks.” As the networks and infrastructure have evolved, so too have the threats posed to them. The activities of cyber criminals have been flourishing, and by using advanced technologies and sophisticated techniques they often escape detection, compounding the risks. In order to tackle these issues head on and protect the citizens and resources of the nation, Q-CERT operates as part of the Cyber Security Division within the Supreme Council of Information and Communication Technology (ictQATAR), the nation’s ICT

The potential threat of cybercrime
cyber attacks reaching the physical dimension could possibly cause: Giant electrical generators to shred themselves Trains and transportation channels to derail High-tension power transmission lines to burn Gas pipelines to explode Refineries to malfunction Supervisory control and data acquisition (SCADA) systems to halt Aircraft to crash Funds to disappear Confidential and intellectual data theft Sensitive Data leakages Enemy units walking into ambushes (FireEye)

Essam Ahmed,
MENA Pre-Sales Manager, McAfee

The reason [attacks] are successful is because the person is not fully aware of how to deal with fraudulent messages.”

policy and regulatory authority. Q-CERT works with government agencies, private and public sector organisations and Qatar’s citizens to ensure that online threats are monitored and risks are contained. It has also adopted a collaborative approach with other international CERTs, recognising that cyber threats do not respect state borders. In Qatar, Q-CERT helps protect sensitive information and ensure safety on the Internet through the adoption of a matrix of security controls that protects Qatar’s interests on many levels. On the technology side, the Threat Intelligence Team collects and analyses threat statuses from different security intelligence sources. They also gather information generated from our own sensors to give an overall view of the threat status globally, regionally and, most importantly, locally. Q-CERT proactively informs its constituency in the oil and gas sector, as well as other critical industries, of any possible malicious activity and works with them to rectify the situation utilising incidenthandling and digital forensics capabilities

Once you are connected to the Internet, you can carry out attacks and are susceptible to them. Globally there are
billion connected computers

7 1

billion smart phones

tablets
(RSA)

250

million

april 2013

Qatar Today 6 7

Sign up to vote on this title
UsefulNot useful