August 11, 2012 by Dan Swinhoe
Following our recent pieces on cyber-security in South, East and West Africa, this piece focuses on the North with Egypt. One of the continent’s biggest economies and just coming out the other side of civil unrest, the new government may have its work cut out.
Unlike many parts of Africa, Egypt has a relatively well-developed IT landscape. It has infrastructure, 3G in the cities, a competitive and affordable telecomms sector and a well-trained IT workforce of around 200,000. Mobile penetration stands at 112%- over 90 million people – while the region’s internet boasts 30 million internet users, of who around 22% shop using E-commerce, and many think Egypt is poised to emerge as amajor player in the information economy.
According to BSA’s most recent global software piracy study, Egypt’s levels of pirated software stands at around 60%, slightly higher than the average in the region, and totaling a value of $172m. The government has said itplans to curb piracy and intellectual property, which according to one study could “generate US$254 million in GDP, US$33 million in additional tax revenues and 1,978 new IT jobs” if the piracy rate was reduced by 10% in four years.
While there were relatively few target cyber-attacks originating out of North Africa last year, Egypt isn’t crime free. Despite Damballa Labs claiming “Egypt isn’t a global player in cyber-crime,” history seems to disagree. In 2010 Egypt was named by Kaspersky Labs as one of the top sources of password-stealing trojans in 2010 and the year before Egyptian hackers were involved in one of the world’s largest cyber-crime criminal court cases. More recently, Websense named Egypt third for countries hosting phishing fraud in this year’s Threat Report. While it totaled 6.8% of worldwide phishing, the report noted it had experienced a large rise in the last year. If this is related to the recent political turmoil is hard to tell.
This image from Microsoft’s Malware Protection Center shows that last year Egypt had one of the highest malware detection figures on the whole continent, which may be due to a high number of people using older versions of internet browsers, which are always more vulnerable to attacks than up-to-date software.
It’s hard to mention IT security in Egypt without going into politics. The uprising and recent elections have had a big impact on almost every aspect of life in Egypt, and the world of IT is no different. The uprising itself was one of, if not the, first uses of an internet ‘Killswitch,’ where the government essentially shut off the entire internet for the country with aims to stop the protestors communicating.
The move wasn’t popular and led to other countries contemplating similar ideas. Amusingly one of the earliest ways this shut-off was discovered by those outside the country was through malware monitoring. In retaliation the hacktivist group Anonymous launched ‘Operation Egypt’, bringing down four government sites with DDoS attacks, while spammers used unrest to target people looking for news on the subject.
Now that peace has returned to the country (though the internet freedoms are said to be strict), the new government can get on with addressing new cyber-crime bills. Currently there is no comprehensive cyberspace law, though there are piecemeal parts across other separate bills. An unregulated internet is a breeding ground for hackers and criminals, and something concrete needs to be put in place as soon as possible. Despite these problems, the government is moving towards better cyber security. The Ministry of Communications 2011 round upexplains how the Egyptian Computer Emergency Response Team (EG-CERT) is working internationally to help combat cyber-crime, which is a good sign.
The recent Flame attacks that struck Iran and other MENA countries (including Egypt) have brought state-led cyber-attacks and the general idea of ‘Cyber-War’ to the foreground, and it seems the Egyptian government had similar plans of their own. Around April last year it came to light that a UK firm offered custom-made malware to Egyptian Security Services. Consisting of a “remote intrusion solution,” The total deal was projected to cost the government just over $350,000. Meanwhile a new Persian-born trojan was discovered spying on Egypt’s Middle Eastern neighbors only last week . While these state-sponsored attacks may become a common occurrence in the coming years, Egypt will do well to rise above the regional political quagmire and avoid trying their own versions of these attacks.
Though out of government hands, Egyptian hackers have been reported as going specifically for Israeli websites. Last year Israeli Prime Minister Benjamin Netanyahu’s own site was hacked, placing an image of Egyptian soldiers raising the Egyptian flag in Sinai, while in April Barack Obama’s Israeli site was hacked by TeaM HacKer Egypt.
Egypt is at a crossroads. The fledgling government needs to be careful in getting the balance right; they need a new set of laws and policies that help tighten security and reduce problems with hackers and phishing, but without oppressing the people and suffering the inevitable pushback from hackers and a vocal youth unafraid of showing their grievances.