Electronic Surveillance and the Middle East

Middle East markets are full of electronics from smart phones up to sophisticated equipments used in telecommunications, security, and Internet surveillance. People and governments are using electronic devices every day. Unfortunately, they don’t know much about these devices and the technology behind it. This situation makes Middle East countries vulnerable to all kind of cyber espionage and electronic surveillance. Governments in the region may think that they can efficiently trace their people online, spying on their phone calls, or event censoring Internet websites using western technologies. But do Middle East governments guarantee that those western technologies couldn’t be used against them?

The answer is NO!

Since you don’t know how exactly this technology works, what inside it and don’t even know how to efficiently use it, you couldn’t guarantee anything!

I mentioned in my latest research that Middle East will face a lot of troubles when it comes to cyber threats and cyber espionage in the 21st century. One of my fears was the heavy investments in importing Chinese electronics! In Middle East they don’t have quality control on electronic devices and even restricts policies or regulations on safety, security, and privacy issues.

USB modem is one of the simplest cases we can investigate in the Middle East. Most mobile phone providers are selling USB modems made in China especially by Huawei. Its available everywhere and anyone using Internet connection on the go will use this technology.
A recent US intelligence report for the first time linked Huawei Technologies Co. to Chinese secret intelligence agency!!!

For this reason Huawei corp. will not be part of a US national wireless network for emergency services. The US government blocked its bid over spying fears. The company is looking to reach more markets and customers worldwide in cooperation with technology giants such as IBM in order to sell their new products!

Are we safe in the Middle East?

Unfortunately, NO!

Although scientifically possible, It is not technically easy to prove that such electronic devices are infected with hardware Trojans or even spying backdoor. It requires certain producers and scanning techniques that are not available to anyone especially in Middle East. Even those infections or malicious circuits are using special covert channels to communicate and send data. The Trojans can also be triggered by certain conditions such as accessing specific data or physical triggers!

Same issue could be applied to censorship and digital espionage using software or malicious codes. Governments are also using these technologies which designed by western companies to trace their people. Your PC could be easily infected with government Trojan or malicious software that will be able to spy on you, invade your privacy, control your PC or even download and upload files to your infected electronic device or mobile phone. But in this case you can’t always trust your antivirus software. You need to be more professional and search for malware manually as many of government Trojans couldn’t be detected by normal antivirus applications!

Even in this case, Middle East governments don’t use locally developed malware or spying tools, they are also using technology from the west such as the case of SSI in Egypt.  Secret services and intelligence agencies in the region couldn’t guarantee security by using such tools. They are opening security holes in their systems as it is always possible to find a backdoor that send information to the manufacturer!

Recently a professional hacker organization discovered and cracked a government spying software used by German authorities. It is scandal in Germany but there are people who could be able to find the malware and even crack the code using reverse engineering techniques!

Nothing is 100% secured and we can’t be safe without proper education!
We need to invest more in our people not just technology!

Sources FYI:
Hardware Trojan Design
Implementing Hardware Trojan
Analyzing Malware manually