As the online security debate continues to rage around the world, Alvin Thomas looks at the risks closer to home and finds that residents of Oman need to stay vigilant to protect their identities, bank accounts and other personal details.
March 9, 2017: a new video emerges on YouTube from user “Rick Wolnik”, featuring Amazon’s personal assistant, Alexa. In the video, the user, Rick, the owner of the device, proceeds to ask Alexa a series of questions.
He begins by asking Alexa what the CIA (Central Intelligence Agency) is, and whether she (the device) is working in tandem with the agency to provide them with personal information.
Naturally, Alexa answers his questions and declines his allegations.
However, his next question brought into light a topic that is very much at large on today’s online security scene.
He asks: “Alexa, does Amazon cooperate with the CIA?” Alexa shuts down and refuses to answer his question. He then proceeds to ask the device a few more questions – most of which the device refuses to answer before again abruptly shutting down.
Following this, multiple users begin uploading their own interrogation videos of Alexa. By March 10, these videos take the top spot on the popular thread-based media platform, Reddit, and other online platforms such as 4Chan.
Since then, however, Amazon has patched the device and the software is now designed to respond to such questions. Numerous experts have ridiculed the issue as nothing more than a conspiracy theory, saying it was caused by a “bug with the software”.
Y connected with Amazon’s online help team to get a clearer idea on what is going on. They said: “We would like to inform you that the videos you see online are prior to our software glitch fix. We have patched the software, and will slowly be rolling out more fixes to provide you with a better online experience.”
However, Melanie, the operations manager of a leading cyber security firm in Oman, says that residents in the Sultanate shouldn’t be worried about spying by any international security agency via their devices. “It is not the governments and the security agencies that you have to worry about, but rather, the actual hackers and phishers who are out to steal your online identity, and essentially, track all your online movements,” she says.
“When we talk about the government agencies and various applications tracking you, there is no real validation from any trusted source. Any Tom, Dick and Harry can publish false information, which, in turn, leads to a lot of confusion.
“I personally believe that Amazon’s Alexa was glitching in the videos, and we shouldn’t be worried about it. I’ve been in the field for 14 years and I have heard a lot of allegations being raised against software developers, social media websites and government entities.
“One thing you and I have to remember is that when we sign up for a service like Facebook, we are obliged to respect their policies – even if you don’t read them. Things are very much the same when you install the Facebook application. When you install the app, you are providing Facebook with complete control over your personal information, contacts, email IDs, photos, videos, and what-not.
“That’s a choice you make. In my day, I have not seen Facebook release any form of malicious code that particularly steals your information and it is highly unlikely they [Facebook, Amazon and Google] are actually working with the CIA,” she laughs.
In a phone interview with Y, Shanker, a software engineer from McAfee in the US, agrees with Melanie, saying: “Hackers can originate from anywhere and everywhere. Be afraid of the real demons that hide within your community, not of the people who can save and protect you. Recently we have been hearing that the FBI and the CIA are keeping a log on people. That’s utter nonsense.
“Most cases of hacking and online security attacks involve a criminal party – better known as hackers. This can be an individual or a group of individuals who can work towards securing your information.
“Be aware that there are actual entities that are willing to pay for your online information. Bank accounts, personal IDs, email IDs and work information are all of value to these hackers.”
According to Infosec Institute, a US-based security training company, China is the world leader in cyber-crime with more than 41 per cent of all cyber attacks originating from the country. China is also the largest user of the internet, with more than 640 million users.
In a report published in The New York Times concerning hackers in China, IT programmers allegedly received substantial support from the government.
For example, the Chinese Ministry of Education collaborates with Chinese universities for arranging hacking competitions to distinguish the best professionals in the field.
Shanker believes that hacking in Oman is not as prevalent as hacking in countries such as the US or India.
“We have not seen any instances of political hacking in Oman,” says the engineer.
“The US happens to be the major target of foreign cyber attacks. Here, we receive more than 22,000 internet-related complaints per month. The numbers only grow daily,” he adds.
The good news is that Oman was ranked third in the world for countries best prepared for cyberattacks, according to the 2015 Global Cybersecurity Index, coming behind the US and Canada. Oman shared third spot with Australia and Malaysia.
According to Oman’s Information Technology Authority’s (ITA) report, the Information Security Division thwarted 398,118 attacks against government portals, as well as 4,872,081 attacks directed at government networks in Oman in 2015.
The Oman National CERT, which was established in April 2010 to analyse online risks and security threats, also reportedly discovered and neutralised 5,932 “real and serious cyber security attacks” against Oman, as well as uncovered 298 damaging malwares on computers during that period.
According to Melanie, however, the leading kind of cyber-crime is data phishing from social media platforms (click-jacking, doxing, and pharming).
We contacted an Indian expatriate working with a leading international marketing firm in Oman, who had recently been hacked online. She was initially reluctant to share her story, but was willing to go on record if we promised her complete anonymity.
“It all started late in 2016, when I was on a business trip to Thailand,” she says. “I travel often, and I tend to be out of Oman for number of days at a stretch. During my trip, I usually carry my usual set of items: passport, two sets of phones (one for each SIM card), one laptop and a few flash drives for when I have to make presentations for my clients.
“I remember heading to a coffee outlet in a renowned mall in Oman, prior to my flight. And, as always, I connected my laptop to the free Wi-Fi that they provided. This was to be the biggest mistake I had ever made, though,” she says.
“I remember a pop-up in my browser, which asked me to update my Adobe Flash Player. Naturally, I clicked yes. After this, I noticed that my computer’s keyboard was completely unresponsive.
“A few minutes later, it came back to life, though. However, I remember seeing my Windows Defender application turned off. That’s when I first suspected that I was a victim to some form of malicious software – although I didn’t care much about it.
“I could never have imagined such a thing happening to me. Up until that point I had remained completely safe from such events,” she says.
However, she was running out of time and ignored the issue, and headed to Thailand for her trip. But it was only when she reached Thailand when she realised that she had not only been hacked but her online social media platforms were hijacked and her banking credentials locked after her bank noticed suspicious activity.
“It was the biggest shock of my life. My first clue was when I noticed weird links popping up on my Facebook wall, and then messages being typed out, and sent to friends by an unknown source.
“I completely freaked out when that happened. All my pictures and private messages were compromised. This wasn’t a case of revenge either. The messages that were sent from my account were malicious links that would have been affecting my friend’s profiles too,” she exclaims.
She says that many of her friends began contacting her asking her if she was still in contact with her account.
“After that, I changed my password using my mobile phone, and regained control of my Facebook.”
Later in the evening, however, she was “flabbergasted” to find that her bank had completely locked her online account, citing suspicious activity.
“My banking credentials were all saved in my laptop, and that would have been the entry point for these phishers. Moreover, I noticed a fake profile being created in my name on Facebook, too.
“This had escalated things beyond my control, and the very next thing I did was call up my colleague from the office back in Oman. He suggested that I report the profile to Facebook, and also alert the bank about the situation.
“I did just that, and I also reported the matter to the Oman CERT, the country’s
cyber security agency,” she says, before adding that she had to completely restore her laptop system.
“I had lost all my files after I wiped my system electronically. But it was a small price to pay. Yes, my business trip was a disaster, with a lot of collateral damage due to my mistakes. I almost lost my job due to that fiasco,” she says. “An agent from Oman CERT quickly followed up, but I had already lost everything, and I decided to withdraw my complaint since I did not want to be involved in a legal altercation. However, I am very disappointed to see that Facebook has yet to take down that fake profile that was created.
“It isn’t active today but it has made all my images public. It is a complete breach of my privacy,” she adds.
She is sure that her hackers originated from Oman and accepts that it was her carelessness that eventually led to her downfall. Since the incident, she has also kept complete control over her four-year-old daughter’s online activities (even when she’s away on business trips), saying that “children are an easy prey to online predators”.
The Royal Oman Police (ROP) revealed last year that more children are falling victim to child predators on a daily basis. Statistics are scarce, but the ROP – in an interview with local media – revealed that a “large” number of online harassment cases involving adults targeting children in Oman through social media had been reported.
According to an unnamed ROP official, in certain cases, offenders asked some children to meet them to abuse them later. The official also went on to confirm that “rape cases have also been reported”.
“Parents must talk to their little ones when they suspect any suspicious behaviour because children are afraid of explaining such threats to their parents,” the official was reported as saying.
Research by Y has revealed that there is a host of applications that can be downloaded onto a child’s smartphone to keep a tab on his or her online activities, as well as whereabouts.
Among the top applications are Norton by Symantec, PhoneSheriff and ESET Parental Control. All applications provide the parent with adequate control over the websites that a child browses, the people he or she is in contact with, and firewalls for viruses.
As for adults, Ooredoo recently announced the availability of an individual cloud-based device security solution for all of its 138 million users. The new security service is designed to protect customers against viruses, dangerous files and harmful websites across their connected smart devices, fixed and business accounts. The security service will be provided by German security specialist Secucloud.
Talking about the partnership, Sheikh Saud bin Nasser al Thani, the CEO of Ooredoo Group, said: “In the era of the internet of things [IoT: the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data], it’s essential to have protection that’s as powerful and easy to use as possible.
“For a long time now, people have had much more than just a single PC – they also have smartphones, tablets, smartwatches and several other internet-enabled devices that need protection against internet-based attacks.
“It’s just not possible to protect each device individually – instead, efficient protection needs to be centralised and delivered from the cloud. We recognised this requirement some time ago and have developed the security service in partnership with Secucloud to protect our customers against increasing IoT-based threats.”
But the final word must go to Melanie, who learned about online security the hard way.“Today, we live in a world which is connected,” she says.
“And as we connect with more people, the risk of something wrong happening increases – it’s a natural phenomenon. More than 3.5 billion people use the internet today, and that’s 3.5 billion more people to protect.
“So let’s start by doing the obvious. Let’s learn to protect ourselves.”
1. Know the scams. Read articles and blogs, follow the news, and share it so you can learn about different kinds of scams and what you can do to avoid them and also help your friends.
2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, double check the URL and make sure it’s not asking for information it shouldn’t be.
4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online – a credit card company is more likely to reimburse you for fraudulent charges.
5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like “9&4yiw2pyqx#”. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts.
6. Protect your info. Keep your guard up. Back up all of your data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected.
8. Install a firewall. A firewall is a great line of defence against cyberattacks.
9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans.
10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the web can protect you from a hungry