As technology makes deeper inroads into our lives global organised crime has also gone high-tech. Auctioning sites are now selling malware and stolen bank card details. Criminals shift from the physical to cyber world due to the relative ease of operating almost invisibly over the internet.
The growth of malware has shot up exponentially in the last few years. In 2007 over five million unique malware samples were detected. At this growth rate, it can be projected to reach 230,000,000 by 2010.
Cyber crime has sparked off a hardware and software security business worth billions of dirhams not just worldwide but also in the region. The global market for information security products and services is set to witness strong growth and is expected to exceed Dh290 billion by 2010.
Emirates Business spoke to IT security experts to find out more about cyber crime, the IT security business and what one needs to do to protect oneself.
"The business of selling personal and financial information globally is a multi-billion dirham organised business. Most of these attacks are generated from Hungary, Poland, Russia and China," said Samir Kirouani, Senior Technical Engineer, Trend Micro Middle East and Africa. "It does not cost much money to make spam but the revenue that it generates for these people is huge so it is a very lucrative business."
They get the personal and financial information off the net and sell it to people who want to sell things on the net, he said. "People do not like to give their e-mail addresses and personal information easily so these sellers get in touch with the hackers who hack into web servers that have huge databases like banks, offices etc and get the information. While some of them sell it off to unscrupulous companies others use it to get vital personal to steal money."
Irfan Ahmad, Director Advertising and Sales, Yahoo, Middle East agreed: "There are many companies who would like to have personal information so that they can sell their products.
"Banks do that a lot. They need the lifestyle information to sell their related products. For example if I use a credit card to buy an accessory for my car they then know that I am interested in cars and can approach me for an auto loan or if I pay my childrens' school fees via the credit card they can then approach me for an education loan.
"While some of these companies likes banks sell their products legally some of this data is also used by companies that sell stuff on the net which they cannot sell in the open market."
Like the rest of the world the Middle East too is vulnerable to cyber crime.
Industry sources say some Middle East-based companies are receiving as many as 1.5 million e-mails per day across their networks with as much as 90 per cent being spam, making them potential targets for devastating cyber attacks.
Companies suffering from e-mail-based attacks on their messaging infrastructure and network resources expose their businesses to a number of crippling threats such as data leakage, compliance issues and legal risks.
With a reported year-on-year growth of 300 per cent, spam is on the rise at an extraordinary rate.
Daan Hakkert, Acting Regional Director, McAfee Middle East said: "The Middle East is vulnerable right now because this area is getting discovered in many ways. Once you are discovered then it brings other problems with it. Even though the businesses here are growing bigger, the fact remains that IT and IT security is a young industry here and is an easy target right now.
"There is a need here for legislation like they have in developed countries. In the US for instance, the moment you set up a network you are required to set up a protection system. There you also have to publish data loss the moment it occurs."
However, the security pressures and constant development of sophisticated security solutions have sparked off a huge software and hardware security market.
In fact, the global market for information security products and services is set to witness strong growth, and is on course to exceed Dh290bn by 2010, according to Epoc Messe Frankfurt, organisers of the Intersec trade fair and conference.
The IT security business is huge at the moment due to the rise in cyber crimes worldwide.
Daan Hakkert said "My estimate is that the IT security industry globally is worth over a billion dollars. In the UAE itself the industry both in terms of hardware and software IT protection technology is worth millions.
"In fact the demand for security is almost the same as IT spending because the moment you set up a network you instantly want a security system to protect it."
Conventionally, the market has been spurred by strong growth from the United States and Europe who dominate the global market, collectively accounting for practically two-thirds of the sales. However, the maximum growth is projected to originate from the rapidly increasing Asia-Pacific market.
"We are entering a phase of major metamorphosis with several cutting edge technologies emerging every day to face the new trials in the form of increased security threats, and the ever-changing risk environment in which we operate," remarked Angela Schierholz, Senior Show Manager, Intersec trade fair and conference.
Information security services represent the largest and the fastest growing segment of the global security market followed by security software.
Information security hardware products account for a minor portion of the total market, the segment is forecast to post an impressive CAGR of 19 per cent.
Bulent Teksoz, Manager, Systems Engineering, Symantec, Middle East summed it up: "The battle against internet security threats will continue to rage on and tactics on both sides will become more sophisticated over time.
"Although no one can be certain of what the future holds, we can look back and learn from our past to identify trends that can help make educated predictions for where future attacks may be heading."
"Cyber criminals scan the net for vulnerable computers that do not have adequate firewall, virus and malware protection. Once they find it then they start monitoring it and also start managing it remotely. You become a source of data for them," said Samir Kirouani, Senior Technical Engineer, Trend Micro Middle East and Africa.
As public awareness about cyber crime increases the hackers are coming up with more sophisticated ways to hack into your systems and servers.
For example, earlier they used to do phishing, but now people have become aware of it so now they have come up with something called pharming.
In phishing you need the person to click on an email to give them access but in pharming there is no such thing so detection is very difficult. The hacker redirects a website's traffic to another bogus website.
This can be done either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses – they are the "signposts" of the internet.
"Compromised DNS servers or 'poisoned' servers as they are called then automatically lead you to a wrong server or web page managed by them where you inadvertently give them your personal information thinking it is the website of your bank or of the shopping portal," said Kirouani.
"Increase your own level of awareness about the net and how it works. Also make sure all your computer protection software is up to date as technology changes so swiftly," said Samir Kirouani, Senior Technical Engineer, Trend Micro.
Have a multi-protection system like a firewall, anti-virus and malware software and IDS, he said.
"Internet users need to be very careful when they use the net say for paying their credit card bills or other bills," said Irfan Ahmad, Director Advertising and Sales of Yahoo Middle East.
Look at the email address or URL closely before you give your personal details because if it is not the genuine site then it will not have the proper name of the bank or other company as the final landing page.
"Also do not click on to links to get to other sites. Always type the address in yourself," Ahmad said.
"Multinational companies in the UAE need to follow the same rules regarding network security that they follow worldwide."
The local companies also on their own need to recognise the risk and protect themselves, said Daan Hakkert, Acting Regional Director, McAfee Middle East.