Lebanon's Public data: From State-Controlled Telecom to a Private Data Haven
In the latest chapter of the never-ending saga that is Lebanon, government websites are getting hacked faster than you can say “cybersecurity.” The grand prize? Data from the Ministry of Justice itself, now available on the dark web for the bargain price of Usd6500. You might ask : Are we so cheap?? And in true Lebanese fashion, no one really cares. It’s just another day in paradise, where the government’s laissez-faire attitude towards cybersecurity has turned the country into a digital flea market.
Yes The world’s digital content is expected to grow tremendously. It is doubling in size every two years, and by 2020 the digital universe, the data that is created and copied annually, will reach 44 zettabytes (ZB), or 44 trillion gigabytes (GB). But is this a reason to be hacked??
The latest attack on Lebanon is not unique for the Middle east were government agencies are the most attractive targets for cybercriminal attacks, accounting for 22% of the total number of attacks on organizations. A distinguishing feature of attacks on Middle Eastern government agencies is that they are mainly carried out by Advanced Persistent Threat (APT) Groups (56%), covertly establishing themselves in the victim’s infrastructure for an extended period of time for the purpose of cyberespionage. These attackers are highly skilled and possess a whole arsenal of malware and exploits to compromise systems and exfiltrate data.
The Cyberattack Chronicles
Seemingly benign nation states such as Lebanon and the Netherlands are rising in the ranks of nation-sponsored attackers. The motivations for this rise are unclear, although both countries made headlines this year with cyberattacks: Lebanon for spying on thousands of people across 20 countries via an Android malware campaign; and the Netherlands for penetrating Russia’s Cozy Bear organization and uncovering the hack of the Democratic National Committee during the 2016 presidential election in the U.S.
But Let’s set the scene: it’s a sunny Monday morning, and the Ministry of Justice’s data is up for grabs on the dark web. The reaction? A collective yawn. Why stress over something as mundane as confidential government data being sold online? The Ministry of Justice records include sensitive information, legal documents, and personal data, but who needs privacy when you have a front-row seat to Lebanon’s political circus? In an earlier cyber attack this year, information screens at Beirut-Rafic Hariri International Airport were hacked with anti-Hezbollah messages.
Earlier in the year The Ministry of Social Justice and Lebanon’s Parliament website was also targeted. The Chamber’s press office announced this with all the gravity of a weather report. Cybersecurity? That’s just a fancy word for a problem that can be solved with a reset button and a prayer. It’s almost charming how the Parliament views cyberattacks as minor nuisances, akin to pesky mosquitoes rather than a genuine threat. After all, who needs robust cybersecurity when you have faith and a bit of luck. According to a study by the American University of Beirut (AUB), small and medium-sized
companies (constituting about 90 percent of all companies in Lebanon) are the most vulnerable to penetration, due to the weakness of their protection systems compared to large ones.
“We were exposed to a breach at the beginning of this week, and they demanded a ransom of Usd250,000 in order to retrieve the information and data that they encrypted,” says the owner of a major food manufacturing company in Lebanon, who preferred not to be named.
Banks were also the target of a new computer virus that can monitor and steal information from online bank accounts. The virus, discovered by Kaspersky Lab and called Gauss, is likely to have been made by the people behind the Stuxnet, Duqu and Flame viruses. Those viruses are said to have been created by the US and Israel, mostly to target Iran or disrupt its uranium enrichment programme. Kaspersky said in a statement that the Gauss virus was designed to target Lebanese banks, including Bank of Beirut, Banque Libano-Francaise, BlomBank, ByblosBank, FransaBank and Credit Libanais, and users of Citibank and Paypal, the online payments system.
The Ministry of Justice’s Nonchalance
When news broke that the Ministry of Justice’s data was being hawked for Usd6500, one might have expected an uproar. Instead, the response was a masterclass in apathy. A ministry spokesperson reassured the public that efforts were underway to resolve the issue, which in bureaucratic terms means they might get around to it eventually. After all, Usd6500 is just pocket change, right?
Imagine the dark web as a bustling marketplace, with stalls selling everything from counterfeit goods to stolen data. The Ministry of Justice’s booth is particularly popular, with eager buyers snapping up records for Usd6500. It’s a clearance sale, and everything must go! The best part? The government’s complete lack of response means there’s plenty more where that came from.
It’s not like the integrity of the judicial system is at stake or anything. In a stunning display of bureaucratic acrobatics, Lebanon’s Ministry of Justice has managed to turn a straightforward decision into a spectacle worthy of a soap opera. Offered the opportunity to securely host its confidential data with OGERO, the state-run telecom operator, the Ministry instead opted to hand the job over to a private company. Yes, you read that right—because why choose the safe, government-backed option when you can inject a little risk and drama into the mix?
The OGERO Proposal
OGERO, Lebanon’s stalwart telecom operator, stepped forward with a proposal to host the Ministry of Justice’s confidential data. Given OGERO’s long history of handling the nation’s telecommunications, this seemed like a match made in bureaucratic heaven. After all, who better to manage sensitive government data than a state-run entity already entangled in the country’s intricate web of telecommunications? With promises of top-notch security, state-of-the-art facilities, and a patriotic commitment to safeguarding national secrets, OGERO’s offer was a no-brainer. But then again, this is Lebanon, where the no-brainers often require a Ph.D. in political science to decipher.
A high ranking source at OGERO told NOWLEBANON that no one is safe.
We intervened with all ministries to have their data stored at OGERO but we were simply shown a cold shoulder he quoted.
Lebanon has developed a vision and a strategy for cybersecurity but there is no government entity to deal with cybersecurity issues; In 2019 the council has developed a National Anti-Cybercrime legislation. Usually the government should have relied on the Telecommunications Regulation Agency TRA but this organisation was shut down following political bickering.
The lack of a unified and clear Cyber Security strategy across different public sector bodies and private organizations makes it difficult to defend and prevent such attacks, the report said.
Despite the timid attempts by some institutions and entities at securing their data and
systems, the initiatives implemented in Lebanon were greatly insufficient to accomplish
the desired goal, the source said. These efforts need to be integrated in a collaborative approach, following a well-defined strategy that better defends against attacks and counters Cyber Crime. The unorganized efforts of today, in the field of Cyber Security in Lebanon are not achieving the desired results, he added.
But is OGERO safe ?
Lebanon’s state internet provider OGERO came under a sustained 10-day cyber attack last April. While the perpetrator has not been immediately confirmed, suspicion has fallen on Israel, which has ramped up its technological and cyber warfare amid its conflict with Hezbollah in southern Lebanon. Israeli cyber attacks on Lebanon are common.
However, the impact of the attack appeared underwhelming, as Lebanon’s population already endures recurring connectivity problems. User complaints about slow speeds are common, as are strikes at OGERO and other internet providers. Industrial action related to pay disputes often leads to internet blackouts.
Since October 8, the Iran-backed Lebanese armed group and political party Hezbollah has been engaged in near-daily cross-border attacks with its archenemy Israel. Hezbollah says it is carrying out strikes in support of its embattled Palestinian ally Hamas in Gaza.
Much of the focus on the conflict has been on the steadily increasing death toll and the expansion of cross-border attacks. However, the exchanges have also seen a rise in technological impacts. The security source noted an increase in cyber attacks since the conflict broke out in October, pointing to the incident at the airport.
Passenger jets arriving at Beirut’s airport are having to use alternatives to GPS to help them land because of jamming and “spoofing” blamed on Israel, which risks interfering with flight navigation. Since the onset of the Israel-Gaza war, Israel has admitted to increasing GPS jamming in the region to thwart attacks by Hamas and Hezbollah.
The Minister’s Unexpected Move
Enter the Ministry of Justice, stage left. In a plot twist that left even seasoned political analysts scratching their heads, the Ministry decided to ditch OGERO’s proposal. Why settle for a safe pair of hands when you can introduce a wildcard into the mix? The decision to pass over OGERO in favor of a private company is a move that reeks of intrigue and perhaps a touch of political theater.
One can only imagine the behind-the-scenes deliberations. Was it a question of efficiency, cost, or perhaps the allure of adding a bit of excitement to the typically dull world of data hosting? Whatever the rationale, the Ministry’s choice has added a fresh layer of complexity to an already convoluted narrative.
The identity of the private company chosen to handle the Ministry’s sensitive data remains shrouded in mystery. It’s like waiting for the big reveal in a murder mystery novel—except in this case, the stakes involve potential data breaches and the fate of Lebanon’s judicial records. Rumors abound about the company’s capabilities, its connections, and whether it has the chops to handle the magnitude of this task.
Critics have been quick to point out the risks. “Entrusting confidential data to a private entity without the oversight and accountability of a state-run organization is a gamble,” they argue. But in Lebanon, where everyday decisions often have the drama of a high-stakes poker game, what’s a little risk?
The public, ever resilient and accustomed to governmental antics, has responded with a collective shrug. In a country where political maneuvering is as common as daily power cuts, the decision to bypass OGERO is just another day in paradise. Citizens are too busy dealing with more immediate concerns—like navigating economic turmoil and surviving infrastructure meltdowns—to get worked up over the intricacies of data hosting.
Dark Web: Lebanon’s New Souk
The dark web has become Lebanon’s new souk, where hackers peddle government data like street vendors selling vegetables. Need court case details? How about some juicy intel on ongoing investigations? It’s all there, waiting for the highest bidder. The Lebanese government’s lack of concern is almost admirable in its consistency. If there’s one thing they’re good at, it’s maintaining a steady course of inaction.
Apathy as a National Strategy
Lebanon’s approach to cybersecurity is akin to leaving your front door wide open and hoping burglars are too polite to enter. The nation’s collective indifference is almost poetic. Why bother securing data when you can just deal with the fallout later? It’s the digital equivalent of closing the barn door after the horse has bolted. But who needs a horse when you’ve got a sense of humor?
A Hacker’s Playground
Lebanon has become a playground for hackers, who view government websites as low-hanging fruit. The Ministry of Justice hack is just the latest in a string of breaches, each one met with a shrug and a half-hearted promise to “look into it.” It’s almost like the government is daring hackers to up their game. “Oh, you got the Ministry of Justice? Let’s see you hack the Ministry of Public Works. That one’s a real challenge!”
The dark web economy is booming thanks to Lebanon’s cybersecurity negligence. It’s a marketplace where data is the new currency, and Lebanese government records are hot commodities. Hackers are making a killing, while the government remains blissfully ignorant. It’s capitalism at its finest, with a dash of cyber chaos for good measure.
A Nation’s Priorities
In Lebanon, cybersecurity is about as high on the priority list as finding a unicorn. The government is too busy dealing with political infighting, economic collapse, and infrastructural decay to worry about something as trivial as data protection. It’s a classic case of rearranging deck chairs on the Titanic, but with a distinctly Lebanese flair.
Looking ahead, one can only imagine the innovative ways in which Lebanon will continue to ignore cybersecurity. Perhaps they’ll outsource it to the lowest bidder or better yet, adopt a crowdsource model where the public can chip in. Why not let everyone have a go at securing the nation’s data? It’s an experiment in digital democracy, and Lebanon is leading the charge.
Who really cares?
The Ministry of Justice’s data breach is a fitting metaphor for the state of the Lebanese government. It’s a system built on shaky foundations, propped up by a mix of indifference and incompetence. The fact that confidential records are being sold for $6500 on the dark web is both tragic and absurd. It’s a comedy of errors, and the government is the punchline.
There are no estimates how much cyber attacks have cost Lebanon. The Lebanese Army website states that in 2014, cyber-crime cost the global economy 0.62% of GDP, amounting to a range between $445 billion and $600 billion. Our second global estimate indicates that by 2016, this figure rose to 0.8% of global GDP. The cost of cyber-crime continues to increase, which isn’t surprising given the intensification of such illegal activities. According to Cybersecurity Ventures, the cost of cyber-crime could reach $6 trillion by 2021.
In the end, who cares if the Ministry of Justice’s data is sold on the dark web? Certainly not the Lebanese government. As cyberattacks multiply and data leaks become the norm, the nation’s response remains a collective shrug. It’s a testament to the resilience of a people who have bigger problems to worry about.
So here’s to more hacks, more breaches, and more data sales. After all, in the grand scheme of things, what’s a little cyber chaos among friends?
Maan Barazy is an economist and founder and president of the National Council of Entrepreneurship and Innovation. He tweets @maanbarazy.
The views in this story reflect those of the author alone and do not necessarily reflect the beliefs of NOW.
