A common misperception in Cybersecurity is that the Cybersecurity Leader should be a Hacker or a pure technical person!

In the latest report by Gartner, under the title of “Reframe the role of the Cybersecurity Leader,” was that Leadership Misconception is that “The CISO “Chief Information Security Officer” prevents breaches. They highlighted that we should Reframe this to:” A leader Facilitates Risk Management.”

The second point was Leadership Misconception:” Cyber risk is a Security’s problem.” While we should reframe this to:” Cyber risk is a Business/Organizational risk.

We must change our mindset from treating Cybersecurity as a technical problem that should be managed by technical and IT People and start dealing with it as a Risk, like any other business/organizational risk where everyone in the company should be involved.

There is No solution for Cybersecurity; it is a continuous process that we should work on daily, based on a Cybersecurity framework that fits our organization. The most common Cybersecurity risk management framework is the one by NIST “National Institute of Standards and Technology” by the U.S Department of Commerce, and it is composed of five main pillars:

1- Identify (What you are trying to protect by identifying your digital assets, supply chain, etc.)

2- Protect (Putting the right strategy to protect your company and one of the main points is Training & Awareness)

3- Detect (Knowing that there is nothing called 100% secure, we must know that we can be hacked anytime, and we should have all the monitoring tools and human resources to detect the Cyberattack)

4- Respond (What are the activities that you should do to respond to any attack, this plan should be ready, easy, and practiced before. the essential factor here is Communication internally and externally)

5- Recover (what is my recovery plan to go back to the initial stage with the lesson learned and action to be taken to present similar attacks in the future)

In brief, Cybersecurity is not just a technical problem; it is also an economic, psychological, and human behavioral challenge, all rolled into one. A different set of rules governs cyberspace. The concepts of distance, borders and proximity all operate differently in cyberspace compared to the physical world. Cybersecurity is still “new,” and we are still learning every day.

Roland Abi Najem
CEO of Revotips – Cybersecurity & Digital Transformation Consultants
www.revotips.com
www.rolandabinajem.com

• Facebook has a long history of criticism about users’ privacy the content it views
• Today’s scandals differ from past instances in the papers leaked from within the corporation

Experts do not seem surprised by the fact that Facebook has changed its name to Meta, which will encompass all the company’s apps and technologies.

After all, Facebook is facing widespread scrutiny for real-world damage caused by its various platforms, following the leak of hundreds of internal corporate documents by Francis Haugen, a former project manager with the company.

The released data revealed extremely dangerous facts about how Facebook handles information, one being the platform’s inability to deal with misinformation regarding the coronavirus and its vaccines.

The documents further revealed that Facebook intervened in US presidential elections, and turned a blind eye to hate speech that was taking place. It is also accused of failing to take action to stop it.

Instead, it apparently used algorithms to match specific politicians, and content was shown and blocked without warning.

The information extracted from the files also revealed another fact: The civic integrity team within the company was constantly blocked by Mark Zuckerberg himself, with the actions leaning towards his political considerations.

The documents also show Facebook prioritizes profit over monitoring, as it turns out that it is unable to monitor content around the world as efficiently as it claims.

The documents show that only 70 of the declared 100 languages are covered, and content is observed, while the remaining 30 languages are not censored at all.

There apparently aren’t enough people who know these languages to keep track of what’s going on.

Repairing reputation

Speaking to TRENDS, Roland Abi Najem, a consultant and expert in digital transformation and information security, said Facebook’s recent crisis is the largest of its kind, as it shines a light on the company’s involvement in the proliferation of hate speech.

He explained that rebranding the company is a part of Zuckerberg’s plan to separate the Facebook application and its problems from the recently announced parent company Meta.

According to Najem, the move could be a part of an effort to repair Facebook’s reputation and close the page after a series of publicity disasters, like misinformation on its platforms, failures to moderate content, and confessions about the negative impact of its products on the mental health of users from certain demographics.

After all, Zuckerberg’s aim is to attract the young generation — mainly those aged 18-29 years — and content creators, and build a new digital identity for consumers.

The impact on FB’s strength and future

Facebook has a long history of criticism and complaints against it about users’ privacy on the platform and the content it hosts. Still, the recent controversy differs from past instances because the papers were leaked from within the corporation.

In terms of whether the documents have an impact on Facebook’s strength and work, Najem said that the recent large profits announced by Facebook exceeded the company’s expectations and that the users of all Facebook platforms exceeded 3.6 million, which was clear evidence of Facebook’s strength and success in attracting users.

According to him, the only thing that can limit Facebook’s dominance is regulations that may be passed due to this documentation showing that Facebook has broken the law.

The trials that the tech giant will face may result in laws requiring Zuckerberg to separate his companies, or prosecuting him, or even placing Facebook under government supervision or legal oversight.

Still, Facebook’s downfall is doubtful, given that it is a global platform for millions of businesses.

As for the strength of Facebook in the Arab world, Najem said: “There is no alternative to the Facebook platform in the Arab world to compete with it, even by 1 pervcent.”

Moreover, the Arab world’s audience “is generally responsive and unproductive, and it heavily relies on the platform in its work,” he continued. “Thus, the platform will be unaffected in our region.”

To read the interview on Trends Mena website with journalist Hadeel Karnib, click here

It’s September 11 again in the digital world, a catastrophe that struck and shaken one of its strongest pillars. The world is stunned, terrified and can’t believe what is happening. Facebook, WhatsApp, Messenger and Instagram have been suspended for more than six hours, piling up financial losses and leaving the world’s communication pioneers floundering in complete darkness.

The reasons for stopping Facebook have not yet been clearly and unambiguously revealed, and the technicians, as researchers, must find their sources later, but the most important question remains: Who embraced Facebook’s orphans in his absence, and how did its pioneers and the pioneers of its auxiliary sites bear this sudden departure? How did people live six hours without Facebook and Instagram and without WhatsApp???

Is it a terrorist cyber attack that hit America through one of its giants, or is it a penetration of the largest technology company in the world, or perhaps an intentional act by Zuckerberg to wrap up a scandal whose indicators are starting to loom? Many questions and their answers are revealed by specialists, as they reveal the repercussions of this “incident” that amount to a “disaster” on Facebook’s profits, its role as one of the largest companies in the world and its exclusive control in the world of communication. They also reveal how these misfortunes that befell Facebook and its affiliates have turned into benefits. When it comes to other communication companies, especially Twitter.

Facebook stopped working, explaining its reasons to “Nidaa Al-Watan”, the consultant in information security and digital transformation, Roland Abi Najem, saying: “The malfunction that occurred on Facebook the day before yesterday was determined, but the cause that led to it was not yet known. The malfunction affected what is known as the DNS, meaning The servers that Facebook uses to transfer users to other sites, but what is not known are the reasons that led to this failure: was it a hack, or problems caused by engineers who were making internal modifications? From the company”. Abi Najem adds: “There have been problems in Facebook previously, but it is the first time that the company’s platforms, which are Instagram, Messenger and WhatsApp, have stopped for about six hours. Frances Hogan called on Sunday, October 3, in which she stated that “Facebook is prioritizing divisive content over safety, in order to reap higher profits.” When the site went down, one of its administrators denied these allegations.

According to MEAWW, Hogan leaked a set of internal Facebook documents to the Wall Street Journal, which led to the publication of a series of severe reports last month. It also sent documents to lawmakers and filed an application to protect whistleblowers with the Securities and Exchange Commission, and the outage occurred on Monday October 4 in the afternoon, a day after Frances Hogan’s interview that appeared on “60 Minutes.” Twitter investigators took no time to connect the two incidents, accusing Facebook CEO Mark Zuckerberg of “deliberately” shutting down social media platforms to avoid “scandal”.

Scandals, losses and lawsuits

For his part, Abi Najem explains the repercussions of what happened, saying that about 3 billion people in the world use the platforms of Facebook, or nearly half of humanity, and from here it is possible to estimate the size of the disaster that has befallen. The financial losses that afflicted the company began with the spread of the scandal previously, but they increased dramatically with the cessation of Facebook, reaching more than 230 billion dollars, and the cessation was directly reflected on other technology companies. Al Sharq Business Technology has listed a table with the decline in the market values ​​of major technology companies in today’s trading, amounting to 47 billion for Facebook, 58 billion for Apple, 37 billion for Google, 47 billion for Amazon and 45 billion for Microsoft.

Aside from financial losses, Facebook is under tremendous pressure from the US administration, which sees its exclusive control of this huge number of users as a danger to the reality of the Internet and communication, and the evidence is what happened yesterday. The Pentagon and the White House were most interested in what happened, and the US government had previously sought to break the exclusivity of Facebook, which has become stronger than all countries, and separate its affiliates from it and from each other. In fact, according to Meaww, Facebook is facing an antitrust lawsuit brought by the Federal Trade Commission that seeks to force the social media giant to restructure or sell assets, including Instagram and WhatsApp, over concerns that “Facebook has a monopoly on the power to provide users with online communication services.” Personal social networks in the United States have maintained this strength continuously since 2011.

In our contact with an official working for Google in Ireland, she told us that the reason for stopping Facebook seems so far to be technical due to engineering reasons and not contrived, as engineers from within the company were making modifications to some systems when the shutdown occurred. It is not possible to assess the results of what happened and its reflection on Facebook and other companies a few days ago, but what can be said that work to strengthen protection and security systems has already begun to fill all potential gaps, and what can be confirmed is that with every minute of stopping the company loses approximately $160,000 in advertising revenue, which relies on ads as a primary source of profit.

“Every wedding is a disc”

Lebanon, immersed in its crises, even the glut, did not lack a new catastrophe, whose sons revolted and took hundreds of thousands to the street when the authorities tried to harm the free WhatsApp, and suddenly found himself cut off from the world almost completely and immersed in a cyber darkness added to its electric darkness. At first, the Lebanese did not understand what was going on. They were beating their fingers on their phones for a quick “refresh” operation to put things right; Then, after the state of denial they were accustomed to, and when it became clear that Facebook, Instagram and WhatsApp had stopped, there was a real panic among the Lebanese, thinking that the worst had happened and the internet had stopped in Lebanon.

Social media expert Bashir Al-Tigriny summarizes what happened in Lebanon on Monday night, saying: A state of panic spread among the Lebanese when they confirmed that Facebook had stopped. They are afraid of losing it. They are the ones who have become addicted to social networking sites and suffer like others with what is known as FOMO or Fear of missing out, that is, the fear of being out of communication and missing some of what is happening around them. Soon, many users began to resort to downloading other applications to be an alternative to Facebook, Instagram and WhatsApp during their downtime. However, Al-Tigriny asserts that with the return of these applications to work, everyone will abandon the new applications that formed “instead of lost” because users, especially in Lebanon, are loyal to Facebook and Instagram, although many have tended to “Twitter” to know what is happening on the one hand and for entertainment and to meet their addiction. On social media on the other hand.

But while the fear of users in the world was focused on the loss of data, i.e. their personal information, especially that Facebook had previously been subjected to legal prosecutions as a result of a leak of users’ private information, the situation in Lebanon was different, as many were not affected by the loss of data that does not pose a threat to them, Rather, their fear stemmed from two main things: first, that many have commercial interests on Instagram and Facebook that they live off of and were afraid of losing them. And their families scattered around the world, from here many rushed to download applications such as Signal, Telegram and Viber to replace WhatsApp.

But if Mark Zuckerberg’s throne shook in the world, the hearts of the Lebanese were more shaken, as it became clear how addictive and attached to the communication sites are, after it became one of the few sources of pleasure left for them and the extent of the panic that hit them when they thought they lost it. Bashir Al-Tigrini asserts that Lebanon is considered, relative to its population, one of the countries whose people spend their time on social networking sites, especially on Facebook and Instagram, and with the constant threat of the internet being shut down, the “sight” was very heavy on them.

Gloating of enemies

The biggest laughter last night was Twitter, which witnessed an unprecedented crawl towards it, so that the site’s administration launched a tweet in which it said: “Welcome everyone, literally everyone,” which means that the site has become a refuge for all social media pioneers without exception. Likewise, the applications competing with Facebook received the forcibly displaced pioneers from the site, most notably Telegram, Signal, Viber and Facetime, so that it was difficult for some of them to absorb the number of new users coming to them and had to stop; For example, the number of Signal site users, which had 10 million users, increased to 50 million, forcing the site to stop due to its inability to absorb.

The Lebanese Twitter pioneers were yesterday as if they were the “mother of the boy.” The “mod” was at best bragging and joking, not gloating over the newcomers to them, but rather an affirmation of their good choices and their intellectual (and even technical) superiority. They are the ones who have always considered the Facebook group to be beginners in The world of politics, thought and the Instagram group as if they live in Laland. But in spite of these, many Lebanese preferred to have fun on YouTube or to communicate with each other through traditional massages, but with the I Message technology, and some even exchanged visits or met around the small screen at home.

Companies, Banks, Governments, NGOs, etc. keep on asking the same questions:

What is the best solution for Cyber Security? The best Hardware? The best Software? What is the best company in Cyber Security? Is there any Plug & Play Solution? Can we have a Zero-Day Attack Solution?

The simple answer to the above questions is NO! We must change our Mindset from treating Cyber Security as a purely technical problem because IT IS NOT!

 

How to deal with Cyber Security?

• Cyber Security is not just a technical problem: Cybersecurity is also an economic, psychological, and human behavioral challenge, all rolled into one.
• Cyber Security is a RISK: We must approach Cybersecurity the way we approach other risks.
• A different set of rules governs cyberspace: The concepts of distance, borders, and proximity all operates differently in cyberspace compared to the physical world.
• Cybersecurity is “New,” and we are still learning: No One can claim that he knows everything related to Cyber Security… Reading, updating yourself and adapting to changes are keys to familiarize the digital world.
• Select a risk management framework that fits your organization: NIST Framework could be a start!
• Take the time to implement your chosen framework fully: Don’t expect instant results!
• Review implementation regularly: Like you are reviewing the implementation of a Firefighting Plan!

Three things to keep in mind:

1. Training & Awareness is a MUST especially to fight Social Engineering.
2. There is no Solution for Cyber Security… It is a Continuous Process!
3. Cyber Security must be Proactive, not Reactive.

 Don’t let “Perfection” be the enemy of “Better than Before.”

It seems that the two-factor authentications system is not a reliable method that will prevent hackers to sweep into users’ conversations. Recently, Roland Abi Najem, Cybersecurity and Digital Transformation Consultant, found a bug in the WhatsApp two-step verification code system.

On July 18, 2020, someone attempted to hack Abi Najem’s WhatsApp account. On July 21, the Cybersecurity expert wrote a post on Facebook for Cybersecurity awareness purposes. He attached a screenshot of the WhatsApp message taking into account that the verification code had already expired. “Everyone knows that the OTP codes – one-time password- are valid for a timeframe between 30 seconds and 2 minutes maximum. After 2 minutes, the code would have expired and users have to ask for a new verification code”, Abi Najem told Inside Telecom.

On the same day, Abi Najem’s WhatsApp account was exposed to a second hacking attempt. Once the hacker requested activation, he received a message with the same verification code, a crucial cybersecurity issue. “Apparently, WhatsApp verification system will send you the same code if it wasn’t used before”, said Abi Najem. Moreover, he added, “I received a WhatsApp verification on July 18 at 3:13 AM. Three days later, at 1:31 AM, I received the same verification code”.

Google, Facebook, and Microsoft auto-generate verification codes. When you receive a code from Google Authenticator, a counter will appear next to the code indicating that it will expire in 30 seconds. “Two-factor authentication generates different codes that have a lifetime. Thus, WhatsApp OTP bug is a catastrophe,” said Abi Najem who emailed WhatsApp aiming to shed light on the issue.

“The code should be temporary, but due to the bug, WhatsApp verification code is acting as a password – the so-called one-factor authentication-,” explained Roland to Inside Telecom. WhatsApp should fix the bug immediately, but it seems the company does not take the issue seriously. “You were most likely sent the code because someone entered your number when trying to register in WhatsApp (perhaps by accident). Verification codes are used to verify the ownership of the number. Without the verification code, the user who is verifying the number will not be able to complete the verification process and use their WhatsApp with that number. Hence, there is no risk of the account being compromised”, states WhatsApp in a response to Abi Najem.

Twofactorauth.org has been for long the center of the campaign for two-factor authentication. A website dedicated to naming and shaming any product that does not offer two-factor authentications. Today, every messaging App is taking into account cybersecurity. Digital rights organizations have been advocating for the necessity of implementing two-step verification authentication technique. On the other hand, users have been choosing their best instant messaging App based on this feature availability. Thus, the bug could be a real threat to WhatsApp.

Companies are sending two-factor authentication via call, email, or SMS messages- so-called Application-to-Person SMS (A2P). Adding two factors authentication (2FA) makes it more difficult for accounts to be infiltrated by hackers. However, smart hackers can use sophisticated techniques to bypass two-factor authentication. According to Mobliciti, phishing, social engineering and call forwarding are the techniques being used to exploit 2FA.

Malicious activity can occur when intercepting codes or exploiting accounts’ recovery systems. They can intercept 2FA calls even when they are transmitted to users via voice calls. They also can create a backdoor communication connection with the command and control (C&C) server.

A2P messages is a fast-growing market. According to Zion Market research, the Global A2P SMS Market size will reach $70.0 billion by 2020. WhatsApp should immediately work on fixing this bug to secure users’ privacy. In fact, a hacker that has access to the two-step verification code could add a Pin number preventing the account recovery.

In our guess everyone has heard about Blockchain, Cryptocurrency, Bitcoin, Ethereum, etc. as well as some other related terms like Digital Wallet, Ledger and Bitcoin Mining.

At first, things may look rather messy and overwhelming, so let’s try to simplify it and link these concepts to our real word.
To begin with, the concept of cryptocurrency was born as a substitute to the Centralized Banking System that we currently have. For example, any banking transfer nowadays has to go through the central bank in New York! So, the need for a decentralized system (Blockchain) came as a mean to bypass such centralized system, which is one of the core motives for Cryptocurrencies.

Bitcoin, Etheruem, Ripple, Litecoin, etc. are types of cryptocurrencies. Each one has its own value which is something similar to the normal currencies we use like US Dollars, Euro, Kuwait Dinar, Lebanese Pound and other international currencies. The main difference here is that the normal currencies we use are governed by several set of rules and regulations that determine the value of such currencies (for example the price of Gold, Price of Petrol, Politics, etc.), and those currencies are tangible which means that we can touch them and use them in Cash (granted, the use of credit cards and online transactions has in some parts replaced the need for physical cash).

On the other hand, the cryptocurrencies are digital currencies that cannot be used in Cash and their value is based on demand and supply only and there is no to very little rules or regulations that govern such currencies until now.

As we usually do in our day to day life, we have a wallet to put our money in. Similarly for Cryptocurrencies, there are Digital Wallets. For example, when you pay $100 from your wallet (physical or digital), you take the “bill” out of the wallet, and transfer it to someone else. This $100 no longer exists in your wallet. It has been transferred to someone else’s wallet. That is, it cannot be duplicated or copied!

Now let’s consider cryptocurrencies as being similar to a computer “file”. A digital file can be duplicated or sent to another person while keeping a copy (think of emails). So, the challenge in cryptocurrency is making sure that once you perform a payment or a transfer, that:

1) The funds exist (that is, you have the money in your wallet)

2) The transaction is completed (that is, you transferred the money to the recipient)

3) The money is not fake (that is, this was a unique transfer, using a unique “bill” that was not duplicated).

So, how can we verify these things? This is where the concept of a Blockchain; which is the technology behind most cryptocurrencies; comes into play.
So what is Blockchain? As mentioned earlier, it is the technology that powers most cryptocurrencies and many other services. To simplify it, cryptocurrencies use Blockchain as the process of verifying each and every transaction being made.

So the whole process can be explained as per the below example:

We have 2 users (User1 and User2) each one has 10 Bitcoins. User1 said that he needs to transfer 3 bitcoins to User2. This transaction, once performed, must be written down in a global “ledger” so that everyone in the world can verify that User1 transferred this amount to User2.

Here comes the roles of the Bitcoin Miners in the Blockchain where they have to verify that this user has enough funds to send the 3 bitcoins, and they will verify this by documenting all the transactions in the Blockchain Ledger. So after verifying the transaction, the ledger will have a new record stating that user1 now has 7 Bitcoins and user2 has 13 Bitcoins.

The Blockchain Ledger is the Historical Records of all the transactions that have taken place. Once the transaction has happened and was stored in the Ledger, it can never be edited or deleted. What makes Blockchain different is that the Ledger is not available only in one place, it is available for every single user in the Blockchain, and so all users can track and check the Ledger at any time and even go back to the first transaction! But at the same time, No user can change anything in the Ledger by themselves. This moves the “trust” from a central entity, to a global and decentralized one.

To summarize, Bitcoin is a cryptocurrency that uses Blockchain technology to verify and store all transactions in the Ledger. In addition to that, the concept of a Blockchain can also be used in any transaction verification process like selling houses, ID verification, etc.