The MOI in Qatar investigates and prosecutes all kinds of cyber crimes, that fall under its criminal investigation jurisdiction. Under the Qatari law, these include, but are not limited to, defamation and use of the Internet for a wide range of criminal purposes. How to report a cyber crime in Qatar
This means Qatar retains its rank as second place among 132 developing countries in terms of online connectivity. We are seeing a spike in legitimate digital content services and solutions, not only from the incumbent companies, but also from innovative start-ups, both working through the internet. However with this increase in internet use comes increased cybercrime.
What is Cybercrime?
Cybercrime is defined as a crime where a computer is the object of the crime or is used as a tool to commit an offense. A cybercriminal may use a device to access a user’s personal information, confidential business information, government information, or disable a device. It is also a cybercrime to sell or elicit the above information online.
Categories of Cybercrime
There are three major categories that cybercrime falls into: individual, property and government. The types of methods used and difficulty levels vary depending on the category.
- Property: This is similar to a real-life instance of a criminal illegally possessing an individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds, make purchases online or run phishing scams to get people to give away their information. They could also use a malicious software to gain access to a web page with confidential information.
- Individual: This category of cybercrime involves one individual distributing malicious or illegal information online. This can include cyberstalking, distributing pornography and trafficking.
- Government: This is the least common cybercrime, but is the most serious offense. A crime against the government is also known as cyber terrorism. Government cybercrime includes hacking government websites, military websites or distributing propaganda. These criminals are usually terrorists or enemy governments of other nations.
Some examples of cyber crimes
The BBC, in an article written by Emma Brant and Amelia Butterly, has described cyber blackmail as:
“the act of threatening to share information about a person to the public, their friends or family, unless a demand is met or money is paid.”
Chat rooms, mobile phones, blogs and email are to be tackled carefully to escape from the clutches of cyber-criminals. Blackmailing has various intentions like threats, harassment, hacking accounts, stealing and sharing confidential and sensitive information and emotional manipulation.
A web attack affects the computer via the internet. These viruses can be downloaded from the internet and end up causing large-scale and irreversible damages to your system.
Hacking is defined as the access of a computer system without authorisation. Hacking is probably one of the most broadly used forms of cybercrime, but not all hackers are criminals.
SQL injection is a type of cyber crime that effectively employs malicious codes and manipulates backend databases to access information that is not intended to be displayed. These mostly involve private and sensitive data items including the likes of user lists and customer details, among others. SQLI can have long-term devastating effects such as deletion of tables, unauthorized viewing of any user list, and even administrative access to databases.
Cross-Site is another type of injection breach where attackers send malicious scripts from websites that are deemed responsible or reputed. Attackers inject malicious codes into trusted websites and applications and when a user visits such infected web page, the malicious JavaScipt code is executed on the user’s browser. This code can be used to steal important information like username and password.
These are the attacks that aim at shutting down services or networks and making them inaccessible to the intended users. These attacks overwhelm the target with a lot of traffic and flood the same with information that can cause the website to crash. DDoS Attacks are targeted primarily at web servers of high-profile organizations such as the government or trade firms.
Cyber bullying / online harrassment
Cyberbullying (bullying through electronic means) is another form of cyber crime that is much more prevalent today. Cyberbullying refers to the use of online services to bully or harass a person with the intent to affect them socially, psychologically or even physically. Examples of this behavior include sending abusive or threatening texts and emails, online stalking, or sending inappropriate images and videos, etc. Cyberbullying affects the victim’s mental state and confidence adversely.
These are simply meant to decrypt or even attempt to obtain a user’s password with the help of criminal intentions. Attackers can use Dictionary Attacks, Password Sniffers, or even Cracking programs in such cases. These attacks are conducted by accessing passwords that are exported or stored in a file.
Eavesdropping attack begins with the interception of network traffic. This type of cyber crime is also known as Sniffing or Snooping. In this type of cyber crime, individuals attempt to steal information that computers, smartphones, or other devices receive or send.
BRUTE-FORCE AND DICTIONARY NETWORK ATTACKS
These are networking attacks where attackers attempt to directly log into the user’s accounts by checking and trying out different possible passwords until they find the correct ones.
Not all of the network attacks are executed by outsiders. The inside attack is a very common type of cyber crime. It is performed on a network or a system by individuals who have authorized access to the same system.
A man-in-the-middle attack occurs when attackers eavesdrop on the communication between two entities. This type of cyber crime affects both the communicating parties as the attacker can do anything with the interpreted information.
Computer systems are now programmed to learn and teach themselves, and these AI-powered attacks mark a new type of cyber crime that is bound to get more sophisticated with time.
AI is employed in many everyday applications with the help of algorithmic processes referred to as Machine Learning. This software is aimed at training computers to perform specific tasks all on their own. They can also accomplish these tasks by teaching themselves about obstacles that can potentially hinder their progress. AI can also hack many systems, including autonomous drones and vehicles, and convert them into potentially dangerous weapons. The AI-powered applications can be used for performing cyber crimes such as Password Cracking, Identity Theft, and automated, efficient and robust attacks.
Drive-by attacks are used to spread malware through insecure websites. Hackers first look for websites with lesser security parameters and then plant malicious scripts into PHP or HTTP code onto one of the pages. The script can then directly install the malware onto the computer of anyone who visits the site.
The Phishing Attack is a Social Engineering attack that is used to steal precious data such as login credentials or credit card details as attackers pretend to be trusted individuals and trick victims into opening malicious links.
SPEAR PHISHING ATTACKS
These attacks are aimed at specific organizations’ data by individuals who desire unauthorized access. These hacks aren’t executed by any random attackers but by individuals who are trying to access specific information like trade secrets, military intelligence, etc.
WHALE PHISHING ATTACKS
A Whale Phishing Attack is a type of Phishing that generally attacks people with high statures, such as CFOs or CEOs. It primarily aims at stealing information as these individuals typically have unlimited access and are involved with sensitive data. cyber crime in Qatar
Malware is an umbrella term for a code/program that is intentionally built to affect or attack computer systems without the user’s consent.
Ransomware generally blocks victim’s access to their own data and deletes the same if a ransom is not paid.
Trojan Horse is a type of malicious software program which attempts to disguise itself to appear useful. It appears like a standard application but causes damage to data files once executed.
Teardrop attack is a form of attack that causes fragmentation in the general sequence of Internet Protocol (IP) packets and sends these fragmented packets to the victim’s machine that is attacked. cyber crime in Qatar
PING OF DEATH ATTACK
The Ping of Death Attack is a type of cyber crime where IP packets ping target systems with IP sizes that are much over the maximum byte limit.
Identity theft is another common form of cyber crime. A cyber criminal will find a way, often through phishing (see below), spam emails, website or even an online pop-up survey to get access to your credit card or banking account information and may use that information to make purchases in your name.
PUPs is an abbreviation Potentially Unwanted Programs. These are a form of malware that is less threatening than other types of cyber crimes. This type of attack uninstall the required search engine and pre-downloaded apps in your systems. Therefore, it is a good idea to install antivirus software to prevent malicious download.
Cyber crime laws in Qatar
On 16 September 2014 the Qatari government promulgated a cybercrime prevention law (No.14 of 2014) in an effort to increase the tools for combating online and cyber crimes. The new law imposes many sanctions and several penalties for offences committed through the Internet, IT networks, computers and other related crimes. The legislation is aimed at safeguarding the country’s technological infrastructure and strengthening cyber security within Qatar. The law took immediate effect but it will be posted in the Official Gazette to comply with formalities. cyber crime in Qatar
During the drafting of the legislation there was considerable criticism surrounded it as many viewed some parts of the legislation as threatening freedom of speech and access to media.
The law contains the following provisions, amongst others:
- The law stipulates a 10 year jail term and a fine of up to QR 200,000 for forging any official e-document, or a three year jail term or a fine of a maximum of QR 100,000 if the document forged is unofficial. Similar punishments await those who impersonate individuals or entities, or are involved in identity theft or steal movable property using the Internet.
- Provisions on so-called “content crimes” that make it illegal to publish “false news”. These terms are not defined, making it unclear what content would land local journalists and social media users in trouble. Therefore news agencies, social media users and journalists must be careful to verify the source of the news before broadcasting it to the public in order to avoid contravening the law.
- A jail term of up to three years and a fine of up to QR 200,000 for unauthorized possession or use of e-card, whether it is an ATM or credit card, or stealing numbers or forging e-cards.
- A jail term of up to three years and a fine of up to 500,000 Qatari riyals for the breach of intellectual property rights by using the internet article 13), be it copyrights, patents, trade secrets, trademarks, trade names, geographical indications and industrial designs, or designs of integrated circuits.
As reported in a study conducted by the 2014 Global Economic Crime Survey by Price Waterhouse Cooper, cybercrimes are the second most common form of economic crime reported in the Middle East. As such businesses operating in the region are at high risk. Despite the concerns raised about the new Cybercrimes law when it was in the drafting stages, it is undeniable that Qatar along with the UAE has taken the lead in addressing the issues related to cybercrime and has implemented penalties and jail terms for those who contravene to the law.
How to avoid being scammed by a cyber criminal
- Always protect your identity by closely monitoring your accounts.
- If you notice any kind of suspicious activity with respect to your bank account/s or debit/credit card/s report it to the proper authorities immediately.
- Under no circumstances should a user reveal the personal identification number (PIN) to another person.
- Never disclose your card number (embossed on the credit or debit card) to a third party.
- Don’t disclose personal information to anyone unreliable on internet, such as passport or personal ID number or date of birth, phone number, unless recognized sites require these.
- Never click on suspicious links within a message.
- Look closely at the spelling of the web address and check for any minor inconsistencies that may indicate a phishing website.
- If there are spelling mistakes or grammatical errors this usually means it’s a scam message.
- Parents must observe and educate their children when they use computers and smart devices, because they are the targeted group, and tell them to be vigilant while engaging in social media.
- Never use a common password across all platforms.
- Your password should be about 12-14 character in length with a combination of numbers, symbols, lower-case letters, and capital letters.
- Make sure your password doesn’t contain a part of your name, your city or country’s name.
- Change your email password periodically, preferably consist of letters, numbers and symbols, to make the access difficult by hackers.
- Don’t share passwords of email and social media accounts with anyone.
- Use different e-mail addresses for registration in different accounts, to avoid access to other accounts in the case of email theft.
- Activate verification tool in access to email, which lets you put your mobile phone number and alternative email for security options and retrieve your password. Most of the recent email saving companies have enabled this facility on their security options, so that they do not modify any data in the security options of your account without entering the confirmation code sent to your mobile phone.
- Don’t download or open any unknown attachment because it might contain viruses or spy software unless it is from a trusted source. Ensure it is free from viruses; there are a number of websites that provide scanning programmes for such attachments.
- Never use any kind of piracy software, since a lot of the time, these can contain viruses and spyware.
- Avoid posting personal information on your computer or email to avoid others accessing to it in your computer if exposed to hacking and using them for their personal gain.
To report a cyber crimes in Qatar, contact the MOI’s Cyber Crime Investigation Centre on:
Address: CID headquarters, Duhail, Doha – Qatar
Online: Metrash2 (CID/reports)
Tel: +974 2347444
Hotline: +974 66815757
- The global cost of cybercrime will reach $6 trillion by 2021.
- According to the Ponemon Institute’s 2016 Cost of Data Breach Study, Global Analysis organizations that suffered at least one breach in 2016 lost an average of $4 million.
- 48% of data security breaches are caused by acts of malicious intent.
- Cybersecurity Ventures expects ransomware costs will rise to $11.5 billion in 2019.
- Cybercrime will more than triple the number of unfilled cybersecurity jobs by 2021.
How to Fight Cybercrime
It seems like in the modern age of technology, hackers are taking over our systems and no one is safe. The average dwell-time, or time it takes a company to detect a cyber breach, is more than 200 days. Most internet users are not dwelling on the fact that they may get hacked and many rarely change their credentials or update passwords. This leaves many people susceptible to cybercrime and it’s important to become informed. Educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
1 Become vigilant when browsing websites.
2 Flag and report suspicious emails.
3 Never click on unfamiliar links or ads.
4 Use a VPN whenever possible.
5 Ensure websites are safe before entering credentials.
6 Keep antivirus/application systems up to date.