Bahrain: Cybercrime by insiders
The existing policy of allowing employees liberal access to a company's information technology systems is the main cause for cyber attacks in Bahrain, said a top Interior Ministry official.
"In several prominent Bahraini firms all levels of management are given access to vital information," stated Interior Ministry cybercrime unit head First Lieutenant Mohammed Yousif Bu Ali.
"If an employee is unhappy with the organisation, he can easily use the information at his disposable against the company," he added.
He said the ministry's crime detection and forensic sciences directorate was expanding its role in combatting threats online through specialised cells to combat corruption, financial crime, money laundering and cybercrime.
"The number of cases we receive every year has been booming since 2010," Lt Bu Ali told the Gulf Daily News, our sister publication, on the side-lines of a conference on 'Cybercrime and Emergency Response' organised by security firm Elite Technology Middle East at The Sheraton Hotel.
With more than 200 cases registered annually in the last two years, a 10-fold increase from the establishment of the unit in 2006, the official called upon financial institutions to become more vigilant.
"We deal with many cases of financial fraud being committed by hackers using cleverly designed websites of prominent banks," he stated.
"The website looks exactly the same as the bank and the user unwittingly gives away private information, which the hacker uses in the real website to gain access to money," he added.
Disgruntled employees have also been involved in siphoning off money from their organisations through access to information.
"Correspondences to a certain company through fax or email containing business information were forwarded by an employee to another organisation where she had an interest," Lt Bu Ali said about one of the cases he had dealt with.
"Initially, the company thought it was because of a virus but they were actually losing business and had their systems disrupted because of the work of an insider," he stated.
Online banking customers need to protect themselves by installing malware protection and checking if they're transacting through the correct website.
"You need to ensure you're banking through a secure website," he said. "It should be 'https://' and not 'http://'."
Policies need to be framed to ensure that only certain employees can have access to privileged information, in order to prevent an insider leak of data. "Technology has enabled criminals to become very sophisticated and clever in carrying out attacks," he added.
"They can 'rob' a bank from the comfort of their homes, by accessing vital information through hacking," Lt Bu Ali warned.
While criminals have become more tech-savvy, the tools to catch them have also become equally sharper. "We have technology which can assess exactly what information was on a device, even after it has been deleted," he said.
"Within three hours, we can make a complete profile of a suspect and find out if he was involved in Internet blackmail or fraud," he added.