The Digital Rights Project in SAM issued its qualitative report on the reality of digital security in Yemen, as part of the project implemented by the organization in cooperation with Internews, and the report reviewed a number of cyber threats faced by entities and individuals in the country, indicating the optimal measures to advance digital security.
The report entitled (Digital Security in Yemen.. Reality and Threats- stated that Yemen is one of the worst countries in the Global Cybersecurity Index, as it ranked 22nd in the Arab world, and 182nd globally (out of 182 countries) in the Global Cybersecurity Index for the year 2020, after it was ranked 21st in the Arab world, and 172nd in 2018, pointing out that Yemen achieved only 6 indicators out of 77 indicators, on which the classification depends in assessing the cyber capabilities of countries.
The report pointed out that one of the factors of weakness and fragility in this context is what Recorded Future, an independent company that provides intelligence to organizations around the world, has observed multiple cases of suspicious activities within the Internet infrastructure in Yemen. In addition, Yemennet's web hosting servers are riddled with old vulnerabilities and other older issues that, if left unfixed, could allow attackers easy access to the company's systems.
The report quoted engineer and information technology expert Ali Al-Saghir Farhan as saying that Yemen's record in information security is low for several reasons, including: the lack of a cadre specialized in information (cyber) security, the lack of interest of state leaders in the information and communications security sector in a sufficient manner, and the lack of a government agency specialized in providing defense and security services for cyberspace. In addition to the lack of integrated and modern legal frameworks and legislation that establish an effective national base for national cybersecurity, as well as the weak coordination between government agencies and their counterparts in neighboring countries and the world regarding ways to strengthen Yemen's cybersecurity.
The report added, quoting former Internet Society President Waleed Al-Saqqaf, that one of the main challenges observed is the lack of sufficient skills on the part of technology users to keep their transactions safer and protect their websites and accounts, and the threats faced by Yemeni Internet users are a reflection of the risks associated with Internet use in general.
According to a November 2018 report by Recorded Future, "Major international players, including the United States, Russia and China, are using malware, military activity, political influence and investments to advance their interests in the Saudi-Iranian regional struggle for dominance inside Yemen.
The Digital Security report stated that Internet users in Yemen face real risks and threats ranging from censorship and external espionage, hacking attacks, in addition to malware attacks, and phishing through social media, which takes deceptive patterns, such as fake Facebook pages, messages attached to malicious links, and other methods targeting victims in Yemen, noting that external and domestic electronic surveillance is widespread in Yemen, before and during the current armed conflict as well.
The report listed some incidents of cyber attacks targeting government institutions in Yemen, such as the hacking of TeleYemen in the summer of 2012, which caused losses estimated at more than $ 20 million, in addition to what the Central Bank of Yemen suffered in the same year, where it suffered from many distributed denial of service attacks and its websites were infected several times with malware.
It also referred to hacking attacks linked to the Israeli spy software company Candiru against prominent sites in the Middle East, with a strong focus on Yemen, where the websites of the Ministry of Information and the Saba News Agency were hacked. YemenNet, the websites of the Ministries of Interior and Finance, as well as the websites of the Yemeni Parliament, the National Vision, the Yemeni Customs Authority, and Al-Masirah TV, all under Houthi control, were hacked in Sana'a, according to researchers at ESIT in November 2021.
The report stated that users in Yemen faced the highest risk of local infection (malware found directly on users' computers or removable media connected to them) at 45.12% of users, according to the third quarter report of 2022 issued by Kasper Sky. The report, issued by the Digital Rights Project in Yemen, indicated that a significant increase was recorded in the number of software samples submitted to VirusTotal from Yemen, from 13 samples between 2015 and 2017 to a total of 164 samples in 2018. Of these, almost half were malicious, and the vast majority of those malicious samples were Android apps, as well as the presence of various fake WhatsApp apps, spyware pretending to be antivirus, video drivers and VPN apps. And some samples of the AhMyth app, which allows smartphones to be hacked and fully controlled, according to Recorded Future.
The report included the opinions of experts and specialists, which would contribute to enhancing digital/information security in Yemen, including: Focusing on raising awareness among workers in the public and private sectors on how to identify and prevent cyber threats in their respective fields. It is also important to develop and enforce strong cybersecurity laws and regulations, invest in advanced technology, especially open source that has been filtered from errors, and cooperate with international organizations and other countries to learn from their experiences, especially in the field of education and the establishment of cyber service infrastructures.
In addition to issuing comprehensive laws, legislations and policies that regulate information security and criminalize cybercrime and the digital space, and training judges, security and criminal research on how to detect information crimes and how to investigate them. With the need to increase the sense of information security at the national level and at the level of individuals (especially users of the digital space).
The report, prepared by the Digital Rights Team, touched on the recommendations of the participants in the first information security conference (organized by the Public Telecommunications Corporation in cooperation with the International Telecommunication Union in June 2014) to establish the Information Safety Center in Yemen YE-CIRT as a point of contact to respond to and address security problems and involve all relevant authorities, with the need to prepare for building a national strategy to develop necessary solutions in the field of information security in cooperation with the International Telecommunication Union, and to conduct a study to establish the Telecommunications Regulatory Authority and develop a general framework for State level to finance information security requirements.
It is noteworthy that the report (Digital Security in Yemen.. Reality and Threats) is the eighth within the digital rights project, which is implemented by SAM with the support of Internews, with the aim of advocating for the issues of digital rights of Yemenis, leading to a free and safe digital space.