Chapitre 2 : Navigatingthe landscape of cybercrimeA case study of

BIAT’s First coporate Data Breach

Chapter Introduction:

In recent years, cybercrime has become an increasingly common threat to

individuals and organizations. With the widespread use of technology and the
internet, cyber criminals have found new ways to exploit vulnerabilities and gain
access to sensitive information. This chapter provides an overview of cybercrime,
including its different forms and the methods cybercriminals use to carry out their
attacks.This chapter focuses in particular on the case of Banque Arabe Internationale
de Tunisie (BIAT), which faced cybercrime in February 2021. The incident was the
first documented data breach in the bank's history and highlighted the importance
of robust cybersecurity measures in today's digital landscape.Section 2 looks at the
details of the attack on BIAT, including how the attack was carried out, the impact it
had on the bank and its customers, and the actions BIAT took to mitigate the
damage mitigate and prevent future attacks.
Section1: Presentationof cybercrime

1-1 Definition of cybercrime:

Cybercrime refers to any criminal activity involving the use of a computer or the
Internet, including but not limited to hacking, identity theft, phishing, malware
proliferation and other forms of online fraud or exploitation. This may also include
crimes committed through digital tools or networks, such as B. Cyberbullying or
online harassment. In general, cybercrime involves the use of technology to facilitate
illegal activities or to target victims in new and innovative ways.

1-2 History of cybercrime:

The history of cybercrime dates back to the dawn of computers and the internet. As
technology advances, so does the nature and complexity of cybercrime. Here is a
timeline of major events and milestones in cybercrime history:

1960 and 1970:

The concept of "hacking" arises when computer enthusiasts explore the possibilities
of early computing systems, often with innocent intentions.
1980:
First documented cases of computer viruses and malware appear, such as the “Elk
Cloner” virus

in 1982.

The "Morris Worm", a self-replicating computer worm released in 1988, infects

thousands of computers and causes widespread disruption. The term “computer
crime” was coined to describe illegal activities involving computers and networks.

1990:
-The Internet is becoming more accessible to the general public, leading to an
increase in cybercrime.

-Social engineering attacks like phishing and social manipulation are becoming
commonplace as cyber criminals exploit human weaknesses.

-cyber extortion and ransomware attacks are gradually emerging as a means to

extort money from victims.

-Credit card fraud and identity theft are becoming a serious problem as online
financial transactions become more prevalent.

-Training various Computer Incident Response Teams (CERTs) and law enforcement
agencies to combat cybercrime.

2000s:

-Cybercrime is becoming more sophisticated and organized with the emergence of

cybercrime syndicates and hacker groups.

-Large-scale cyber attacks on governments, businesses and critical infrastructure,

such as the Stuxnet worm against Iran's nuclear facilities, underscore the growing
threat of cyber warfare.

-data breaches and hacking incidents targeting large companies like Yahoo, Equifax
and Sony cause significant financial and reputational damage.

-The proliferation of e-commerce and online banking is leading to an increase in

financial fraud and cyber theft.

-The concept of “hacktivism” emerges, in which politically motivated hackers attack

governments, corporations and organizations to advance their ideological agenda.

2010s:

-The rise of cryptocurrencies leads to the emergence of ransomware attacks

targeting individuals and organizations.

-Cyber attacks on nation states are becoming more common, with countries
engaging in cyber espionage, stealing intellectual property and disrupting critical
infrastructure.

-The use of social media platforms to spread disinformation, electoral interference

and cyber propaganda is becoming a serious problem.

-The growth of the dark web and underground markets is facilitating the buying and
selling of illegal goods and services, including cybercrime tools and services.

-The global cost of cybercrime runs into the trillions of dollars annually as businesses,
governments and individuals deal with the growing threat.

2020s:

-Cybercrime is evolving and new threats such as deepfakes, AI-based attacks and
quantum attacks pose new challenges.

-Increased focus on cybersecurity awareness, training and regulatory measures to

combat cybercrime.Continued law enforcement efforts, international cooperation
and technological advances to fight cybercrime and protect digital infrastructure.

Overall, the history of cybercrime has been characterized by the constant evolution
and sophistication of cyber threats, posing significant challenges for governments,
organizations and individuals as they try to protect their digital assets and
technologies in an increasingly connected world.

1-3The origins of cybercrime:

The origins of cybercrime date back to the dawn of computing and the birth of the
internet. With advances in technology and the proliferation of computer-to-
computer connections, opportunities for illegal activity have arisen. Here are some
of the key factors that have contributed to the emergence of cybercrime:

-Technological advances:
 The development of computers and networks has opened up new opportunities for
people with technical skills to exploit security holes, gain unauthorized access to
systems, and steal or manipulate data. In the beginning, these activities were often
carried out by curious or amateur hackers known as "phreakers" or "phone phreaks"
exploring the possibilities of early computer systems.

-Lack of Security Measures:

In the early years of computing, security measures and best practices were not well
established.Systems were often left unprotected and there were no standard
security protocols. This lack of security has made it easier for people to engage in
cybercrime activities such as unauthorized access, data manipulation, and malware
distribution.

-Global Connectivity:
The advent of the Internet in the 1990s provided a global platform for
communication and information sharing, but also opened new opportunities for
cybercrime. The ability to connect to remote networks and systems has enabled
cybercriminals to operate from anywhere in the world and launch attacks worldwide.

-Financial motives:
With the development of e-commerce and online banking, cyber criminals have
seen opportunities for financial gain.Credit card fraud, identity theft and online
scams have become commonplace, allowing cyber criminals to profit from their
illegal activities.

-Social Engineering:
Social engineering, which involves manipulating people to gain unauthorized access
to or extract sensitive information, has been a key factor in the emergence of
cybercrime. Techniques such as phishing, pretexting and social manipulation are
used to trick people into revealing their credentials by granting them access to
systems or networks.

-Anonymity:
The relative anonymity offered by the Internet has also contributed to cybercrime.
Cyber criminals can hide their identity and location behind fake names, nicknames,
or online details, making their activities difficult to track.

-Globalization and Organized Crime:

The globalization of cybercrime has led to the formation of organized crime
syndicates that engage in various cybercrime activities such as data breaches,
ransomware attacks, and online fraud. These criminal organizations often operate
across borders, making it difficult for law enforcement to effectively combat
cybercrime.
In summary, the origins of cybercrime can be traced to a combination of
technological advances, lack of security measures, global connectivity, financial
incentives, social engineering, anonymity and organized crime. With advances in
technology, cybercrime continues to evolve, posing serious challenges to individuals,
organizations and governments around the world.

1-4the appearance of cybercrime:

The exact location where cybercrime first emerged is difficult to pinpoint as

cybercrime has evolved over time and appeared in various locations around the
world. However, some of the earliest known cases of cybercrime can be traced back
to the United States and other developed countries, where the foundations of
computer technologies and the Internet were laid. In the 1960s and 1970s,
“phreakers” or “phone phreaks” in the United States were known to manipulate and
exploit the telecommunications systems of the time to make free long-distance
calls, which can be considered an early form of forensic science.

In the 1980s and 1990s, as computers became increasingly connected and the
Internet began to gain traction, in the United States and other countries with
advanced technological infrastructure.

However, it is important to note that cybercrime is not limited to a specific location

or region.With the global spread of technology and the increasing accessibility of the
internet in the world, cybercrime has started to develop in different countries and
regions of the world. Cyber criminals often operate across borders, taking advantage
of the global nature of the internet to carry out illegal activities.From its inception,
cybercrime has grown into a global phenomenon, challenging law enforcement
agencies and governments around the world to combat cyber threats and ensure
cyber security.

1-5forms of cybercrime affecting customer and business data

There are multiple forms of cybercrime that can target customer and corporate data.
Here is a comprehensive list of the different forms of cybercrime that can affect
customer and business data:

-Data Breaches:
Data breaches involve unauthorized access to or theft of sensitive information such
as names, addresses, phone numbers, social security numbers, credit card
information, and other personal or business information. A data breach can occur in
a number of ways, including exploiting vulnerabilities in software or hardware,
hacking into databases or systems, or using stolen credentials. A data breach can
result in financial loss, reputational damage, and legal consequences forbusinesses,
as well as jeopardize the privacy and security of customer data.

-phishing:
Phishing attacks typically involve the use of fake emails, messages, or websites
impersonating legitimate entities to trick people into revealing their sensitive
information. These attacks are often aimed at employees, customers or business
partners and can be very sophisticated.Phishing attacks can force users to provide
login credentials, credit card information, or other sensitive information that can
then be used for identity theft, financial fraud, or other malicious activities.

-Ransomware:
Ransomware is a type of malware that encrypts data on the victim's system
anddemands a ransom to unlock your data. Ransomware attacks can cause
organizations to lose access to critical data, disrupt operations, and result in financial
losses. In some cases, even if the ransom is paid, there is no guarantee that the data
will be exposed and the attackers can still gain access to the compromised systems.

-Business Email Compromise (BEC):

BEC attacks involve attackers posing as legitimate employees or business partners
and using social engineering techniques to trick employees into transferring money
or divulging sensitive information.BEC attacks can be sophisticated andcontains
spear phishing emails that appear to come from trusted sources. BEC attacks can
result in significant financial losses for organizations and compromise customer data
if sensitive information such as financial or customer data is exposed.

-Insider Threats:
Insider threats are individuals with authorized access to corporate data who
use or abuse that access for personal or malicious purposes. Insider threats can
involve employees or other trusted individuals stealing, altering, or disclosing
confidential customer or company information. Insider threats can be difficult to
detect and prevent because these people often have legitimate access to data that
they misuse.

-Malware and viruses:

Malware and viruses are types of malicious software that can be used to gain
unauthorized access to systems, steal data, or disrupt business operations. Malware
and viruses can be proliferated through infected email attachments, malicious
websites or other means. Once installed, they can give attackers access to customer
and company data, allowing them to steal sensitive information or damage business
operations.

-Social Engineering:
Social engineering is the manipulation of individuals to reveal sensitive information,
such as customer and company data, through psychological manipulation rather
than technical skill. Social engineering techniques include spoofing, where attackers
create a false identity to gain trust, grooming, where they offer something to
encourage people to disclose information, or identity spoofing, where they claim to
be a "trusted entity". Social engineering attacks can be difficult to detect as they
often rely on human psychology and exploit human weaknesses.

-Identity Theft:
Identity theft is the use of another person's personal information for fraudulent
purposes without their consent. This may include stealing customer information
such as names, addresses, social security numbers, and financial information to
create false identities, open false accounts, or engage in other illegal
activities.Identity theft can result in financial loss, reputational damage, and legal
consequences for customers and businesses.

-Payment Card Fraud:

Payment card fraud is the unauthorized use of credit or debit card information for
financial gain. This may include theft of customers' credit card details

-E-Commerce Fraud:
Fraudulent activities carried out on e-commerce platforms, e.g. B. Using
stolen credit card details for unauthorized purchases.

-Point of Sale (POS) attacks:

Attacks on systems used by businesses to process customer payments, often leading
to the theft of credit card information.

-Credential Theft:
Stealing credentials such as usernames and passwords that can be used to
gain unauthorized access to systems or accounts.

-Distributed Denial of Service (DDoS) Attacks:

Overwhelming traffic on an organization's systems or website, making them
unavailable to customers and disrupting business operations.

-Intellectual Property Theft:

Theft of proprietary information, trade secrets, or other intellectual property that
can have a significant financial and competitive impact on businesses.

-Cryptojacking:
Unauthorized use of a company's or customer's computer resources to mine
cryptocurrency without authorization.
-Spyware:
Software that secretly monitors and collects data from a user's device without their
consent, often used for malicious purposes.

-Cyberextortion:
Demand payment or threaten to disclose confidential information or engage in
malicious activity unless a ransom is paid.

-Social Media Fraud:

Fraudulent activity on social media platforms such as fake accounts, fake reviews, or
identity theft from companies or individuals for profit.
It should be noted that cybercrime is constantly evolving and new forms of cyber
threats may emerge over time. Keeping customer and business data safe from
cybercrime requires staying vigilant, implementing robust security measures, and
updating security regularly.

Section2: BIAT's Brush with Cybercrime: Tracing the First Documented Corporate
Data Breach:

2-1 BIAT falls victim to ransomware attack with no ransom demand yet

The International Arab Bank of Tunisia (BIAT) suffered a ransomware attack.

According to informed circles, an analysis is still underway to estimate the extent of
the damage caused by this cyber attack.

Contrary to the rumors that were circulating about it, the hackers did not demand a
ransom. In fact, some media outlets said that the hackers responsible for this
overseas attack demanded a ransom of $20 million.

2-2 BIAT’s quick response to phishing attack ensurescusttomer safety and

data protection

On Thursday, February 18, 2021, BIAT's computer system was disrupted following a
phishing attempt. Fortunately, shortly after the attack was discovered, the bank's
information systems department, headed by Lamia Zeghal Hadj Slimen, responded
to this malicious act very quickly"We appear prepared to respond to malicious
attacks and have taken the necessary steps to address and stop a recent phishing
attempt," says Hadj Slimen. This allowed us to secure the production system and
customer operations of the bank.
BIAT defeated the hackers and played it safe by activating maximum security, which
allowed its services to carry out the necessary investigations and neutralize the
hacking operation.All outages continue and customer accounts are protected.

We sometimes remind you that phishing is a practice that has spread across the
Internet. Overall, the first half of 2020 saw an increase of 700% compared to the last
quarter of 2019. This spreading practice poses a high risk for all companies, which
explains the significant investments by financial institutions and banks, among
others. . others like BIAT to optimize the security of their information systems and
protect their debt.The responsiveness of BIAT, Tunisia's leading private bank, and
the success of their approach to keeping all available data is a perfect example of
this.

Conclusion
In summary, cybercrime is a serious and growing threat that requires constant
vigilance and strong cybersecurity measures to prevent it. As technology advances,
cybercriminals find new ways to exploit vulnerabilities and gain access to sensitive
information. The case of BIAT's exposure to cybercrime is a cautionary tale for
organizations that underscores the importance of taking proactive measures to
protect against cyber threats.By examining the specifics of the BIAT attack and the
actions taken by the bank in response to the incident, we can gain valuable insight
into the nature of cybercrime and the strategies employed by cybercriminals. The
incident underscores the need for organizations to take a holistic approach to
cybersecurity and implement a variety of measures to protect their systems and
data.These measures can include strong passwords, encryption, regular updates and
patches, employee training, and external security audits.Ultimately, businesses can
protect themselves and their customers from the devastating effects of cybercrime
by remaining vigilant and proactive in the face of cyber threats. As technology
evolves, you must remain vigilant and adapt to new threats and vulnerabilities.