The United Arab Emirates (UAE) have introduced a federal ban of the use of VPN and TOR according to news site Emirates247.com. At the same time they are working to set up a surveillance infrastructure in order to be able to intercept and manipulate the entire mobile phone and internet traffic.
UAE president Sheikh Khalifa determined with the change aof article 9 of federal law 09/2012 that someone who would maks her original IP address with a fraudulent intent could face a temporary jail sentence and/or be fined between € 122.000 EUR up to € 487.000 EUR. A »fraudulent intent« means accessing services that are blocked in the UAE. That revision of a statute is not to be seen merely as a censorship measure. Rather it serves to shut out competition for local telecoms companies because blocked services include chiefly VoIP and messaging services like Skype, WhatsApp, Facebook Messenger, Viber, or Snapchat. Local telecoms company Etisalat fears collapse of sales due to customers preferring to use cheaper voice calls over the internet instead of paying for expensive traditional international calls.
UAE's telecommunications regulatory body stresses both points. Its head, Hamad Al Mansouri, sees blocking of Snapchat's voice calling feature as a means to strengthen security and combatting cybercrime. He also cites the example of Morocco which blocks voice calls over mobile IP connections since January, referring to loss of revenues of local telecoms company Moroc Telecom, of which the Emirati Etisalat is a share holder.
A comprehensive surveillance infrastructure
At the same time UAE is working to set up a comprehensive surveillance infrastructure. Italian security expert Simone Margaritelli, known inter alia for developing the man in the middle framework bettercap, was asked to work on this ambitious project. Margaritelli declined the offer but described in a blog post what the Emiratis are planning.
According to him data traffic in dubai and Abu Dhabi on IP, 2G, 3G, and 4G networks was to be intercepted, modified, and diverted. Necessary hardware is to be installed at public sites, like airports and shopping malls. In order to be able to cover the entire public space drones, GSM cells, and rogue wireless access points as well as devices at local telecoms companies are to be used. These capabilities should also be utilised to infect all of people's devices on the push of a button within a given range with malware in order to track them, as Margaritellis' contact explains rather colourfully.
Imagine that there's a person of interest at the Dubai Mall, we've already set up all our probes all over the city, we press a button and BOOM! All the devices in the Mall are infected and traceable.
Those who are planning to vacation in the Emirates or stay there on a professional trip should better think to whom they are saying what over the phone, and whether they really need to watch Netflix via VPN in the evening. The state is probably listening in on you.