Thursday, May 20, 2010

Internet Security in Kenya

On May 19, Internet Solutions (IS) and Africa Practice hosted a forum on internet security at Intercontinental Hotel for large corporate customers of IS. Speakers included Loren Bosch sales director East Africa at IS, Jason Finlayson of Security Risk Solutions and Collin Mamdoo C. O. O. for East Africa (twitter @collincrm) at IS.

Loren introduced Internet Solutions (IS ) which provides a holistic security solutions which include (they are) cloud-based (hosting, security, back office) connectivity (VPN, fixed & mobile broadband), communication (voice, video, hotspots), and carrier (satellite, last mile fibre & wireless) services In terms of fibre they are a big investor in the Seacom cable. Loren mentioned that most Kenyans experienced a week of slow internet in April 2010 as maintenance work was carried out on a cable that links both the Seacom and TEAMS cables to Europe; however their clients were not affected as IS is also linked via West Africa’s SAT 3.

Jason whose company Security Risk Solutions provides security risk solutions (assess ricks, investigate, fix, help prosecutions etc.) in Kenya and Uganda talked about the state of internet security in Kenya terming it immature, the country has not been exposed to cyber crimes, until now. Kenya has enjoyed security by obscurity as slow network speeds kept the country off the radar and limited the ability to tamper with computers here, – until now with the advent of fibre cable Kenya which mean much faster speeds.

Kenya is:
- Weak in security architecture, processes, and crisis solutions which are all relatively new /immature. There is no regulatory framework to protect customer information, no regulatory compliance, no privacy laws, and big companies are struggling with IS basics.
- CCK is yet to set up a computer emergency response team (ERT) though it is has been budgeted for. Also, our cyber police unit was disbanded two years ago (but has recently been re-activated) and the police do receive some training – while neigbour Uganda Police has an actual electronic counter-measures unit.
- Perpetrators’ are sometimes prosecuted for fraud, but not for hacking or other lesser computer crimes

Its going to get worse in the short run with better fibre speeds and employees with laptops and internet access at home, but do large companies care about security?
- Fibre has brought broadband access and many opportunities for Kenyans, but while fibre means we can do anything, people can do anything to you i.e. (banks/corporates)
- Corporates are aware of this, but often don’t have the budget to implement, or the knowledge disseminated across. The Central Bank of Kenya tied to mandate all banks to have BCP’s a few years ago, but many just downloaded from the net and put their logo on them.
- Computer viruses spread much faster now. In 2009 one virus infected 12 million computers worldwide in 24 hours. And with better access, we can expect more phishing attempts in Kenya – already in South Africa, in the first four months of 2010, they have shut down 400 phishing sites
- The FBI report on the top 10 sources of computer wrongdoing is headed by the US and UK, but with 4 of the top 10 countries being in Africa (Nigeria, Cameroon, Ghana, South Africa), the odds are that in two years, Kenya will join this infamous list

- Also Symantec 2009 report for top attacks listed common ways of malicious attacks such as suspicious PDF’s vulnerability of Internet explorer and media player. Symantec have set up honey pots in Kenya to better study these attacks from 2010. [source report]

SRS found internet security risks at three levels
- People: weak passwords easily deciphered by hackers, staff use portable media, accept social invitations to download files/attachments, share USB sticks, and are vulnerable to social engineering, etc. an example was given of a tester sitting at an empty desk of a worker, calling the IT department and having a password reset over the phone giving them access
- Processes: no app segregation, no use of audit trails, poor controls/security standards. e.g. bank that lost money to fraud had assigned the system admin user name to 50 people
- Technology: companies remain vulnerable because they don’t install patches e.g. to Internet explorer/other popular software some of whose fixes have been around for years. Besides poor patch management, employees now access networks from multiple locations and use more social media at the workplace.

Solutions include:
- Limit systems privileges
- Turn off /remove some internet services
- Test security regularly and practice emergency drills
- Have intrusion detection systems
- Install patches
- Train employees and train bosses
- At the worst companies can pull ban computers or block social media, gmail/hotmail, but that will hamper service deliver. He ended with a quote attributed to a Toyota executive who said that there is no perfect security, only appropriate levels of insecurity

Colin summed it up with a report on new vulnerabilities in the systems
- Social media attacks will be the story in 2010 e.g. hackers using invitations through twitter, skype facebook
- Not just computer but also physical e.g. men in south Africa kidnapping girls they had 'met' through MixIt
- SMS attacks - He landed at Nairobi airport and got an SMS from his Zain line that he had won Kshs 250,000, all he had to do was reply to a number to collect his money
- Attacks across different platforms - while Microsoft is the most hit platform, others like Mac are also being targeted e.g. vulnerabilities have already been reported with the new iPad
- Faster spreads – e.g. zero day viruses. As soon as vulnerability is found, hackers exploit it before a patch can be availed. More hacks? There are videos on youtube that teach newbie’s how to hack
- Security needs to be multi-layer, firewall, anti-viruses, mail filters etc.
- Inside attacks: worst threats /most serious are from disgruntled employees with technical and process knowhow within companies – solution? Pay them their bonuses

EDIT: Pal Kahenya is looking for the best hacker in Kenya and has offered a prize of Kshs 100,000 (~$1,300) to the winner of his challenge.

3 comments:

Anonymous said...

hack into someones facebook Yeah eventually I got the aol password after 10 bloody days. I was told by some from their staff ? http://www.hack-facebook-passwords.com that they will URL anywhere from 1 to 3 days but it took them 5. customer service wes very friendly but I got 4 replies out of 5 emails I sent to them. At end of the day I am very happy and will use their facebook hack password free service again. Thanks for being very professional and fast.

BTW, I found another website which is providing for free a free facebook hacking software and other one specialized in hack into someone's facebook password, hack facebook account id number.

Jordan N. Wilson,
Lawton, OK
United States

Anonymous said...

Do you know hack into someones facebook? This was a fantastic service from http://www.hackingfacebook.net. So fast and they delivered exactly what they promised. I would definitely use them again. Thoroughly recommend. Thank for Learn-To-Hack.com extremely professional. Efficient and accurate service. I look forward to using your services again in the very near future. hack someones facebook password free You Can Do This In Five Minutes.

BTW, I found another website which is providing for free a free facebook hacking software and other one specialized in hack into someone's facebook password, hack facebook account id number.

Jordan N. Wilson,
Lawton, OK
United States

Related articles:

Unknown said...

as for me I use protemac netmine for protection copmp...

LinkWithin

Related Posts with Thumbnails