Kenya’s cautionary tale in the recent cyber attacks

Kenya is still reeling with shock from the cyber security breach of more than 100 government websites by an Indonesian hacker last week.

Wednesday, January 25, 2012
Gitura Mwaura

Kenya is still reeling with shock from the cyber security breach of more than 100 government websites by an Indonesian hacker last week.

Though the overall damage only amounted to the brief inconvenience of not being able to access the websites, the hacker had no other motive than that he could access and deface them. Kenya’s E-Government Directorate described it as a low level attack.

This was the second time it was happening. A year ago, almost to the day, the Kenya National Police website was harked into in a similar manner. This particular harking was put down to shoddy website administration and use of a "very simple” password that could be easily figured out.

To take the broader view, there are those who would argue that the issue is not whether it happened for the second time in Kenya, or how it should be possible to hark into vital government websites in the first place.

The issue is ensuring heightened vigilance, as hacking seems to have become a fact of life. Incidents of cyber intrusions in the corporate world continue to be reported every so often. Even the US government continues to suffer its share of attacks, despite having the highest possible technical capacity and resources at its disposal to prevent unauthorized access to sensitive websites touching on national security.

Kenya may not be expected to reach the US technical and resource capacity very soon, but it speaks for many African countries just beginning to harness delivery of government services through ICT.

Kenya’s is therefore a cautionary tale. And the obvious recommendation to keep up with the ever changing information and communication technology and invest in relevant skills to ensure that hacking of such magnitude does not happen again. That more than 100 websites could be hacked into at the same time suggests undertaking a deep security re-evaluation.

 On the other hand, if cyber attacks can be said to have become a fact of life, it has also become all pervasive with the extensive use of emails. Some of us have been, or know somebody whose email has been hacked into.

One of the most common is where an email is hacked into and the crooks change your password denying you access. The crooks then send distress messages to all your contacts telling them that you are stranded in a foreign country and solicit money.

Experts say that thousands of emails are hacked into every day. They however point out that most of the hacked emails are briefly taken over and used to send spam and phishing messages.

Spam are the unsolicited messaged that one receives, for example from people tempting you to buy things on the internet. Phishing attempts to acquire information such as usernames, passwords, and credit card details by pretending to be trustworthy sources.

To prevent the above and ensure maximum security to your internet accounts, it is recommended never to use the same password for different accounts and to choose strong passwords that are simple to be manage. One of the recommendations is to have a password combining symbols, numbers and small and capital letters.

One way to come up with such a password is to take a sentence you can easily recall and use the first letters of the words in the sentence to create it.

For instance, the sentence could be: "From Kigali to Musanze is about 100 kilometres”. The password would be: FKtMia100k. Such a password would be difficult to crack.

gituram@yahoo.com
Twitter: @gituram