East African countries are losing battle against hackers

November 3, 2013

A new research indicates East African countries are losing the battle against cybercrime and there is an urgent need to fight the growing problem in cooperation with its continental and global partners. Despite earlier proposals and promises by East African Community member states to set up a cyber crime response team that would cooperate with each member state law enforcement authority that would encourage banks, financial institutions, companies, and institutions to report attacks or attempts to uncover the full extent of online crime and halt its rise. Most business people are very concerned that there appears to be almost nothing being done where low-level electronic crime is committed with impunity in the region. There are online scams in East Africa where users are being sent plausible looking links, which when clicked infect computers with malicious software. Also, phishing is easily becoming of the most common tools used by hackers in East Africa. Hopes were high when a year ago East African Community secretariat announced that the five governments would consolidate cybercrime policing into a regionally unified structure as part of the region’s policing structure. Some of the proposed efforts last year was to rein in Internet crime was a partnership with telecoms companies in each country and security agencies like defense, police and intelligence community whose aim was to safeguard the region’s defense supply chain against cyber attacks.

As I have argued before, nobody is safe in the digital space and even the smartest minds in the cyber-security have constantly struggled to fend off hackers in their personal lives. There are those of us who’ve been hacked and there are those who don’t know they’ve been hacked. All EAC partner states have tightened up online pornography laws that demand Internet firms block access to child abuse images. However, a new research shows that government in the region are still complacent when it came to cybercrime, ranging data theft to identity theft and the spreading of illegal images and extremist material especially by terror groups operating the region. Royal Melbourne Institute of Technology University senior lecturer Mark Gregory, a former Army officer and engineer with a reputable experience in network security last year said that he is worried with how Australians are releasing sensitive information online and sharing it with strangers or the so called online friends. At the beginning, I thought it was just another cyber expert paranoia but after extensive thinking, I have come to agree fully with his concerns. Why would for example an Intelligence officer share details of his work place including location and images of his work. I wonder if the current intelligence officers are actually taking advantage of the state because recently released data shows there will be a severe skills shortage in the information security industry across the country. This week, an officer working for Uganda’s External Intelligence Organization appeared in court after being charged with espionage after he allegedly sold classified material to a foreign government.

Such security men and women are doing a disservice to their nation and are making it an easy ride and it will significantly increase the potential for terrorists to move beyond intrusion and espionage to disrupt and perhaps destroy critical infrastructures in the country. Personally, I feel that individual common sense and responsibilities should come first especially when one is working with such sensitive security organizations. The East African region is suffering from cyber attacks in both national and in the corporate front and the last thing those responsible for the country security should be doing is to ease the work of those heinous criminals. The costs of cyber attacks are very consequential both politically and economically and there is a high chance attackers will obtain classified information yet they suffer almost no cost in the process and that is why the EAC partner states should ensure that an event like that one that happened in Uganda should never be entertained again. Security of the country should not be compromised at any costs. Migrating data into the cloud as department of defense are doing in the region, demands that those responsible with security be more extra vigilant in protecting their country’s assets. I have no doubt that in the future conflicts of this world would be waged in cyberspace.

The newest game in the Warfare is all about people impersonating and convincing others to carry out tasks based on false information. Frankly, the security agents should have no Facebook accounts, no Google accounts, no iTunes accounts and if possible they should not exist on digital networks until they retire from Defense. Security agents also have a democratic right but few will argue there’s need to be a reasonable way to restrict how members of the defense and other security apparatus staff engaged online. In their professional lives, cyber-security experts in East Africa should use the latest technological innovations to defend computer networks from attack. However, when it comes to personal protection, few have hi-tech skills to defend themselves. If you’re living in the modern world and you’re not in the online platforms like Twitter, Google plus then you simply don’t exist but I urge users don’t post personal stuff that could haunt them in future. Online platforms can aid cyber investigators in the East African region where security agencies can build profiles of crackers including their exact location, friends, photographs and their nationalities to be used as evidence in their investigations. My advice is for people to keep critical data off hard and externals drives and also avoid putting sensitive information in writing and post little personal data on social media. There is need of being vigilant about putting personal information online.

Contador Harrison