[kictanet] Cyber Warfare on Kenya or Random Chinese
Gichuki John Chuksjonia
chuksjonia at gmail.com
Thu Dec 4 15:43:14 EAT 2014
Cyberwarfare has changed, a lot over the year. Its not only sitting at the
computer scanning networks and other Commandline stuff. These days Cyber
Warfare is under the same framework The Defense uses, called C4ISR. This
also applies to Penetration Testers like me, especially when we are doing
Black Box Penetration testing. Lemmie give you an example. Earlier this
year we were doing a Penetration testing in a big firm in Southern Africa.
They had their own VPN between countries and one point of Entry to the
Internet (They Believed so). So i became a Janitor for one week and then i
went ahead and found out the IT supporting company, and i went on to the HQ
offices pretending to be staff of the IT Company, with business cards and
other IDs. From there getting into KAV and getting a connect-back Binary as
an AV agent to the whole company was just easy. All machines connected with
a system shell to my CNC.
So, i think with Cyber Warfare, the same applies everywhere, and what we
should do is be afraid of those Nations that we don't know, what they are
doing the same.
So what is Cyberwarfare
a) Cyber Espionage
b) Cyber Terrorism - Cyber-jihad
c) Cyber Hacktivism
d) Cyber Sabotage
e) Information Warfare
etc etc.
On Thu, Dec 4, 2014 at 2:22 PM, Walubengo J <jwalu at yahoo.com> wrote:
> @Chuks,
>
> Very interesting development...instead of attracting chinese tourists, we
> seem to be attracting chinese hackers :-)
>
> But on a serious note, i still dont understand WHY they needed to be
> resident in Kenya in order to execute thier cybercrime when they can do
> safely from their homes in China.
>
> Or maybe they were sniffing the local airwaves in rich neighbourhoods of
> Runda for wi-fi passwords - but you dont need a whole battaliion and server
> room to do that. Very fishy indeed.
>
> walu.
>
> --------------------------------------------
> On Thu, 12/4/14, Gichuki John Chuksjonia via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
> Subject: [kictanet] Fwd: [Security Forum] Fwd: Cyber Warfare on Kenya or
> Random Chinese
> To: jwalu at yahoo.com
> Date: Thursday, December 4, 2014, 11:11 AM
>
> Lemmie patch up this discussion to
> the other main mail list, for awareness.
>
> ---------- Forwarded message ----------
> From: BRIGHT GAMELI via Security <security at lists.my.co.ke>
> Date: Thu, 4 Dec 2014 16:26:26 +0900
> Subject: Re: [Security Forum] Fwd: Cyber Warfare on Kenya or
> Random Chinese
> To: fredrick Wahome <frewah85 at gmail.com>,
> "Security Forum All
> information security discussions in Africa are done here
> (Hacking,
> Decryptions, Security management, physical security,
> Disastor
> Recovery, Security Assessments etc etc)" <security at lists.my.co.ke>
>
> Lets take a look at the strategic positions where these guys
> are located.
> Well even not much information has been release, a good yagi
> antenna can go
> really far as an example.
>
> I also think the story will just die down and we will never
> hear about it
> again.
>
> The government however will need to speed up forensics of
> these servers and
> all to know what kind of activities were being carried
> around. But again, I
> highly doubt we will get to know the details.
> Another good read here
>
>
> http://www.kahawatungu.com/2014/09/06/chinese-hackers-embarassed-uhuru-usa/
>
> Lets not turn a blind eye to all these before it is too
> late.
>
> ~ze3D~
>
>
> On Thu, Dec 4, 2014 at 3:54 PM, fredrick Wahome via Security
> <
> security at lists.my.co.ke>
> wrote:
>
> > The reason why the government will not allow media into
> the rooms to
> > capture the real setups....This will be just forgotten
> as Kanyaris issue.
> > It must be a big operational group with safe havens
> spread across the
> > country. How I wish the digital government would invest
> in cyber
> > intelligence. But for now this will remain just a
> wish...
> >
> > On Thu, Dec 4, 2014 at 9:45 AM, John Doe. <agikabia at gmail.com>
> wrote:
> >
> >> As someone commented earlier,most guys on this list
> have equipments
> >> running in their homes as well.
> >> The information being provided is really not clear
> on what they were
> >> doing.
> >> Most likely as fredrick has said and i tend to
> agree,this guys were
> >> actually up to no good.
> >> The question that begs is this.
> >> Since our government turned to the East for
> Financial Support.loans
> >> etc...do you really think China will allow these
> guys to be placed behind
> >> bars in kenya?
> >> Most likely this story will go quiet and not be
> remembered.
> >> I just tend to imagine how many other places may be
> in operation in
> >> kenya and even being run by other nationalities.
> >>
> >> Regards
> >> Antony
> >>
> >> On Thu, Dec 4, 2014 at 9:33 AM, fredrick Wahome via
> Security <
> >> security at lists.my.co.ke>
> wrote:
> >>
> >>> I have every reason to believe this is a cyber
> espionage by these
> >>> Chinese guys. Peeped into some conversation on
> IRC with some blackhats in
> >>> 2012 and they mentioned something like Chinese
> CyberSpy ring operating in
> >>> Nairobi. However they are spying all over
> Africa with Runda being one of
> >>> their safe house. But as obvious if you try to
> alert the government the
> >>> Ruaraka boys will actually start investigating
> you
> >>>
> >>> On Thu, Dec 4, 2014 at 9:08 AM, Adam Nelson via
> Security <
> >>> security at lists.my.co.ke>
> wrote:
> >>>
> >>>> The reporting and statements by GoK are
> still too vague to understand
> >>>> what actually happened. Half the
> people on this list have network
> >>>> equipment and servers in their house.
> And if you were running a serious
> >>>> cybercrime syndicate in a house, you don't
> need dozens of people to do it.
> >>>>
> >>>> --
> >>>> Kili - Cloud for Africa: kili.io
> >>>> Musings: twitter.com/varud <https://twitter.com/varud>
> >>>> More Musings: varud.com
> >>>> About Adam:
> www.linkedin.com/in/adamcnelson
> >>>>
> >>>> On Thu, Dec 4, 2014 at 7:25 AM, Mark
> Kipyegon via Security <
> >>>> security at lists.my.co.ke>
> wrote:
> >>>>
> >>>>> A more recent news report now claims
> the group is being charged in
> >>>>> court with illegally operating a radio
> station. The same report then links
> >>>>> this "cyber-crime command centre" to
> hacking facebook accounts, mpesa
> >>>>> fraud, card theft and bizarrely,
> "Police said the Chinese were preparing to
> >>>>> raid the country's communication
> systems".
> >>>>>
> >>>>> Would anyone have more usable
> information on this?
> >>>>>
> >>>>> --
> >>>>> Mark.
> >>>>>
> >>>>> On 2 Dec 2014, at 14:20, "Almerindo
> Graziano via Security" <
> >>>>> security at lists.my.co.ke>
> wrote:
> >>>>>
> >>>>> the entire country is welcoming
> supplies and services from China
> >>>>> across the ENTIRE critical
> infrastructure..That worries me more in terms of
> >>>>> cyber warfare. No need of backdoor when
> you are let in through the front
> >>>>> door :-)
> >>>>>
> >>>>> Hence I seriously doubt the news is
> related to cyber warfare
> >>>>> Al
> >>>>>
> >>>>> On 02/12/2014 14:07, Adam Nelson via
> Security wrote:
> >>>>>
> >>>>> And it might just be that these guys
> are working on an oilfield in
> >>>>> Turkana and have VHF radios and Runda
> is their HQ and they simply didn't
> >>>>> have the correct visas.
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Kili - Cloud for Africa: kili.io
> >>>>> Musings: twitter.com/varud <https://twitter.com/varud>
> >>>>> More Musings: varud.com
> >>>>> About Adam:
> www.linkedin.com/in/adamcnelson
> >>>>>
> >>>>> On Tue, Dec 2, 2014 at 1:30 PM, Robin
> Wood via Security <
> >>>>> security at lists.my.co.ke>
> wrote:
> >>>>>
> >>>>>> On 2 December 2014 at 10:28,
> Gichuki John Chuksjonia via Security
> >>>>>> <security at lists.my.co.ke>
> wrote:
> >>>>>> > Cyber Warfare is real
> >>>>>>
> >>>>>> I would agree that Cyber Warefare
> is real but would say that this is
> >>>>>> possibly more like normal
> criminality than warfare.
> >>>>>>
> >>>>>> Robin
> >>>>>>
> >>>>>>
> >>>>>> > ---------- Forwarded message
> ----------
> >>>>>> > From: BRIGHT GAMELI via
> Security <security at lists.my.co.ke>
> >>>>>> > Date: Tue, 2 Dec 2014 17:57:00
> +0900
> >>>>>> > Subject: [Security Forum]
> Cyber Warfare on Kenya or Random Chinese
> >>>>>> > To: "Security Forum All
> information security discussions in Africa
> >>>>>> are
> >>>>>> > done here (Hacking,
> Decryptions, Security management, physical
> >>>>>> > security, Disastor Recovery,
> Security Assessments etc etc)"
> >>>>>> > <security at lists.my.co.ke>
> >>>>>> >
> >>>>>> > Should we start to say Cyber
> Warfare is real on Kenya or just brush
> >>>>>> this
> >>>>>> > off as another random
> happenings in Runda.
> >>>>>> >
> >>>>>> >
> >>>>>> >
> >>>>>>
> http://www.trending.co.ke/police-arrest-36-chinese-natio-852390307.html
> >>>>>> >
> >>>>>> > ~ze3D~
> >>>>>> >
> >>>>>> >
> >>>>>> >
> >>>>>> > --
> >>>>>> > --
> >>>>>> > Gichuki John Ndirangu, C.E.H ,
> C.P.T.P, O.S.C.P
> >>>>>> > I.T Security Analyst and
> Penetration Tester
> >>>>>> > jgichuki at inbox d0t com
> >>>>>> >
> >>>>>> > {FORUM}http://lists.my.co.ke/pipermail/security/
> >>>>>> > http://chuksjonia.blogspot.com/
> >>>>>> >
> >>>>>> >
> _______________________________________________
> >>>>>> > Security mailing list
> >>>>>> > Security at lists.my.co.ke
> >>>>>> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>>>
> >>>>>>
> _______________________________________________
> >>>>>> Security mailing list
> >>>>>> Security at lists.my.co.ke
> >>>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> _______________________________________________
> >>>>> Security mailing listSecurity at lists.my.co.kehttp://
> lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>>
> >>>>>
> >>>>>
> _______________________________________________
> >>>>> Security mailing list
> >>>>> Security at lists.my.co.ke
> >>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>>
> >>>>>
> >>>>>
> _______________________________________________
> >>>>> Security mailing list
> >>>>> Security at lists.my.co.ke
> >>>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>>
> >>>>
> >>>>
> >>>>
> _______________________________________________
> >>>> Security mailing list
> >>>> Security at lists.my.co.ke
> >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Kind Regards;
> >>>
> >>> ------------------------------------------
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> *Fredrick Wahome Ndung'uTeam LeaderSecunets
> TechnologiesWebsite:
> >>> www.secunets.co.ke <http://www.secunets.com>Cell: +254725264890
> >>> <%2B254725264890>Email: fred at secunets.co.ke
> <fred at secunets.com>Experts
> in:
> >>> Web 2.0 Applications, Domain Registration, Web
> Hosting, Information
> >>> Security, Linux Applications, Computer Forensic
> & I.C.T Consultancy."Secure
> >>> Business Technology"*
> >>>
> >>>
> >>>
>
> -------------------------------------------------------------------------------
> >>> *SECUNETS TECHNOLOGIES DISCLAIMER:*
> >>>
> >>> This email message and any file(s) transmitted
> with it is intended
> >>> solely for the individual or entity to whom it
> is addressed and may contain
> >>> confidential and/or legally privileged
> information which confidentiality
> >>> and/or privilege is not lost or waived by
> reason of mistaken transmission.
> >>> If you have received this message by error you
> are not authorized to view
> >>> disseminate distribute or copy the message
> without the written consent of
> >>> Secunets Technologies and are requested to
> contact the sender by telephone
> >>> or e-mail and destroy the original. Although
> Secunets Technologies takes
> >>> all reasonable precautions to ensure that this
> message and any file
> >>> transmitted with it is virus free, Secunets
> Technologies accepts no
> >>> liability for any damage that may be caused by
> any virus transmitted by
> >>> this email.
> >>>
> >>>
> >>>
> _______________________________________________
> >>> Security mailing list
> >>> Security at lists.my.co.ke
> >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >>>
> >>
> >>
> >
> >
> > --
> > Kind Regards;
> >
> > ------------------------------------------
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *Fredrick Wahome Ndung'uTeam LeaderSecunets
> TechnologiesWebsite:
> > www.secunets.co.ke <http://www.secunets.com>Cell: +254725264890
> > <%2B254725264890>Email: fred at secunets.co.ke
> <fred at secunets.com>Experts
> in:
> > Web 2.0 Applications, Domain Registration, Web Hosting,
> Information
> > Security, Linux Applications, Computer Forensic &
> I.C.T Consultancy."Secure
> > Business Technology"*
> >
> >
> >
>
> -------------------------------------------------------------------------------
> > *SECUNETS TECHNOLOGIES DISCLAIMER:*
> >
> > This email message and any file(s) transmitted with it
> is intended solely
> > for the individual or entity to whom it is addressed
> and may contain
> > confidential and/or legally privileged information
> which confidentiality
> > and/or privilege is not lost or waived by reason of
> mistaken transmission.
> > If you have received this message by error you are not
> authorized to view
> > disseminate distribute or copy the message without the
> written consent of
> > Secunets Technologies and are requested to contact the
> sender by telephone
> > or e-mail and destroy the original. Although Secunets
> Technologies takes
> > all reasonable precautions to ensure that this message
> and any file
> > transmitted with it is virus free, Secunets
> Technologies accepts no
> > liability for any damage that may be caused by any
> virus transmitted by
> > this email.
> >
> >
> > _______________________________________________
> > Security mailing list
> > Security at lists.my.co.ke
> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
> >
>
>
>
> --
> --
> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
> I.T Security Analyst and Penetration Tester
> jgichuki at inbox d0t com
>
> {FORUM}http://lists.my.co.ke/pipermail/security/
> http://chuksjonia.blogspot.com/
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>
> The Kenya ICT Action Network (KICTANet) is a
> multi-stakeholder platform for people and institutions
> interested and involved in ICT policy and regulation. The
> network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth
> and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable
> behaviors online that you follow in real life: respect
> people's times and bandwidth, share knowledge, don't flame
> or abuse or personalize, respect privacy, do not spam, do
> not market your wares or qualifications.
>
>
--
--
Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P
I.T Security Analyst and Penetration Tester
jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/
http://chuksjonia.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20141204/0a2b8552/attachment.htm>
More information about the KICTANet
mailing list