[kictanet] Fw: Fwd: Hacked DP & KDF Twitter Accounts: Understanding Hacker Motivation

[Matunda Nyanchama]

FYI
---------------



Information Security – Hacker Motivation
By Dr Matunda Nyanchama, July 26, 2014
  
             
Business News » Information Security – Hacker Motivation
Business News - Reading is FunDamental  
View on www.aganoconsultin... Preview by Yahoo  
  
By Dr Matunda Nyanchama, July 26, 2014
 
Reports indicate that Deputy President (DP) William Ruto’s twitter
account has been compromised. This comes hardly two days after twitter accounts
of the Kenya Defense Force (KDF) and that of its spokesman, Major Emmanuel
Chirchir we compromised.
It appears that it is the same group of hackers involved in both cases
and clearly targeting the government. Indeed, using the DP’s twitter handle,
the hackers posted a series of government sites that they had hacked. While we
may not know the extent of damage inflicted, the embarrassment factor is big
enough to require immediate and urgent action on the part of government.
In social media, some people have expressed glee that these unlawful
acts and are happy that the Jubilee government is being subjected to shame. As
a “digital government”, some said, Jubilee should be better prepared to deal
with such risks, adding that the government’s rhetoric doesn’t match reality.
Whatever anyone thinks, all of us Kenyans should feel bad that such
high-level exposure is happening to key national offices in the country.  This is especially so when the country faces the
monumental task in securing the country. The least we should do as citizens
(whether allied to the government or opposition) is empathize and hope that the
government would put in rapid measures to restore normalcy and trust that it
can forestall further cyber challenges of the kind we have seen.
If there is anything to learn from these incidents it is that time is
nigh for rapid implementation of information protection measures! Information
security needs to be prioritized as a matter of urgency. It is important that
we prioritize attention in this area so as to forestall similar (and perhaps
worse) happenings.
Let’s remember that these hackers are not going away. We must expect that
there will be continuous attempts at breaking into systems (be they government
or private sector) by the large mass of hackers out there. Some would be
copycat attacks while others would be fresh exploration of weaknesses of our
systems accessible over the Internet.
The hacker menace (whether internal or external to an organization) is
real and is here to stay. The best we can do is be prepared to prevent, detect
and respond to (deal with) the threat when it materializes. Indeed, the
realistic course is make it as hard as one possibly make it for hackers to
break into systems. 
There is more. There is no absolute security regardless of the amount
of resources dedicated to system protection. A well-motivated hacker with an
infinite resources (e.g. time and money) will break into a system however secure
the system is deemed.
We will be discussing protection techniques in the future. Before that,
however, we need to understand what motivates hackers and why they continue to
be a menace.
Hacking has been around as long as computers existed. The menace has
grown with the proliferation of the Internet and the Internet’s pervasive use.
As the Internet reach grows, so also does the hacker threat. This is especially
so given ease with which hackers, located in disparate locations, can
collaborate and share attack techniques.
Hackers are people who usually intrude into computer systems and
manipulate these systems for their own ends. 
They are motivated by different interests, including the following: 
Thrill for personal satisfaction
These are people who hack
for the sake of hacking. They derive satisfaction from breaking into systems,
for the fun the challenge the challenge presents and are motivated by anything
other than the prize: breaking into systems. Some would then later brag about
their escapades to their underground “communities” and in the process gain
“respect” among their peers.
One can imagine the
hackers in the recent Kenyan hacks bragging about how they embarrassed our
forces and the Deputy President of the nation! Quite, some “respect” it would
earn these intruders.
“Service to the Community”
These break into
systems believing that exposing flaws in the systems is good for the community.
Clearly they enjoy their thrill but also understand that once a flaw has been
exposed, the people concerned will fix it and thus leave society better off.
There was once a story of a kid who broke into a bank, created an accounted and
planted a malicious program that, on a nightly basis deducted small amounts of
money from all the accounts and deposited the amounts in an account he created.
Later, it is said, he presented the evidence to the bank management. And he
hadn’t withdrawn a cent from the large amount of money he had accumulated.
Now suppose that the
hackers in the Kenyan cases intended “service to community”, they would rest
easy that the government has woken up to the reality of exposure they face.
Motivated by Malice
Despite the above, my
reading is that the people that hacked KDF and DP’s accounts were driven by
malice. Even if they many not have gained access to sensitive KDF and DP
information, the embarrassment in government ranks and across the country is
palpable. As a result, some may question KDF’s ability to protect us when they
cannot protect, as simple a thing as a twitter account. For the DP, the
question I have had posed is: how could such a BIG office (with all the
resources at its disposal) be so sloppy in the management of the DP’s
communication channels. 
Malicious hackers usually
do a number of things once they enter a computer. 
They may steal and
(possibly) disclose sensitive information to unauthorized parties. For example,
suppose such hackers gained access to the KDF’s battle strategy and plans. This
would be treasure in the hands of an enemy. 
Now suppose that they
proceeded to modify the plans and which plans are then transmitted to the
battle field. The consequences could be dire and those in the field could be
acting on modified information. Indeed, suppose the hacker had ability to
interfere with the timely and accurate transmission of such information! They
would clearly hamper execution of battle plans to the detriment of KDF!
The term Information Warfare is becoming common place.
This is where the theatre of war extends to cyberspace. Here hackers (working
for parties in combat) target enemy targets in order to gain advantage in the
field. A few years ago, Iranian nuclear facilities were infected by the stuxnet
virus that paralyzed its nuclear centrifuges, clearly hampering the development
of its nuclear program!  
In the commercial
arena the world is becoming more and more competitive. Whoever stays ahead in
terms of research and development, and translating the information to products
and services could stay ahead economically. Now suppose the malicious hacker
gets hold of such intellectual property! 
Industrial espionage
is a reality today, whether by foreign or local parties. 
In a recent case,
systems of a large retail chain in North America (Target) were compromised. The
hackers gained access to the company’s customer base, including credit card
information. Such information could be used for malicious purposes including
credit card fraud. While the impact on the retail chain hasn't been quantified,
clearly it suffered substantial brand image and (perhaps) to the advantage of
its competitors.
Final words: pervasive
technology use requires clear understanding of information protection needs. These
include developing strategies, policies, deployment and operation needs to
assure systems protection. Of necessity these needs would encompass aspects of
people, processes and technology. 
 
Dr Matunda Nyanchama is a Director and Managing Consultant at Agano
Consulting Inc., an ICT services firm with offices in Canada and Kenya. He can
be reached at mnyanchama at aganoconsulting.com. 
-------------------------------------------------------------------------
Matunda Nyanchama
matunda at gmail.com; 
matunda at nsemia.com - Book Publishing  - www.nsemia.com

matunda at aganoconsulting.com - ICT Consulting - www.aganoconsulting.com
-------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20140727/e61189d5/attachment.htm>