Twitter hack exposes Africa's cyber weaknesses

Mar 06, 2013 by Nicholas Przybyciel
Hackers have claimed the scalp of the South African Ministry of State Security's Twitter account, underlining concerns that Africa may be the soft underbelly of global cyber security.

Hackers have claimed the scalp of the South African Ministry of State Security's Twitter account, underlining concerns that Africa may be the soft underbelly of global cyber security.

As part of what was described as a large-scale attack spammers hijacked the @StateSecurityRS account to advertise a "miracle diet" before officials were able to change the password and regain control.

"Necessary security measures have been put in place to avert similar occurrences," State Security Spokesperson Brian Dube told AFP.

While many South African users of the social media network reacted with amusement, officials fear the next high profile attack on an African government will not be so harmless.

"It wouldn't be hard to shut down the government. There's very little in place, so even the most basic of attacks, in most cases, get through," said Craig Rosewarne, founder of the South African based consulting firm Wolfpack Information Risk.

With funding from the , Rosewarne's consulting group recently published a much-heralded threat analysis on the continent.

According to the report, most developing African nations have been either unwilling or unable to secure their rapidly expanding online networks and infrastructures.

South Africa is a particular source of frustration.

Rosewarne's analysis found that corruption is driving a proliferation of digital crimes throughout the country.

"We've delayed so much that other have actually overtaken us," he told AFP.

Over the past few years, hundreds of criminal syndicates have taken advantage of lax cyber security to launch relatively unsophisticated attacks, often using government or business insiders to exploit vulnerable networks.

It is estimated that cyber crimes resulted in 2.65 billion rand ($291 million) in damages and losses across South Africa in 2011, the last year reliable figures were published.

"While we're seeing a huge surge in financially motivated crimes, we're also seeing an upswing in hacktivism," Rosewarne said. "And that's where you'll get the scary guys – the guys that will go full out to make it happen."

The most ambitious of these homegrown hacking collectives is Team GhostShell.

Last year during its Project White Fox campaign, the group published 1.4 million hacked government and corporate documents from overseas institutions.

In October, the prolific hacker group Anonymous publicly distanced itself from GhostShell after the latter leaked the email addresses, passwords and identifications of 120,000 students from more than 100 universities worldwide.

With ANC leaders laying out a June deadline for adoption of the proposed "Secrecy Law," digital security experts worry the next few months could bring an onslaught of cyber attacks from GhostShell and its allies.

"The moment the proposed Secrecy Law is enacted, it's going to be a trigger to stir up and bring these collective partnerships together," said Rosewarne.

The African Union and the UN Economic Commission for Africa believe these hackers, along with their financially motivated counterparts, pose a dire threat to the continent's growth plan.

To help national governments combat this insurgency, they drafted a regional convention on cyber legislation that is awaiting sign-off from member countries.

"Without such protection, countries cannot take advantage of the digital economy in a sustainable way," said Aida Opoku-Mensah, director of UNECA.

"Consequently, the convention sends a strong political message that Africa is ready for the knowledge economy."

Even much-maligned South Africa is beginning to step up its efforts to thwart online crimes.

The country's director of cyber security announced that final plans for a national hub to combat online threats will be unveiled in July.

Meanwhile, a cohort of cyber inspectors are being trained to ferret out criminals – the first national efforts to train specialist law enforcement personnel since 2003.

"We've got capability, but it's fragmented," Rosewarne said. "We need a senior person to take the lead on this and to actually put in the necessary resources and look at the bigger picture and get things going in this country."

This lack of leadership has left local police dangerously ignorant of cyber security laws and the government has still has not implemented critical response teams that can respond to attacks.

Until all the pieces come together – Rosewarne believes this could take two years if fully prioritised – then South Africa, like most of the continent, will continue to lag behind other mature economies that have already constructed robust digital defences.

Explore further: A Closer Look: Your (online) life after death

add to favorites email to friend print save as pdf

Related Stories

Cyber attack on Seoul's Unification Ministry

Aug 09, 2011

The South Korean ministry which handles relations with North Korea has been targeted by hackers in the latest of a series of online attacks on government and corporate websites, an official said Tuesday.

S. Korea to step up security against cyber attacks

May 24, 2011

South Korea said Tuesday it will step up IT security within the government to fend off cyber attacks from North Korea, which it has accused of mounting a series of strikes in recent years.

UK govt to announce new cyber security strategy

Nov 25, 2011

The government is set to announce new measures to tackle cyber crime on Friday as Britain's internet and electronic communications network comes under increased attack from hackers and foreign intelligence ...

Obama setting up better security for computers

May 29, 2009

(AP) -- America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

Recommended for you

A Closer Look: Your (online) life after death

9 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

9 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

16 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

Sep 15, 2014

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

User comments : 0