Twitter hack exposes Africa's cyber weaknesses

Mar 06, 2013 by Nicholas Przybyciel
Hackers have claimed the scalp of the South African Ministry of State Security's Twitter account, underlining concerns that Africa may be the soft underbelly of global cyber security.

Hackers have claimed the scalp of the South African Ministry of State Security's Twitter account, underlining concerns that Africa may be the soft underbelly of global cyber security.

As part of what was described as a large-scale attack spammers hijacked the @StateSecurityRS account to advertise a "miracle diet" before officials were able to change the password and regain control.

"Necessary security measures have been put in place to avert similar occurrences," State Security Spokesperson Brian Dube told AFP.

While many South African users of the social media network reacted with amusement, officials fear the next high profile attack on an African government will not be so harmless.

"It wouldn't be hard to shut down the government. There's very little in place, so even the most basic of attacks, in most cases, get through," said Craig Rosewarne, founder of the South African based consulting firm Wolfpack Information Risk.

With funding from the , Rosewarne's consulting group recently published a much-heralded threat analysis on the continent.

According to the report, most developing African nations have been either unwilling or unable to secure their rapidly expanding online networks and infrastructures.

South Africa is a particular source of frustration.

Rosewarne's analysis found that corruption is driving a proliferation of digital crimes throughout the country.

"We've delayed so much that other have actually overtaken us," he told AFP.

Over the past few years, hundreds of criminal syndicates have taken advantage of lax cyber security to launch relatively unsophisticated attacks, often using government or business insiders to exploit vulnerable networks.

It is estimated that cyber crimes resulted in 2.65 billion rand ($291 million) in damages and losses across South Africa in 2011, the last year reliable figures were published.

"While we're seeing a huge surge in financially motivated crimes, we're also seeing an upswing in hacktivism," Rosewarne said. "And that's where you'll get the scary guys – the guys that will go full out to make it happen."

The most ambitious of these homegrown hacking collectives is Team GhostShell.

Last year during its Project White Fox campaign, the group published 1.4 million hacked government and corporate documents from overseas institutions.

In October, the prolific hacker group Anonymous publicly distanced itself from GhostShell after the latter leaked the email addresses, passwords and identifications of 120,000 students from more than 100 universities worldwide.

With ANC leaders laying out a June deadline for adoption of the proposed "Secrecy Law," digital security experts worry the next few months could bring an onslaught of cyber attacks from GhostShell and its allies.

"The moment the proposed Secrecy Law is enacted, it's going to be a trigger to stir up and bring these collective partnerships together," said Rosewarne.

The African Union and the UN Economic Commission for Africa believe these hackers, along with their financially motivated counterparts, pose a dire threat to the continent's growth plan.

To help national governments combat this insurgency, they drafted a regional convention on cyber legislation that is awaiting sign-off from member countries.

"Without such protection, countries cannot take advantage of the digital economy in a sustainable way," said Aida Opoku-Mensah, director of UNECA.

"Consequently, the convention sends a strong political message that Africa is ready for the knowledge economy."

Even much-maligned South Africa is beginning to step up its efforts to thwart online crimes.

The country's director of cyber security announced that final plans for a national hub to combat online threats will be unveiled in July.

Meanwhile, a cohort of cyber inspectors are being trained to ferret out criminals – the first national efforts to train specialist law enforcement personnel since 2003.

"We've got capability, but it's fragmented," Rosewarne said. "We need a senior person to take the lead on this and to actually put in the necessary resources and look at the bigger picture and get things going in this country."

This lack of leadership has left local police dangerously ignorant of cyber security laws and the government has still has not implemented critical response teams that can respond to attacks.

Until all the pieces come together – Rosewarne believes this could take two years if fully prioritised – then South Africa, like most of the continent, will continue to lag behind other mature economies that have already constructed robust digital defences.

Explore further: Should you be worried about paid editors on Wikipedia?

add to favorites email to friend print save as pdf

Related Stories

Cyber attack on Seoul's Unification Ministry

Aug 09, 2011

The South Korean ministry which handles relations with North Korea has been targeted by hackers in the latest of a series of online attacks on government and corporate websites, an official said Tuesday.

S. Korea to step up security against cyber attacks

May 24, 2011

South Korea said Tuesday it will step up IT security within the government to fend off cyber attacks from North Korea, which it has accused of mounting a series of strikes in recent years.

UK govt to announce new cyber security strategy

Nov 25, 2011

The government is set to announce new measures to tackle cyber crime on Friday as Britain's internet and electronic communications network comes under increased attack from hackers and foreign intelligence ...

Obama setting up better security for computers

May 29, 2009

(AP) -- America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

Recommended for you

US warns shops to watch for customer data hacking

5 hours ago

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

20 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

User comments : 0