Hackers threaten national security

By Macharia Kamau

Kenya has in recent days been turned into a haven for hackers who have defaced more than 100 Websites belonging to State agencies and companies.

Internet security experts fear hackers might soon target information systems that hold crucial data for companies and the Government.

The success rate of these hackers in damaging websites, with little or no resistance, also shows the extent to which data systems of local companies are vulnerable to attacks.

The problem is not unique to Kenya — but the region as well. Websites in Uganda and Rwanda have been targeted.

.

Keep Reading business

•  Rethink data policies to increase internet access, ICT players tell State
•  Government splashes Sh100m for comfort zones in counties
•  Kenya leads global push to raise Sh322tr from climate taxes Premium
•  Harambee Sacco eyes Sh4bn in member's capital expansion share drive
•  End of an era: Hilton finally up for sale, taking with it nostalgic city memories Premium

Roy Akalah, Information Systems Audit and Control Association (Isaca) Kenya Chapter president, says cyber attacks and hackings could soon threaten national security.

"This is a wake-up call. It is a pointer that the next target could be strategic national databases," said Akalah.

Almerindo Graziano, chief executive at Silensec — a data security consulting firm based in the UK — noted fast Internet connectivity that came with the undersea fibre optic cables exposed the country to hackers.

"Fast Internet enables hackers to easily access Websites across the world," he said.

He also noted poor Internet security standards adopted locally are enticing hackers.

"Poor Internet security standards makes the country appealing hackers," Graziano said

Internet Solutions East Africa Managing Director Loren Bosch said recent hackings are more likely to be theatrics than criminally motivated acts.

"If you were a hacker trying to prove yourself to your peers, you’d have to hack a Website belonging to a financial institution or government agency," said Bosch.

"I would a guess that only a small percentage of hackings are with criminal intent. Most of the incidents can be viewed as the Internet’s version of graffiti."

There are divergent views as to how well information systems of local corporates — especially banks — are able to thwart attacks.

Bosch, who has worked with some local banks to implement data security systems, said security standards adopted by Kenyan banks are at par those in the developed world.

Graziano, however, disputes Bosch’s, saying some banks are unprepared to counter hacking and information systems fraud.

"Sound information systems monitoring and detection mechanism is missing in many organisations," he said.

While there is a consensus that the country lacks adequate capacity to fight cyber crime, there are efforts to equip technical personnel across different sectors with skills to detect and prevent cybercrime.

The Government recently formed an outfit — the Kenya National Computer Incidence Response Team (KE_CIRT) — which is expected to work with both Government agencies and private firms to fight cyber crime. It is, however, still in its fledgling stages.