Cyber Security: Rise of the student hacker

Students are using their expertise to hack into the computer networks of their own universities and other entities, an investigation by Hashtag reveals. These students are armed with skills honed by ICT courses that not only teach them how to programme and crack codes, but also how to penetrate and bring down computer networks.

Driven by the unethical hacker principles of vandalism and greed, a number of students are spending their spare time scouring the web for vulnerabilities, breaching computer systems and draining information and funds where possible from various vulnerable institutions with each passing day.

IT expert Alex Mutunga, who was charged in March with hacking into the Kenya Revenue Authority system and causing loss of about Sh4 billion, is the poster child of this vast shadowy army of hackers who steal money from various cash-flush companies daily.

The University of Nairobi’s Bachelor of Information Systems graduate was previously charged with hacking into NIC Bank’s systems and with manipulating Safaricom’s computer system and stealing electronic airtime worth Sh20, 000.

In institutions such as Kenyatta University and JKUAT, hacking of university systems reportedly peaks towards the end of semester and during the graduation period when hackers tamper with school systems to adjust grades and fee balances.

“Most of the courses we are taught stress on ethical hacking, but lecturers can teach us other forms of hacking so that when someone opts to hack they do it for a good cause putting their integrity first,” says Reinhardt Bonnke, a computer science student specialising in graphics interfaces.

SITTING DUCKS

Many universities are sitting ducks. Their computer laboratories and networks are poorly secured; so with a flash disk, a student with hacking skills can interrupt the security systems and also personal accounts without the need to know the login details.

On campuses, students are not restricted to only using the devices provided by the schools in learning how to hack butalso use their own laptops and other devices. This makes it easy for the students to access the school’s networks the same way they do other public networks.

Besides adjusting grades and fees balances, the hackers also sell financial records and other important data to rival institutions of higher learning. Other institutions vulnerable to hacking and data breaches include banks, hospitals and government agencies, according to security appliances provider, Cyberoam.

Besides money, many of the institutions lose proprietary/confidential information, trade secrets and growth strategies to either internal or external forces. This has been attributed to the poor security of their networks, or of the data and information contained in them.

The upswing in hacking among university students has been blamed on the shriveling of job opportunities for university students and the free Internet access offered by most institutions.

HACKING SCHOOL

Although a number of students are eager to profit from the underworld of unethical hacking, the majority of them only engage in hacking for fun and to see how far their computer skills go.

“By knowing how to hack a security system you also know how to safeguard it. Therefore, hackers should be given a chance to maximise their full potential instead of being put behind bars,” says Tabitha Gachoka, a Management Information Systems student at Daystar University.

“The education provided in Kenya does not create dangerous people in technology since the courses are not to the caliber of hacking, they are only concepts,” asserts Mageto Washington, CEO of Magtech Inc., a digital security company dealing with automation and procedural analysis of hardware systems.

Only a few institutions offer specialised courses on ethical hacking.

“We are taught how to make the world a safer place through technology by being taught ethical hacking and cryptography,” assures Renny Langat, a student at the Technical University of Kenya and a part-time developer at Simi Technologies.

Langat says the misconception that anyone studying information technology is doing so in order to hack a system and compromise the safety of its data is not helpful.

He said it would only be fair if the government established ethical hacking and cryptography as independent courses in universities that can be certified and not as offshoots of computer technology courses.

“If the government doesn’t establish ways of putting these young genius brains into good use, they will be lured into joining societies like ISIS,” warns Langat.