Dr Khomotso Kganyago on Security

Cybersecurity Agenda – How are we doing in South Africa?

Posted on May 18, 2012 | Leave a comment

Cybersecurity incidents can be costly to the security & economy of any country and the wellbeing of its citizens. Criminal activities tends to move at a lightning speed in line with the improvements brought about by innovation and technology. Unfortunately criminals are members of the same society we live in and not foreign species. At the same time we need to take advantage of the advancement in this technologies to help develop our industries, sustain basic requirements in education-health-public safety-transparency to enhance the competiveness of our country. Security and privacy are one of the efficiency enhancers to achieve this goals.

How does Our Threat Landscape looks like?

In the last two days I had a conversation at the ITWeb Security Summit 2012 (1st Day) – driven by the theme “Reinventing Information Security – where trusted technologies have failed you” and at Joshua West’s 4th Annual Security Conference (2nd Day) – with the theme “Developing Superior Strategies for Evolving Business Security Threats”. This events where held in Sandton and Randburg respectively. My task was very simple…… to share about the Microsoft Security Intelligence Report Vol. 12 with a focus on South Africa ( downloadable #itwebsec deck in pdf) at the Summit and to give insight into the “Holistic approach in security across all sectors” at the latter event. The events were covered in this articles “SA threat trend on downward slope “ and “Top 10 threats in SA” and the figure below shows the Computer Cleaned per 1000 scanned (CCM) trend for South Africa over the last six quarters, compared to the world as a whole. The MSRT detected malware (Malicious & Potentially Unwanted Software) on 8.1 of every 1,000 computers scanned in South Africa in 4Q11 (a CCM score of 8.1, compared to the 4Q11 (fourth quarter of 2011) worldwide average CCM of 7.1).

How is our IT Environment?

This events are not happening in isolation to the Cyberspace developments worldwide. The recently announced BRICS Cable – which is a 34 000 km (Note: SANRAL manages roads of a total 16 700km), 2 optical fibre pair, 12.8 Tbit/s capacity, fibre optic cable system – will be linking Brazil, Russia, India, China and South Africa (the BRICS economies) and the United States. It will interconnect, amongst others, with the WACS cable on the West coast of Africa, and the EASSY and SEACOM cables on the East coast of the continent. This will give the BRICS countries immediate access to 21 African countries and give those African countries access to the BRICS economies. The projected ready for service date is mid to second half of 2014.

See the figure above and read more in “ BRICS Cable Unveiled for Direct and Cohesive Communications Services between Brazil, Russia, India, China and South Africa”. South Africa’s President, Jacob Zuma, encouraged the attendees at a BRICS business breakfast hosted by South Africa to support the project and play their role in fast tracking its execution.

The latest World Wide Worx study on Internet Access in South Africa reported that 8.5-million were using the Internet in SA at the end of 2011 with a total of 7,9 million South Africans accessing the Internet through their cell phones. Undersea cable capacity to SA at end of 2011 was 2,69Tbit/s and will be 11,9Tbit/s & 24,6Tbit/s by the end of 2012 and 2013 respectively. This is good news for access to the internet through availability of devices and hopefully it will enhance ecommerce in South Africa including the rural poor. We are positioned at no. 5 in the Africa’s Top Internet Countries in terms of Internet users (see the figure below).

At this point, I’m tempted to look into the occasionally disputed data by the World Economic Forum (WEF) although the reference looks very credible to me. The latest economic report namely “ The Global Competitiveness Report 2011-2012” (GCR) shows that South Africa moved up by four places to attain 50th position this year, remaining the highest-ranked country in sub-Saharan Africa and the second-placed among the BRICS economies, while the ICT related report “ The Global Information Technology Report 2012” (GITR) noted that South Africa has dropped to 72nd from 61st position on the Network Readiness Index (NRI).

NRI

The figure above shows a comparison of the Network Readiness Index for the BRICS countries including Mauritius and Tunisia. The data is sourced from GITR 2011–2012. SA, counting on one of the most solid political and regulatory environments (23rd) and better framework conditions for entrepreneurship and innovation (50th), is the highest-ranked at 34th within BRICS and in the sub-Saharan Africa region. The NRI position of the 72nd place implies that we are not yet leveraging the potential benefits associated with ICT.

The figure above shows the important shortcomings in terms of basic skills availability (101st) in large segments of the population and the high costs (94th) of accessing the ICT infrastructure resulting in poor rates of ICT usage (76th). SA is just two points below India which ranks the lowest in the BRICS community. While consumers/citizens (117th) usage is a big factor contributing to the ranking in India, both citizens (96th) and the government (89th) are contributing factors in South Africa.

The business community (as seen in the figure above) is putting much effort in using ICT and integrating it in a broader, firm-based innovation system (34th). As a result, the economic impacts accruing from ICT are patchy (59th) and the social impacts disappointing (98th). SA ranks the highest followed by the Russian Federation at 89th position within the BRICS community (see the figure below). A report by GSMA “Assessment of economic impact of wireless broadband in South Africa” assessing the direct and indirect impact of mobile broadband show that a 10% increase in mobile broadband penetration is likely to yield an impact of between 1 and 1.8% in GDP.

Piracy

Pirated software poses a huge risk for corporations, according to a report from the Business Software Alliance (BSA). Getting corporate users to download malicious programs is one of the most surefire ways for hackers to gain access to your network. Some of these threats come in the form of malware, while others pretend to be innocuous programs. BSA receives tips from IT personnel and other knowledgeable sources through its online reporting form. The article “Media Piracy in South Africa” which is a part of APC’s work on studying media piracy gives a good background on the Piracy work in South Africa.

“If 57 percent of consumers admitted they shoplift — even rarely —authorities would react by increasing police patrols and penalties. Software piracy demands a similar response: concerted public education and vigorous law enforcement,” said Drummond Simpson, Chairperson of the BSA South African Committee. South Africa ranks the lowest at 35% in comparison to the BRICS countries piracy rate (see figure above). The BRIC countries total piracy rate is 70% compare to the European Union which is at 33%. Dealers are encouraged to join the “Clean Network” – a network of dealers who pledges to sell only genuine Microsoft products. A list of these Clean Dealers is available online. “We also encourage consumers and small businesses to arm themselves with information on how to spot counterfeit software by visiting www.howtotell.com,” said Melanie Botha, marketing and operations lead at Microsoft South Africa.

How is our market?

GCR

In 2004 – the GCR report ranked SA at 34 while Tunisia was just 3 points ahead at 31. More interesting is the rise of a country like Mauritius, which is positioned at 53rd (was at 47 in 2004), ahead of the usual African front runner in SA. The BRICS countries rankings are as follows :- Brazil: 65th , Russia: 56th, India: 69th, and China: 51st respectively. The world’s most populous country, China continues to lead the BRICS economies by a significant margin, with South Africa—second among the BRICS.

South Africa benefits from the large size of its economy, particularly by regional standards (it is ranked 25th in the market size pillar). We do well on measures of the quality of institutions and factor allocation, such as intellectual property protection (30th), property rights (30th), the accountability of our private institutions (3rd), and our goods market efficiency (32nd). Our country’s financial market development is ranking at an impressive (4th), indicating high confidence in South Africa’s financial markets at a time when trust is returning only slowly in many other parts of the world. We also does reasonably well in more complex areas such as business sophistication (38th) and innovation (41st), benefiting from good scientific research institutions (30th) and strong collaboration between universities and the business sector in innovation (26th).

Although the infrastructure is good by regional standards, it requires upgrading (62nd). Surely the infrastructure index might improve when the impact of undersea cables filter deep into the country which will also influence technological readiness. At present our Internet users/100 pop is at a very low position of 105th, broadband Internet subscription/100 pop is at 96th and Internet bandwidth, kb/s/capita is at 112th position. Efforts must also be made to increase the university enrollment rate of only 15 percent, which places the country 97th overall, in order to better develop our most needed innovation potential. What disturbs and confuses me at the same time is that: South Africa’s ranks at the very low of 138th in quality of math and science education out of 142 countries and quality of management schools is 13th while availability of research and training services ranks at 47th. Health of the workforce, which is ranked 129th out of 142 economies is another concern the Minister of Health is busy tackling—the result of high rates of communicable diseases and poor health indicators need to be improved.

The Cybersecurity Agenda, through Training/Human Capacity Development and enhancement of the technological readiness pillar – will have a huge impact on the Financial markets, Business and the Services industry.

OUR Government Agenda?

I should say that these events are happening when South Africa seems to be moving in a positive direction with regards to ICT and InfoSec. We earlier had a positive announcement from the Justice, Crime Prevention and Security Cluster (JCPS) about the Cybersecurity Policy and this was followed by the ICT Colloquium hosted by the Department of Communication (DoC). The essence of the discussion is captured here – The beginning of a beginning –Integrated ICT Policy for South Africa. DoC then followed up with a workshop on “CYBER SECURITY AWARENESS CAMPAIGN” from the 3^rd – 4^th of May 2012 and the discussions covered topics from “National Cybersecurity Policy Framework”, “Cyber Crime Challenges faced by ISP’s” to “Law Enforcement challenges and procedures” amongst others. We are looking forward to the outcomes of the breakup groups on key deliverables like Cybersecurity Hub (National CERT) and National Awareness day/week for SA. On the 8th May 2012, the Hon. Minister Ms Dina Deliwe Pule delivered the Budget Vote of the Department of Communications and put a further emphasis on this issues.

The DoC speech was followed by the Budget Vote speech of the Department of State Security, by the Hon. Minister Dr. Siyabonga Cwele, on the 10th May 2012. He iterated that the Department will continue to ply its trade guided by the theme: “Working Together to Build a Safer Nation in a Secure World.” He reported that the National Cyber Security Policy Framework was approved by Cabinet in February 2012 and this policy should result in improved coordination of government’s response to the 21st century challenges of information security (InfoSec). The State Security Agency (SSA) is coordinating this work across government in order to finalize the policy by 2013. Here is a list of some government driven policies, bills, regulations and acts that are enacted or work in progress and can strengthen the Cybersecurity Agenda.

In Conclusion

As a response to the changing threat landscape today, most governments are looking to establish some form of Cybersecurity strategy. The model below aims to rationalize the discussion and provide a framework within which to operate. Cybersecurity in this context is viewed fairly broadly and includes not only the classical area of information security but embraces the necessary enforcement and outreach activities as well Download and read this article: “CYBERSECURITY AGENDA: MORE THAN A GOOD HEADLINE”

In line with the supply chain security, when delivering his State of the Nation (SONA), the President called for the screening of all supply chain personnel in government.
Upgrading the overall skills (Government Training) at all layers of society and increasing efforts to build affordable infrastructure for all would allow the country to increase its ICT readiness and uptake and, in turn, spread its impacts across society – particularly the rural poor.
There is progress in legislation enhancement – are we ready for the cloud?
There is progress in the development of Computer Security and Incident Response Team (CSIRT) or Community Emergency Response Teams or Computer Emergency Readiness Team (CERTs) to help address incident response, community awareness, and international collaboration (FIRST) amongst others.

Can we learn and borrow from the long time effective method of immunization (see “The Primary Health Care Package for South Africa – a set of norms and standards”) through clinics? Immunization cards are a condition for acceptance into the first schooling grade for our children in SA. We have also seen how the world has collaborated and won when it came to handing of Influenza’ A (H1N1) virus. In order to improve the security of the Internet, governments and industry should engage in more methodical and systematic activities to improve and maintain the health of the population of devices in the computing ecosystem, These activities include detecting infected devices, notifying affected users, enabling those users to treat devices that are infected with malware, as well as taking additional actions to ensure that infected computers do not put other systems at risk. While the security benefits may be clear, it is important to achieve those benefits in a way that does not erode privacy or otherwise raise concern.

This model will only work if it’s accepted by society and people are assured their privacy is protected. With that in mind, the model must empower people by developing socially acceptable cyber health policies, laws, and international agreements.

To learn more about Microsoft’s proposal, download and read Collective Defense: Applying Public Health Models to the Internet (PDF), in which Microsoft proposes government and industry take action to help mitigate cyber threats today and ensure the long-term health of the Internet as it continues to grow and evolve.

In the mean time – let’s get back to basics and do simple things right. We are doing well with regard to malicious and potentially unwanted software although we are still above world average. We need to bring down the percentage of computers detected with worms. Internet Service Providers (ISPs) can play a big role here (see the paper “The Role of Internet Service Providers in Botnet Mitigation”) and Yes! together we can.

Use this tools and update when required:

By the way… this malwares cost us our bandwidth which doesn’t come cheap yet in South Africa.

→ Leave a comment

Posted in Cloud, Cybercrime and Fraud, Education, Identity and Privacy, Information Security, Politics, Technology

Tagged BRICS, Cable, Cwele, cybersecurity, DoC, Fibre Optic, GITR, ICT, ISPs, ITWeb, MSRT; EMET; CERT; FIRST; Africa, NRI; GCR, Pule, RICA, Security; Awareness; SIRv12, Software Piracy, worms, Zuma; Health; Malware

Pencil and Eraser (To our dear Parents)

Posted on May 1, 2012 | Leave a comment

An inspiring story which reminds me of my parents love, and also the commitment I have for my loved ones. Enjoy!

Pencil: I’m sorry . . . I made a mistake again . . .
Eraser: Never mind, my dear . . . you didn’t do anything so wrong that it can not be corrected . . .
Pencil: I’m sorry . . . because you get hurt because of me. Whenever I made a mistake, you’re always there to erase it. In making my mistakes vanish, you lose a part of yourself. You get smaller and smaller each time.
Eraser: That’s true. But I don’t really mind. You see, I was made to do this. I was made to help you whenever you do something wrong. I want you to be correct . . . always.
Pencil: I am happy that you are always there to correct me. I do not know how I will do without you . . .
Eraser: I know one day I’ll be gone. But you’ll replace me with a new one or an alternative. I love to be with you and I’m actually happy doing my job. So please, stop worrying. I hate seeing you sad. I wish, eventually you will learn to do your job without the need for me.

I, too…, found this conversation between the pencil and the eraser very inspirational. Parents are like the eraser whereas their children are the pencil. They’re always there for their children, cleaning up their mistakes. Sometimes along the way, they get hurt, and become reduced, older, brittle and in the end, pass on. Though their children will eventually find someone new (spouse), but parents are still happy with what they do for their children, and will always hate seeing their precious ones worrying, or sad. Rather they wish their children do a good job and make a lasting
mark in this world.

“We never know the love of our parents for us till we have become parents.”

And when we always complain that no one is there for us the words below should provide comfort and are inspirational, spiritual and joyful.

And what a blessed song by Leona to cement this message to ourselves, loving parents and children doing a good job by securing our well being and making a lasting mark in this world.

Leona Lewis rendition of footprints

→ Leave a comment

Posted in Social

Tagged Footprints, Pencil & Eraser

Microsoft Security Intelligence Report v12–South Africa’s Perspective

Posted on April 26, 2012 | 1 Comment

Microsoft produces the Microsoft Security Intelligence Report twice a year to keep the industry informed on the changing threat landscape and provide actionable guidance for customers in an effort to create safer more trusted computing experiences for everyone. The latest report, Volume 12 provides insight into online threat data with new information for July 2011 through December 2011 and analysis of data from more than 100 countries/regions around the world. This include Africa and our focus being South Africa (pdf). More information about Microsoft Security Intelligence Report Volume 12 (SIRv12) is available at http://www.microsoft.com/sir.

SIRv12 found that the Conficker worm is still one of the biggest on-going threats to enterprises. The Conficker worm, first detected in November 2008, is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction. Conficker worm was detected almost 220 million times worldwide in the past two and a half years. The study also revealed that the worm continues to spread as a result of weak or stolen passwords and vulnerabilities for which a security update exists.

According to the SIRv12, quarterly detections of the Conficker worm have increased by over 225% since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92% of Conficker infections were a result of weak or stolen passwords, and 8% of infections exploited vulnerabilities for which a security update exists.

Computers detected with Worms in South Africa are still sitting at 42.8% compared to worldwide figure of 11.3%. Worms are found to be the most common threat category in 4Q11, down from 43.7% in 3Q11. Miscellaneous Potentially Unwanted Software is the second most common category which affected 30.1% of all infected computers, down from 31.2% in 3Q11. The figure below clearly shows an improvement in terms of computers cleaned per 1000 scanned (CCM) both in SA and worldwide. The third most common category in 4Q11 is Miscellaneous Trojans, which affected 20.7% of all infected computers, down from 20.8% in 3Q11.

South Africa generally performed below the worldwide average with the exception of Trojan Downloaders & Droppers, Exploits, Password Stealers & Monitoring Tools. The top two identified malware families driving worms were Win32/Autorun (18.4% of detected computers) which spreads by copying itself to the mapped drives (including network or removable media like USB drives and instant messaging) of an infected computer and Win32/Vobfus (12.1%) which spreads via network drives and removable drives and download/executes arbitrary files. Downloaded files may include additional malware. Win32/Conficker affected 4.4% of detected computers and sit well in the top 10 bracket of threats in SA . It infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.

Cybercriminals are also trying to do business in South Africa using the following:

Number of websites found that were phishing websites per 1000 hosts has decreased from 0.11 in 2010 to 0.04 in 2011 – worldwide 0.02
Malware hosting sites (per 1000 hosts) has decreased from 0.10 in 2010 to 0.08 in 2011 – worldwide 0.06
Percentage of sites hosting drive-by downloads has decreased from 0.042% in 2010 to 0.031%. This is an improvement when compared to a pick of 1.071% in 1Q11 and it’s way below the worldwide rate of 3.644%.

What You Need to Do:

To ensure protections aligned with today’s threats and to mitigate risks, it is critically important that organizations focus on the security fundamentals to help protect against the most common threats.

For businesses, as Scott Charney, corporate vice president of Microsoft Trustworthy Computing, outlined in his keynote at RSA 2012, Microsoft recommends a more holistic approach to risk management to help protect against both broad-based and targeted attacks that includes:

Prevention: Employ security fundamentals and pay close attention to configuration management and timely security update deployment.
Detection: Carefully monitor and perform advanced analysis to identify threats. Keep abreast of security events and leverage credible sources of security intelligence.
Containment: If the targeted organization has configured its environment with targeted attacks by determined adversaries in mind, it is possible to contain the attacker’s activities and thereby buy time to detect, respond to, and mitigate the attack. To contain an attack, consideration should be given to architecting domain administration models that limit the availability of administrator credentials and apply available technologies such as IPsec-based network encryption to restrict unnecessary interconnectivity on the network.
Recovery: It is important to have a well-conceived recovery plan, supported by suitably skilled incident response capability. Maintain a “crisis committee” to set response priorities and engage in exercises to test the organization’s ability to recover from different attack scenarios.

Microsoft recommends that customers and businesses adhere to the following security fundamentals to help ensure they are protected:

Use strong passwords and educate employees on their importance
Keep systems up to date by regularly applying available updates for all products
Use antivirus software from a trusted source
Invest in newer products with a higher quality of software protection
Consider the cloud as a business resource

How do I remove the Conficker worm?

“Conficker is one of the biggest security problems we face and yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing. “It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”

Tim Rains, Director, Microsoft Trustworthy Computing, provides a report overview of the Security Intelligence Report Volume 12, highlighting the latest vulnerability disclosure, exploit and malware trends focusing on the second half of 2011.

If your computer is infected with the Conficker worm, you may be unable to download certain virus protection security products, such as the Microsoft Malicious Software Removal Tool or you may be unable to access certain websites, such as Microsoft Update. If you can’t access those tools, try using the Microsoft Safety Scanner for virus removal.

In Conclusion:

Key questions on this data:

1. The malware infection rates in SA have been trending down – what factors are contributing to this trend?

2. Conficker and Autorun are among the top ten threats in SA. What citizens, government and organizations need to do in order to protect themselves against these specific threats?

3. Worms appear to be at higher levels in SA than the world wide average. What can citizens, government and organizations in SA do to protect themselves from these threats?

I will be presenting this data at the ITWeb Security Summit 2012 – Agenda 15 May and will follow with a blog.

→ 1 Comment

Posted in Cloud, Cybercrime and Fraud, Education, Industry, Information Security

Tagged Autorun, Conficker, Cybercriminals, Microsoft Security Intelligence Report, Miscellaneous Potentially Unwanted Software, Miscellaneous Trojans, Security, SIRv12, summit, Vobfus, windows 7, worms

The beginning of a beginning –Integrated ICT Policy for South Africa

Posted on April 24, 2012 | 1 Comment

On Thursday the 19th April 2012 I attended the National Integrated ICT Policy Colloquium in Midrand, Gauteng Province. South Africa’s Minister of Communications, Dina Pule, officially opened the colloquium where the Department of Communications (DoC) aims to offer industry a chance to review its policies. Policies on information and communications technology (ICT) should be aligned with government’s developmental goals and address the challenges facing the industry, says Communications Minister Dina Pule.

DoC Minister Dina Pule

Pule said the outcome of the ICT policy development process had to be aligned with government’s top priorities of fighting crime and corruption, rural development, improving health and education, and creating sustainable jobs.

“We needed to have this policy review to overhaul all the legislation in our sector such that they reflect the work that the government does and helps this country and industry to benefit from sustainable ICT development and services for the next 20 years,” Pule said.

“We expect to consolidate all policy on broadcasting services in the digital environment; broadband and internet access; spectrum licensing framework for the country’s development; new regulatory areas in all of these; funding and investment; e-skills development; local content development and ICT market growth,” she said. I participated in the commission working on e-Commerce and Digitising Government and I shared the table with an enthusiastic group of young IT Pros.

Policy Requirements

ICT Policy Colloquium should result in the formulation of the White Paper on Integrated National ICT Policy through consolidation of all policies on:

Broadcasting services in the digital environment
Broadband and internet access
Spectrum licensing framework for the country’s development
New regulatory areas in all of the above
Funding and investment
e-Skills development
Local content development and
ICT market growth.

ICT policy must respond to the government priority of job creation. It must also answer questions that include:

How best can we influence investment in local electronics manufacturing for the future of our country?
How will we ensure that rural connectivity becomes a reality in the roll-out of broadband internet?

There is a need for technology transfer to help meet the demand for technologies and a need for fair competition in the market that will lead to the lowering of the costs of communications. As a result, the two day Colloquium boasted six commissions chaired by ICT sector experts. These are:

Broadcasting
Telecommunications
Policy and Regulation
e-Commerce and Digitizing Government
Investments and Industry Development
Local Digital Content

Cybersecurity Agenda

As we start looking into the future, 18 years from now - we also have the opportunity to look back 18 years. South Africa had a new president in Nelson Mandela with a brand new cabinet. Five years later the new dispensation was brought to the attention of our ICT environment because of the “Y2K”. The work “From Y2K to Security Improvement: A Critical Transition” captures the essence of security improvement programs (SIP) that were enhanced by the Y2K exercises executed as countries National “Security” Agendas. This was followed by the 9/11 events which also enhanced the disaster recovery plan programs mostly driven by or around ICT. The work by Dr Andile Ngcaba on the Policy Framework for South Africa titled “ Digital Life in the Eco-System” takes us back to the pro’s and con’s towards the development of the ICT policy and it should be an important lesson as we begin this journey. Let’s all look into the security lessons discussed here, with particular focus to the legislation like Data Protection Act, Protection of Personal Information Act (POPIA), Regulation of Interception of Communications Act (RICA), etc. How can they strengthen the new policy and vice-versa?

The chairperson of our commission, Chose Choeu, challenged me and other InfoSec colleagues on the security considerations towards building an Integrated ICT Policy for 2030. This took me back to the to Policymakers page that help educate policymakers on matters relating to online privacy, safety, and security. The guide, Building Global Trust Online Volume 2: Policymaker Guide to Privacy, Safety and Security, (pdf file) was compiled from extensive work and on-going research by Microsoft teams, as well as consultation with external subject-matter experts. It’s worthwhile to read to facilitate positive and informed contribution.

As a country we need to determine clearly what are key elements in terms of Cybersecurity Agenda. It is a very sensitive issue, which needs to be based on a level of trust between citizens, people in the public and the private sector, within the public sector and within the private sector. A very common approach is to set Cybersecurity equal to Computer Security or Information Security. The classical security with the goal to secure the information of a government, company or end-user is definitely part of any cybersecurity agenda of any government. However, it cannot and shall not be the end. Cybersecurity is more than “just” IT security. To be successful, it is of outstanding importance to expand a classical Cybersecurity approach from a merely technical and internal policy view to a broader approach covering everything from the technology to critical infrastructure protection to cybercrime prevention and successful prosecution. Only an integrated strategy can lead to a successful cybersecurity agenda.

On a high level, the diagram above can be summarized as follows:

It has to cover the alignment between social, legal and economical themes. An initiative cannot be successful if it is not socially accepted or economically feasible for the companies having to implement the measures. This has to be embedded in the cultural environment. The challenge there, however, is that a lot of measures have to be designed and implemented globally (like law enforcement collaboration, aligned legislation allowing for efficient work) and therefore some compromises have to be made most probably.
It needs to address strategies and policies from supply chain security to government training to internal collaboration to innovation. Typically the training part has to be addressed and so is the supply chain security, even though it might have to be broadened. What should not be missed is the whole notion of innovation. Research and development in the area of cybersecurity with the goal to help the economy grow on the base of a sound and secure environment can be a smart way to help to cover the cost of such and initiative.
On such a base, the whole infrastructure can be addressed. Infrastructure being the government’s own infrastructure, the critical national infrastructure and an identity strategy. This is often the area, where a cybersecurity agenda starts and is driven as it is known best (but unfortunately still key concepts are neglected).
And this finally lays the foundation for any kind of solution and application.
Besides that the governments has to engage with different communities. There is an absolute necessity to collaborate internationally in a close partnership as well as with the private sector and the citizen/consumer of all ages. Not to exclude the security research community.

With such an approach, there is a high probability of successfully working towards the vision of having “citizens, business and government enjoying the full benefits of a safe, secure and resilient cyber space: working together, at home and overseas, to understand and address the risks, to reduce the benefits to criminals and terrorists, and to seize opportunities in cyber space to enhance the country’s overall security, resilience” and economic growth.

This Agenda need a high political will and pressure to make people work together and pull in the same direction. There’s a lot of work going on by the Justice, Crime Prevention and Security Cluster (JCPS) – Let the organised ICT professionals, business, labour and citizens add to this momentum.

The Programme Director, Themba Phiri, who’s also the DDG: ICT Policy and Development kept on emphasising that we are just beginning and no one should feel left behind. Any additional comments and/or questions on the process to date as well as your suggestions for the way forward are requested to be send to ictcolloquium@doc.gov.za and web access to commissions/work-streams is here. This particular method of communication is said to be kept open until the end of May.

→ 1 Comment

Posted in Cybercrime and Fraud, Education, Industry, Politics, Technology

Tagged broadband, cybersecurity, Department of Communication, Digitising Government, e-Commerce, ICT, legislation, Policy, Regulations, Supply Chain Security

Phone scams and how persistent they have become – a new type of cybercrime?

Posted on April 3, 2012 | 6 Comments

Today I had an interview with Ernest Pillay of Radio 2000 around the phone scam story, and I was using an IP telephony by the way (Here is the clip). This follows my presentation, titled “How Threat Intelligence can be used to help organizations protect themselves from cybercriminals” at the CYBER CRIME EXTENDED WORKSHOP 2012 on the 2nd April 2012. The first thing Ernest asked me was about the level of cybercrime is South Africa. Definitely a concern for most citizens and the reality is that, we don’t have official statistics yet and companies are not yet obliged by a law like “the Draft Protection of Personal Information Act (POPIA)”. It only came out in the recent case heard by the Johannesburg Magistrate’s Court that South African banking customers were scammed out of R180-million in 2010 alone. An increase of R120-million from 2009.

On a quick search, I came across an article Cyber Criminal: Attackers Don’t Stop released on December 28, 2008 (which happened to be my birthday Smile ). This, in a way tells you that we are not dealing with a new trick but rather new means through technology to purport this act of criminality. A sophisticated phone scam evolving from traditional web – based phishing attacks. Cybercriminals don’t just send fraudulent email messages and set up fake websites any longer. They are also calling you on the telephone and claim to be from Microsoft in some instances.

Their persistence drives them to even calling one person several times as in the video below:

“They’ve phone me so many times. One time before I was winding them up, leading them along for ages until i told them a few strong words. But they are so stupid not to cross my telephone number off their list, and they keep calling back. So I thought I’d video it this time.”

Microsoft has warned South African consumers to be wary of a phone scam that has left some victims hundreds of rands out of pocket in October last year . Several radio stations including MetroFM and Radio 702 also added their voice to reach out to consumers on this issues. The truth is, neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

How it happens

The scam typically unfolds in the following manner:

1. A cold caller, claiming to be a representative of Microsoft, one of its brands or a third party contracted by Microsoft, tells the victim they are checking into a computer problem, infection or virus that has been detected by Microsoft.

2. They will trick consumers into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you for the removal of this software.

3. They tell the victim they can help and direct them to a website that then allows the scammers to take control of the computer remotely, adjusting the settings and leaving the computer vulnerable.

4. The cold caller will then spend some time on the computer trying to demonstrate where the ‘problems’ are and in the process convinces the victim to pay a fee for a service that will fix the computer.

What you need to know

Cybercriminals often use public phone directories to harvest consumer names and personal information, thereby garnering consumer trust in the sheer level of knowledge they appear to offer about them. These callers claim to be from:

Windows Helpdesk
Windows Service Center
Microsoft Tech Support
Microsoft Support
Windows Technical Department Support Group
Microsoft Research and Development Team (Microsoft R & D Team)

In reality, there is nothing wrong with your computer but the scammer has tricked you into believing there is a problem and that paying the fee is the best way to get it fixed. Often they will also push you to buy a one year computer maintenance subscription. They are just trying to steal money from innocent people.

How to protect yourself from telephone tech support scams

Firstly don’t be fooled, Microsoft will not cold call consumers in regards to malfunctioning PCs or viruses and secondly use common sense in assessing your callers and their intent. A few basic pieces of advice can help South African consumers from being taken in by this and other scams:

Do not purchase any software or services.
Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
Take the caller’s information and report them to the South African Police Services (08600 10111 or crimstopgauteng@saps.org.za) immediately.
Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you fear that you may already have been scammed, you should:

Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)
Keep an eye on bank accounts and report any potentially fraudulent activities immediately.
Ensure the operating system is full updated and that all security updates are installed; and
Make sure the system is protected with strong passwords that are changed regularly.

More guidance and advice is available at www.microsoft.com/security or contact our local office on 011 361 9000.

Have you ever been victimized already, albeit by phone,SMS, email or over the internet? Share your story by leaving a comment and warning others!

→ 6 Comments

Posted in Cybercrime and Fraud, Education, Identity and Privacy, Information Security, Technology

Tagged cybercrime; password, online banking; windows; SAPS; Microsoft; Safety; Essentials; computer; telephone, Phone scams; Personal Information; Radio 2000, POPIA, Security; Software, Threat Intelligence; scamming; fraud; bank

Child Sexual Abuse and Exploitation – Equity and their Rights: South Africa

Posted on March 21, 2012 | Leave a comment

On this day when South Africa celebrate the Human Rights Day and the Universal Declaration of Human Rights (UDHR) was adopted by the United Nations General Assembly (10 December 1948 at Palais de Chaillot, Paris), let me focus the attention to equity and the rights of a Child. What are we doing with the continual sexual abuse and exploitation of the child? Are our children becoming the scatterings of South Africa? Can technology play any part in securing the safety of the child online and elsewhere?

Yesterday the Minister of Police, Nathi Mthethwa continued with the monitoring of service delivery programme of the South African Police Service (SAPS) Family Violence, Child Protection and Sexual Offences (FCS) Units which was reintroduced in 2010. Statistics showed that the rate of violence against children (aged 18 and younger) had increased in all the provinces between the financial years 2008/2009 and 2009/2010. How can we reduce this numbers through the assistance of technological innovations?

Minister for Women, Children and People with Disabilities (WCPD)- Ms Lulu Xingwana, emphasised in her foreword of “South Africa’s Children – A Review of Equity and Child Rights.” that we need to make sure that girls and boys are afforded and experience equal opportunities from birth, at home, in school and in career choices; that violence against children is eradicated at its roots in our society; that children in rural and urban areas have the same access to resources while they grow up; that every child eligible for government support receives such support; that every child, no matter where s/he is born or lives, has the same chances to survive and thrive, and live healthily; that children with disabilities experience a society that values them and respects their rights; and that we make every effort to listen to our children.

This year the Child Protection Week will commence on the 28th of May and run until the 03rd of June. The concept of Child Protection Week stems from the African proverb, “it takes a village to raise a child”, which emphasises the role of the wider community in keeping children safe.

One of the recommendation from the civil society in the report “Child Sexual Abuse and Exploitation in South Africa” is that we need to improve the quality of evidence and prevent further trauma to the child, police, social workers and prosecutors should be trained in effective interviewing techniques. Members of the criminal justice system should also undergo training to sensitise them to the complex issues involved in cases of child sexual abuse and exploitation.

Child prostitution in South Africa is usually a case of survival sex. Children are often forced to work because of economic circumstances – they have to contribute to the family’s income or provide for themselves. Here is a case studyof a true story of how young girls are kidnapped and forced to use drugs and become prostitutes. Organized crime syndicates and unscrupulous employers flourished under these conditions. This give rise to increased child abuse and sexual exploitation is the following forms:

The production of pornography
Hardcore sex
Children being used as drug carriers
The mistaken belief that having sex with a virgin will rid the perpetrator of HIV/AIDS.
Children being used or trafficked for the use of their organs
Children being made to work under inappropriate environments and conditions sweatshops, agriculture, domestic service, etc.
Sale of child brides
Child prostitution
Informal economy (hawkers and beggars)
Children being murdered and gutted and their dead bodies used to courier drugs across country borders
An increased demand for black children – especially from European and North American men, for sexual purposes

What can we do to help in this fight?

The Microsoft Digital Crimes Unit announced on the day before yesterday that we are making Microsoft PhotoDNA technology available at no charge to law enforcement in a variety of ways to help enhance child sex abuse investigations and further advance the fight against child pornography worldwide by empowering law enforcement to more quickly identify and rescue victims.

Microsoft Makes PhotoDNA Technology Available to Law Enforcement

Citizen/Consumer

First, be aware of and alert to the problem. In the ‘real world’, neighbourhood watch groups help keep communities safe and prevent crime. That same type of vigilance is needed amongst the online community to help keep the online community safe from child exploitation. We do not recommend average citizens seeking out child pornography online (remember, possession of child pornography is illegal), but if you see any behaviour on Facebook, SkyDrive, Hotmail or Bing (or other online services) that you find suspicious or you believe suggests the potential exploitation or harm a child, report it as abuse to the online service. And if you know about or suspect child sexual abuse in any form, report it to your local law enforcement agency, SAPS Children’s Corner or NCMEC’s CyberTipline at www.cybertipline.com.

Second, help us drive demand for further action, build public awareness and help bring this issue out of the shadows and into the open. This is an uncomfortable issue to discuss, but without public demand we won’t see the kind of increased focus and investment needed to make a broader impact in the area. Regardless of the online services you use, contact the providers and encourage them to take proactive action in the fight against child exploitation and show your support for others joining Microsoft and Facebook in NCMEC’s PhotoDNA program. Tell your legislators that this is a priority for you. Make your voice heard.

Government and Policymaker

Government and policymakers should continue to support strong global collaboration across industry, hotlines and law enforcement to enable the removal of these images from the Internet and the successful prosecution of these crimes. This is a purely voluntary effort and a great example of corporate and industry leadership on this complex, difficult issue. Laws should provide the appropriate safe harbours for service providers who take proactive steps to find, report and eliminate these images, but these steps should not be mandated – this must remain voluntary. They also should fully fund robust law enforcement efforts at the global, national, provincial and local levels. Most importantly, all policymakers and leaders have a great opportunity to use their bully pulpit to raise awareness around the problem of child exploitation online and create the necessary public demand for action that is essential for progress in this fight.

Online service provider

Online service providers should work together to develop and share best practices and technology like PhotoDNA that enable them to identify, remove and report these images. We recognize that PhotoDNA might not be the right answer for everyone, but we do encourage all online service providers to begin proactively addressing these issues and help to stop the distribution of child sexual abuse images on our services. Online service providers interested in implementing PhotoDNA – whether they are U.S. or otherwise – can contact NCMEC at PhotoDNA@ncmec.org for more information.

In Conclusion

South African Centre for Missing & Exploited Children (SACMEC) has a comprehensive and secure database that stores photos and information of children pro-actively that will most definitely assist in the recovery of missing children.

Child Online Protection (COP)- hosted by the department of communication, has been established as an international collaborative network for action to promote the online protection of children worldwide by providing guidance on safe online behaviour in conjunction with other UN agencies and partners.

The film and publication board through one of their site Anti-Child Pornography has also established the internet hotline, a service that affords the members of the public with an opportunity to report, online, any child pornography or sexual abuse images discovered accidentally on the internet. This may also include child grooming activities hosted in the chat rooms. The internet hotline will also forward a detailed report relating to child pornography to the law enforcement agencies within the country for prosecution. Their international networking and imminent partnership with INHOPE allows them to take action against child pornography (child sexual abuse images) on the internet hosted outside South Africa. These international networks will then pass their reports to the appropriate law enforcement agencies.

SOWETO, South Africa, 18 June 2010 — As the most-watched sports event worldwide, the FIFA World Cup 2010 is expected to attract more than a billion television viewers around the world.

South Africa has ratified the UN Convention on the Rights of the Child. – Together we should be able to help to solve this massive problem in South Africa, Africa and worldwide.

→ Leave a comment

Posted in Cybercrime and Fraud, Education, Information Security, Technology

Tagged Child; Child Online Protection; SACMEC; PhotoDNA ;South African Police Service; Sexual Abuse; Exploitation; Equity; Rights; Microsoft Digital Crimes Unit; Lulu Xingwana; Nathi Mthethwa; FPB, UN

The Impact and Effects of Cybercrime on the Society.

Posted on December 12, 2011 | Leave a comment

Some weeks back I had a conversations with amongst others – the legal minds, at the 2nd Annual South African Cybercrime Conference on the topic “Embed Cybercrime in an overall Cyber security Agenda”. The event discussed Cybercrime in South Africa and Africa as a region including the EU Convention on Cybercrime which celebrated its 10^th year anniversary. Here are the topics discussed which I will allude to some in this blog:

Exploitation of children and trafficking in human beings (Cyberbullying)
Legislation and policies
International cooperation
Law enforcement – service provider cooperation in the investigation of cybercrime
Financial investigations
Training of judges and prosecutors
Data protection and privacy
Insurance Against Cyber Attacks

This conference came in the background of two reports:

The 2011 PwC Global Economic Crime Survey (GECS) addresses various forms of economic crime, but puts the spotlight on cybercrime. The South African edition of the GECS in its key findings noted that Cybercrime has emerged as a significant contributor to economic crime losses in South Africa and is now the fourth most common economic crime in South Africa and globally.

and

Gartner’s Top Predictions for IT Organizations and Users for 2012 and Beyond predicting that through 2016, the financial impact of cybercrime will grow 10% per year, due to the continuing discovery of new vulnerabilities.

The surveys and predictions are worth to note amongst other published documents and a proper analysis and planning need to be done to try and circumvent the high probability of cybercrime and secure the society.

Cyberbullying

Cyberbullying is a fast growing trend that experts believe is more harmful than typical schoolyard bullying. Nearly all of us can be contacted 24/7 via the internet or our mobile phones. Victims can be reached anytime and anyplace. For many children, home is no longer a refuge from the bullies. “Children can escape threats and abuse in the classroom, only to find text messages and emails from the same tormentors when they arrive home”. Please watch as a father of a young man who committed suicide after being cyber bullied, tells his sons story and the pain he has to live with for the rest of his life.

Cyberbullying suicide story

Are these cases prevalent in South Africa? The Mail & Guardian carried an article on 21 January 2011 highlighting the dangers of cyber bullying and sexting, emphasizing that they are realities in our schools.

“In February/March 2006, three high school boys aged 15- to 17-years-old were charged with crimen iniuria after publishing an alleged defamatory image of the deputy principal of their school. One of the boys created the defamatory image electronically by attaching the heads and faces of the principal and deputy principal on to a picture of two naked men sitting next to each other in a sexually suggestive and intimate manner. The boy took the school badge from the school website and used it to obscure the men’s genitals. He then sent the image to a friend’s mobile phone, who forwarded it to other learners at the school. One of the accused printed the image and placed it on the school’s notice board.” – Le Roux and Others v Dey (Freedom of Expression Institute and Restorative Justice Centre as Amici Curiae) 2011 (3) SA 274 (CC).

“Two boys, aged 14- and 16-years-old, were arrested on 8 November 2010 for the alleged rape of a 15-year-old school girl. The alleged rape took place at the Jules High School in Jeppestown, and the boys had allegedly filmed the incident on their mobile phones.” – Jules High sex pupils in court

Investigation , Prosecution and legislation

A detailed summary of issues relating to offences, legislation, legal aspects and jurisdiction in cyber crime cases in South Africa has being well captured by the article “Cyber Crime In South Africa”. Most of the Cybercrime provisions in the Electronic Communications and Transactions Act, 2002 (No. 25 of 2002) are noble endeavourers; however, their enforceability is still to be tested in our South African Courts. Responses to both cyber bullying and sexting are fragmented and rely on various pieces of legislation, common law definitions of criminal offences and civil law remedies in cases.

The study by F. Cassim “FORMULATING SPECIALISED LEGISLATION TO ADDRESS THE GROWING SPECTRE OF CYBERCRIME: A COMPARATIVE STUDY” reveals that the inability of national laws to address the challenges posed by cybercrime has led to the introduction of specialised cyber legislation. He advocated that countries should amend their procedural laws to include intangible evidence of cybercrime, as opposed to tangible evidence of traditional crimes.

Judgements on cases involving cybercrime in South Africa reported by the media are dominantly on the evidence provided through usage on digital and internet applications like email, SMS, and video captured through cell/smart phones rather than conviction of cybercrimals who used methods like phishing, smishing or botnets. In my last blog “How safe are we on social networks?” I touched on typical cases in South Africa which earned themselves titles like “MXit child porn ‘horrific’” and “ “Facebook rapist” Thabo Bester was sentenced to 50 years imprisonment on Friday for raping and robbing two women”.

Here are some media abstracts about other cases:

“The witness, a sergeant who works in the Cyber Crime Unit, had downloaded the clip of the two cars believed to be Maarohanye and Tshabalala’s from the phone of an eyewitness who had taken the video” – Drama, anger at Jub Jub trial

“State prosecutor Ian Cooke read a series of emails and text messages which he said proved Sheryl Cwele was part of arranging for Tessa Beetge to collect drugs.” – Cwele case not dismissed

“Pretoria High Court judge Nkola Motata has lost a round in his drunken driving battle when the high court ordered that video recordings allegedly made on the scene where Motata crashed his car could be played in court during a trial-within-a trial to test their admissibility.” – Judge Motata’s bid to block recordings fails – South Africa | IOL …

Some of the issues the victims of cybercrime have with the justice systems that doesn’t have frameworks ready to implement legislation whenever it exist are:

They don’t trust police and don’t have any faith that anything will be done if they do report it.
They don’t want to spend even more of their time filling out forms and talking to law enforcement personnel and generally dealing with the “hassle factor” involved in reporting.
They don’t think the crime is serious enough or significant enough or their losses large enough to warrant taking up the time of law enforcement.
Or simply, they just don’t know where to report due to lack of awareness.

The Security and Exchange Commission in the US issued a new guidance requiring that companies disclose “material” cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage.” When this trend is adopted worldwide – the cost of the insurance might have to be passed to the consumers of services. The implementation of such legislation or regulatory frameworks will also require extensive training and clear audit processes.

Why clear audit processes? We do have issues around IT professionals within the private and public sectors and those from the civil society when they have being attacked or are victims of cybercrime:

They don’t want to think of themselves as victims and are in denial.
They don’t want others to know they were victimized because they think it makes them look weak; in the case of businesses, will cause them to lose clients because the clients won’t trust them to be able to adequately protect client data – this discussion “ The Disclosure Debate: When Should Companies Reveal Cyber Attacks?” allude to this fact; and we also have IT departments personnel in Government department that don’t want to loose their jobs.
They blame themselves for not having bought that firewall or anti-malware program or for clicking on that link or visiting that web site or lowering their computer’s security settings to make it easier for them to access what they wanted.

As promised – there has being some continual activities on “Battling Botnets for Control of Computers”. The Microsoft Digital Crimes Unit (a worldwide team of lawyers, investigators, technical analysts and other specialists whose mission is to make the Internet safer and more secure through strong enforcement, global partnerships, policy and technology solutions) have done some excellent work with regard to bringing down botnets in collaboration with different governments agencies. This collaboration resulted in the second botnet (Rustock ) being brought down:

Microsoft Digital Crimes Unit wiping out the notorious spambot and how the takedown will impact you

There is a lot of lessons to learn from this exercises as per this article: “Microsoft passes Rustock botnet baton to FBI – Take-down and command disruption reduces botnet by 74% since March”. The passing of the baton resulted in this government law enforcement agency bringing down Coreflood botnet: Botnet Operation Disabled – FBI Seizes Servers to Stop Cyber Fraud.

Forensics, Protection and Prevention

Constant knowledge and training on digital forensics is key to an information security strategy. It gives assurance to the consumers/citizens that they can be protected through solid evidence proof type of investigations and be protected from future attackers including the “insider”. Electronic evidence discovery (EED), and the use of third-party computer forensic experts has gained wide-spread use in most forms of litigation, see Forensic Lifecycle and the following articles:

You can learn how Family Safety can help you manage your children’s computer activity, including websites, games, and programs through Windows Live Family Safety 2011. Here is a government site for Child Online Protection and a community site “Cyber bullying: When all else fails” in South Africa. Parents can do the following to protect their children from cyberbullying: (www. stopcyberbullying.org)

Bing your child
Make sure that the cyberbully isn’t posting attacks online. When you get an early warning of a cyberbullying campaign, it is essential that you keep an eye on your child’s screen name, nick names, full name, address, telephone and cell numbers and Web sites.
Block the sender
Someone who seems aggressive, or makes you uncomfortable and does not respond to verbal pleas or formal warnings should be blocked. This way, they will not be able to know when you are online or be able to contact you through instant messaging. Even if the communications are not particularly aggressive or threatening, if they are annoying, block the sender. (Most ISPs and instant messaging programs have a blocking feature to allow you to prevent the sender from getting through.)
“Warn” the sender
If the cyberbully uses another screen name to avoid the block, otherwise manages to get through or around the block or communicates through others, “warn” them, or “notify” the ISP. (This is usually a button on the IM application.) This creates a record of the incident for later review, and if the person is warned enough, they can lose their ISP or instant messenger account. (Unfortunately, many cyberbullies use “warning wars” or “notify wars” to harass their victims, by making it appear the victim is really the cyberbully. This is a method of cyberbullying by proxy, getting the ISP to be an unwitting accomplice of the cyberbullying.)
Report to ISP
Most cyberbullying and harassment incidents violate the ISP’s terms of service. These are typically called a “TOS violation” (for a “terms of service” violation, and can have serious consequences for the account holder. Many ISPs will close a cyberbully’s account (which will also close their parents’ household account in most cases.) You should report this to the sender’s ISP, not yours.

An article “Legal responses to cyber bullying” suggest the legal responses to cyber bullying and sexting. Its recommendations focuses mainly on the way in which role players in the criminal justice system (CJS) can contribute to dealing with these behaviours including amongst:

“Cyber safety, education and awareness raising
about cyber bullying and sexting
should form part of the school
curriculum. The Department of Basic
Education should ensure that schools
have clear policies on how to deal with
such incidents.”

Efforts to enable judges and prosecutors to prosecute and adjudicate cybercrime and make use of electronic evidence through training, networking and specialisation are on-going and there is a project of cybercrime for judges currently funded by contributions from the Government of Romania, Microsoft and McAfee (through the Silicon Valley Community Foundation) which complement Council of Europe funding. Here is a training document you can download: “Cybercrime training for judges and prosecutors: a concept”

Project MARS (Microsoft Active Response for Security) disrupted botnets and began to undo the damage the botnets have caused by helping victims regain control of their infected computers. We can learn from this project, adopt and improve according to our countries present level of readiness.

FBI Seizes Servers to Stop Cyber Fraud

If you believe your computer may be infected by Rustock, Coreflood or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.

Sooo…, we have crime cutting across almost all forms of our normal societal lives through the technological means existing to enhance our potential for a better living. It is time that we (in particular governments) start collecting incidents (through National CERTs amongst other means) and measuring the impact of this crime and report it regularly as part of the Crime Report/Statistics – whenever it is reported (Weekly, Monthly, Quarterly or Yearly). In terms of addressing cybercrime, the “Take Back the Tech” campaign (www.takebackthetech.net) is one excellent example of civil society taking up the initiative to educate the civil society about protecting themselves from cyber violence.

→ Leave a comment

Posted in Cybercrime and Fraud, Education, Industry, Information Security, Technology

Tagged botnets, CERT, child online, cyber attacks, Cyberbullying, cybercrime, forensic, Gartner, government, insurance, ISP, judges, prediction, prosecutors, protection, PwC, survey, training, windows

Landing Microsoft Office 365 in South Africa with Security in Mind.

Posted on December 4, 2011 | 4 Comments

Microsoft has landed the cloud-computing productivity suite, Office 365, in SA. The suite can be safely utilized by any sized business, from those with a handful of employees, right up to multinational enterprises. Business owners get the reliability, security and IT controls they need in the cloud. It is browser based, and supports all major browsers, including Apple’s Safari, it can be used on most devices. It will be available to SA users as a free trial until its commercial launch sometime next year.

“Office 365 is the best of everything we know about productivity, all in a single cloud service. We have had a huge amount of support from our local partners and customers to bring cloud computing to the region,” said Melanie Botha, Microsoft South Africa’s marketing and operations director.

Microsoft SA launches Office 365

“Small companies can now take advantage of the best technologies the largest companies use, but on a scalable pay-as-you-go basis, with solutions that are easy to get and use. Now small companies can cater to their technology needs without big infrastructure investments, and get access to several technology tools they didn’t have before,” said Botha.

One of the benefits for larger sized businesses, Microsoft is offering for Midsized Businesses and Enterprises include powerful, up-to-date anti-virus and anti-spam solutions. I have blogged earlier about the safety and compliance of our data centres and here is a document which offers high-level insight into how the Cloud Computing Security Considerations can be addressed using Microsoft Office 365, a public cloud service. Identity and access is very critical in accessing cloud services. In the video below, Mike Kostersitz describe the different identity options organizations have with Office 365.

Identity and Access management

At Microsoft, we appreciate the trust you place in us by using our online services to manage your valuable data. Trust Centre is a portal providing in-depth information about our privacy and security practices related to Microsoft’s Office 365 offerings. This information will help you to understand and assess our practices for handling and securing data on Microsoft Online Services.

The Cloud Security Alliance published the Cloud Control Matrix, to support consumers in the evaluation of cloud services and to identify questions prudent to have answered before moving to cloud services. In response to this publication, Microsoft has created this document to outline how we meet the suggested principals and mapped them to the International Standards Organization (ISO) 27001:2005 and ISO 27002. With this standardized response we would like to empower customers with in-depth information to evaluate different offerings in the market place today.

For more info or to sign up for the Office 365 public trial, please go to www.office365.co.za.

Office 365

→ 4 Comments

Posted in Cloud, Identity and Privacy, Technology

Tagged CSA;control matrix; reliability, O365; Office 365; Security; Identity; Access; Public Cloud; Trust Centre; South Africa;ISO

Mobile security and its relationship with the cloud

Posted on November 1, 2011 | 3 Comments

Last week on the 26th October 2011 I had a conversation at the Mobile Security Summit on the following issues:

Managing the relationship between mobile and the cloud: harnessing the potential of cloud and understanding the relevant risks
Managing the power in security decisions and strategies for the cloud: what are the implications and how has the cloud been breached?
How do companies manage data and application security in the cloud when control is being relinquished?
Distributing data through the cloud and the security boundaries and challenges this presents
Harnessing good governance procedures to ensure secured data in the cloud

On the first and second points, the emergence of two technological trends like the cloud and Consumerization of IT (CoIT) has effectively made IT dynamic. Cloud computing is one of the biggest changes that are happening within our time and it’s an important change that is going to help computing to be much more accessible to people. The cloud is as a hub for orchestrating the flow of information and technology across our lives and nearly infinite storage and processing power.

A series of technology trends are driving the consumerization of IT. Availability of devices like smartphones, tables, laptops etc. enables the users/consumers to access different cloud services from anywhere at anytime. This obviously requires good communication technology platforms to help people connect with each other and access services in a secure manner. If one looks back at the white paper “Smartphone Attacks and Hacking: Security Threats and Trends 2011”, we definitely have seen continual data breaches which forced more and more governments-and even private industries-to consider more in-depth security regulations to protect citizens.

On the third, fourth and last point, I blogged on “Information Protection and the Cloud” earlier and the article titled “Windows Phone 7.5 Enterprise Security and Policy Management” provides an overview of the Windows Phone security model and how Windows Phone was designed to protect information. It describes the Exchange ActiveSync (EAS) security–related policies that can be managed by IT departments and discusses how apps are isolated from each other to help protect the operating system. In addition, the article provides information on how Windows Phone helps protect against malware and how IT departments can provide secure access to corporate resources.

Cloud services begin and end either within an organisation or at the personal computer or device of an individual using the service. The mobile devices as the end-point must be included in any security consideration for cloud-based services. Failure to evaluate the entire service chain from beginning to end can introduce flaws in service design and delivery. To increase the trustworthiness of cloud computing end-to-end, the full spectrum of activity should be considered, to help protect users from threats including online identity theft, website cross-scripting attacks, phishing attacks, and malicious software downloads. In a cloud computing environment, security measures and approaches should be reviewed, as cloud services may have dependencies on more than one service provider where the same level of visibility may not be available.

The key to maximizing security and productivity is to control access based on the user, the level of trust you have in the device, and the business impact of the information. Organization need to look into end-to-end security and management platform that can:

Manage Windows-based devices best and be best-in-class on other devices (Android/Apple).
Manage any mobile device that connects via Exchange ActiveSync, including Windows, iOS, Symbian, and Android-based devices
Distribute and deploy software to PCs nearly anywhere over the Internet
Scan for malware remotely, update malware definitions and even restart remote PCs

→ 3 Comments

Posted in Cloud, Information Security, Technology

Tagged COIT, consumerization of IT, devices, EAS, Mobile, Policy Management, regulation, Security, smartphone, summit, Windows Phone 7.5

Malware Trends in South Africa –MS SIRv11

Posted on October 31, 2011 | 7 Comments

On the 11th October 2011, volume 11 of the Microsoft Security Intelligence Report (SIRv11) was released, covering the period January to June 2011. With detailed analysis on 105 countries, it is the largest and most in-depth report on cyber-threats ever developed thus far. One of the SIRv11 Key Finding - less than 1% of all vulnerability attacks were against zero-day vulnerabilities; 99% of attempted attacks impacted vulnerabilities for which an update was available.

Customers had a good sense of what zero-days are (situations where an exploit is released before the vendor has issued a security update), but don’t always know how to prioritize them. Zero-days are real, and we don’t want to diminish the risk they represent. But this data suggests that IT professionals can prioritize their security work on the more prevalent threats that they already know how to defend.

Malware detection

Looking at the malware detection regionally or per country and zooming specifically into South African whose report can be found here, consider the heat map below:

Second Quarter of 2011 (2Q2011) – April, May June 2011

As noted in Tim Rains blog “The Threat Landscape in Africa & the Internet Governance Forum”, Africa is one area where it has been difficult to obtain reliable, long-term trend data on the threat landscape for specific locations. The heat maps above, shows that insufficient data exists for many regions in Africa. Microsoft Windows Malicious Software Removal Tool (MSRT) was downloaded and executed over 4.7 billion times in the first half of 2011 (1H11) alone. The number of systems that runs this tool changes from month to month, although there has being some consistency in some countries like South Africa, Egypt and Kenya on the African continent.

The most common category in South Africa in 2Q11 was Worms, which affected 45.4% of all infected computers, down from 46.3% in 1Q11. The second most common category in South Africa in 2Q11 was Miscellaneous Potentially Unwanted Software, which affected 28.3% of all infected computers, up from 27.0% in 1Q11. The third most common category in South Africa in 2Q11 was Adware, which affected 23.1% of all infected computers, down from 26.5 % in 1Q11

South Africa generally performed below the worldwide average with the exception of exploits, adware and spyware. The top two identified malware families driving worms were Win32/Autorun (20.3% of detected computers) and Win32/Rimecud (a.k.a. Mariposa botnet – 15.5%). Both of these threats spread using multiple techniques and have been observed spreading via mapped drives, removable media like USB drives, instant messaging and by abusing the Autorun feature in Windows.

Worldwide cybercriminals abuse Autorun to install malware such as malicious and potentially unwanted software. Autorun was the 2nd most common malware propagation method cybercriminals were using to swindle money from their victims. Some of the most prevalent malware threats over the past couple of years have misused a feature in Windows commonly called Autorun to execute code and attack systems.

To protect users, AutoRun is more locked down now by default in Windows 7.
For users of Windows XP and Windows Vista we released updates in February to make the AutoRun feature more locked-down from being enabled automatically for most media.
By May, the number of infections related to the most prolific Autorun-abusing families found by the MSRT per scanned computer was reduced by almost 60% on XP and by 74% on Vista in comparison to the 2010 infection rates.

But it’s still a problem that persists for those that have not turned off the feature or click unknown things on their USB drives. Threats that use Autorun-feature abuse, like Win32/Autorun and Win32/Rimecud, have being addressed in this blog post: Defending Against Autorun Attacks.

Cybercriminals are also trying to do business in South Africa using the following:

Phishing sites (per 1000 hosts) has increased from 0.06 in 1Q11 to 0.07 in 2Q11 – worldwide 0.38
Malware hosting sites (per 1000 hosts) has increased from 0.04 in 1Q11 to 0.06 in 2Q11 – worldwide 2.02
Percentage of sites hosting drive-by downloads has increased from 0.056% in 3Q10 to 0.726% in the second quarter of 2011 (2Q11) way above the worldwide rate of 0.273%.
In 2Q11, Forefront Online Protection for Exchange (FOPE ) determined that 0.519% of all spambot IP addresses were located in South Africa; this figure is down from 0.554% in 1Q11.

Protect Your Environment

Challenges and constraints

So the obvious question is if the majority of threats can be mitigated against, why do they still exist? The reality is that although the sophistication of cybercriminals continues to be a challenge, old techniques of infecting users continue to succeed. For consumers and corporations alike, creating and maintaining a fully-threat proof system is not easy.

Consumers -For the vast majority of people, the scope of the security problem far exceeds their will and ability to keep up with it. People want to spend their time and money on using the technology for enjoyment and to help them be productive. Generally, they want to spend minimal time and money keeping pace with the latest security threats.

Businesses – On the other hand, for the vast majority of businesses, the scope of the problem has become exceedingly complex. Businesses have many competing security challenges. Regulatory compliance, application testing and compatibility, incident response and expectations around the everyday threat-du-jour. There may also be competing demands for resources, budget, or skill. That can be a hard call for many companies to make.

Despite these challenges and constraints, this data shows us that, in most cases, with a “back to basics” kind of approach customers can be more secure.

So, what can we do?

Build products and services with security in mind – from the ground up

Microsoft has to work harder to continue to make our products and services more secure – our unique responsibility in that regard is never far from our minds. But so too has the broader industry. And there is progress.
SIRv11 shows the number of vulnerabilities tracked by CVE declined ~24% when comparing the past 12 months to the year prior – a trend that has been declining since we started tracking it in 2006. Progress, but more work to be done.
See the following blog – “Science inside the SDL” – Microsoft SDL Progress Report (2004 – 2010).

Education and Best Practices

IT PROFESSIONALS – Companies need to look at educating their employees on their responsibility to security and back that up by developing and enforcing strong security policies around things like passwords.
CONSUMERS - Leverage best practices to protect your PC:

Install updates regularly

(February 2011 – Updates released for XP and Vista to make the Autorun feature more locked-down, as it is by default in Windows 7.)

Use strong passwords for security

Install and enable anti-malware software

Click links after verifying the source

Avoid downloading pirated software

Use caution with attachments and file transfers

Protect yourself from social engineering attacks

For continual development, see the following blog – Yes!, Free Computer Security and Privacy Course from Microsoft.

Improving Security. Newer Products, Better Protections

In the video below Tim Rains, Frank Simorjay and Vinny Gullotto discuss how newer products and services offer better protection.

Newer Software is Better Protection

You can better protect yourself from malicious attacks by upgrading to the latest software version available irrespective of the vendor.

SIRv11 shows that people who use Windows 7 and IE9 are significantly less likely to be the victim of an attack. It’s a simple matter of innovation. Years ago banks put big padlocks on their safes. As robbers became more advanced so too did the locks and security measures used by banks. When it comes to keeping your data safe from cyber criminals, don’t put your faith in old technology.

For example, Windows 7 and Windows Server 2008 R2, the most recently released Windows client and server versions, respectively, have the lowest infection rates of any prior operating systems. Additionally, Office 2010 proved to be the most effective at blocking exploits when compared to all prior versions.

Security and Privacy Technologies	Internet Explorer 7	Internet Explorer 8	Internet Explorer 9
Security by default	X	X	X
SmartScreen – Phishing Filter	X	X	X
SmartScreen – Antimalware protection		X	X
InPrivate Browsing		X	X
Cross-site scripting filter		X	X
SmartScreen – Application Reputation			X
Tracking Protection			X
ActiveX Filtering			X

Newer products have less computers cleaned per thousand. In fact, the latest version of Windows 7 32 bit is three times less likely to get infected than Vista and 6 times less than XP. As you can see from the chart above, IE incorporates the latest security and privacy technologies. In fact, according to NSS labs, IE9 blocked 96% of socially engineered malware worldwide. More than 7 times any other browser measured. I blogged about this earlier here – Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats.

It is important to migrate to the latest products and services to keep protected from the changing threat landscape. Download the Windows 7 Security Deep Dive Report here: Windows 7 Security Deep Dive

In conclusion, South Africa might need to look into the lessons learned from some of the least malware infected countries in the world. This information was blogged here. Implementation of the national CSIRT as one of the recommendation by the Cybersecurity policy of South Africa will bring a lot of improvement in how we can respond to this threats. While zero-days do pose a serious risk, it’s important that organizations know that the vast majority of attacks can be mitigated by following the best security practices.

→ 7 Comments

Posted in Cybercrime and Fraud, Education, Information Security

Tagged Adware, Autorun, CVE, cybercrime, cybersecurity, Exploits, Malware, MSRT, SDL, Security, SIRv11, South Africa, spambot, windows 7, worms, Zero-day

	Cybersecurity Agenda… on The beginning of a beginning …
	Cybersecurity Agenda… on Microsoft Security Intelligenc…
	Tso on Phone scams and how persistent…
	Tso on Phone scams and how persistent…
	Julie on Phone scams and how persistent…

May 2012
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

How does Our Threat Landscape looks like?

How is our IT Environment?

NRI

Piracy

How is our market?

GCR

OUR Government Agenda?

In Conclusion

By the way… this malwares cost us our bandwidth which doesn’t come cheap yet in South Africa.

Share this:

Like this:

Share this:

Like this:

What You Need to Do:

How do I remove the Conficker worm?

In Conclusion:

Share this:

Like this:

Policy Requirements

Cybersecurity Agenda

Share this:

Like this:

How it happens

What you need to know

How to protect yourself from telephone tech support scams

What to do if you already gave information to a tech support person

Share this:

Like this:

What can we do to help in this fight?

Citizen/Consumer

Government and Policymaker

Online service provider

In Conclusion

Share this:

Like this:

Cyberbullying

Investigation , Prosecution and legislation

Forensics, Protection and Prevention

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Malware detection

Protect Your Environment

So, what can we do?

Install updates regularly

(February 2011 – Updates released for XP and Vista to make the Autorun feature more locked-down, as it is by default in Windows 7.)

Use strong passwords for security

Install and enable anti-malware software

Click links after verifying the source

Avoid downloading pirated software

Use caution with attachments and file transfers

Protect yourself from social engineering attacks

Improving Security. Newer Products, Better Protections

Share this:

Like this:

Search the site

Comments

South African Government

TAG

Events

Security Categories

Follow Blog via Email

Top Clicks

Follow “Dr Khomotso Kganyago on Security”