CYBER SECURITY IN THE SOCIAL NETWORKING ERA IN TANZANIA

Sam Kamanga
Cyber Security and Computer Forensics Consultant

Contents
Cyberspace Internet Cyber Security and Cybercrime Types of Cyber threats Social Media Cyber-bullying Preventing Cybercrime Conclusion
Copyright Sam Kamanga 2012

Cyberspace
What is a Cyberspace
Cyberspace is a world wide network of computers and the equipment that connect, which by its very design is free and open to the public (the internet) Weve become increasingly reliant on the net and its being used right now to transfer everything from friendly emails to hypersensitive data. The Problem has gotten more prevalent with always on, high speed internet access. Attackers are always out there looking for that computer As long as your computer is connected to the internet, that connection can go both ways.

Copyright Sam Kamanga 2012

The Internet
Every business is connected to the Internet. Every businesss network is part of the internet. The capacity to interact with each other is a key part of their risk environment. Telco's, businesses, universities, and households are all connected in different ways. Cyber crime and cyber espionage pose increasing risk to various Nations.

Copyright Sam Kamanga 2012

The Internet Is Fundamentally Open

Facts:
We dont know whats on our own nets Whats on our nets is bad, and existing practices arent finding everything Threat is in the interior Threat is faster than the response Boundaries are irrelevant We dont know what is on our partners nets nor on the points of intersection Compromises occur despite defenses Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening
Copyright Sam Kamanga 2012

Global Internet

Why Need of Cyber Security

Cyber crimes are increasing at a very rapid pace Hackers can ;
Steal all information from a victim computer Can hack Bank Accounts and steal all the money from them Can misuse sensitive information for Terrorism or political causes. Can disrupt critical nations infrastructure

Copyright Sam Kamanga 2012

Cybercrime
Computer networks have done for criminals the same thing theyve done for legitimate computers users.
What are cybercriminals after?
Money Confidential information

Testing out some scripts

Bring-down competition Political agenda Identify weaknesses in systems for educational reasons

Theyve made the job easier and more convenient.

Copyright Sam Kamanga 2012

Cybercrime
Cyber attacks generally refer to criminal activity conducted via the internet The attacks can include stealing an organizations intellectual property, confiscating online bank accounts, creating and distributing viruses on the other computers, posting confidential business information on the internet and disrupting a countrys critical national infrastructure Fact:
Cybercrimes are costly if not quickly resolved : Cybercrimes can do serious damage to an organizations bottom line. All industries can fall victim to cybercrime

Copyright Sam Kamanga 2012

Types of Cyber Threats

Type
Cyber Warfare

Motivation
Military or political dominance

Target
Critical infrastructure, political and military assets Governments, companies, individuals Individuals, companies, governments Individuals, companies, governments Governments, Companies Innocent victims, recruiting

Method
Attack, corrupt, exploit, deny, conjoint with physical attack Advanced Persistent Threats Fraud, ID theft, extortion, Attack, Exploit Attack, Exploit

Cyber Espionage

Gain of intellectual Property and Secrets Economic gain

Cyber Crime

Cracking

Ego, personal enmity

Hacktivism Cyber Terror

Political change Political change

Attack, defacing Marketing, command and control, computer based violence

Source analysis, Dr Irv Lachov

Copyright Sam Kamanga 2012

Cyber Attacks Being Observed

Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes Data Theft and Data Manipulation Social engineering Scams
Copyright Sam Kamanga 2012

Virus Bots

Identity Theft Financial Frauds

Cyber Risks Are An Increasing Threat To Sources Of Enterprise Capability And Brand Competitiveness

Extortion

Phishing and pharming driving increased customer costs, especially for financial services sector DDOS extortion attacks National security information/export controlled information Sensitive competitive data Sensitive personal/customer data E-Business and internal administration Connections with partners Ability to operate and deliver core services

Now

Loss of intellectual property/data

Now Emerging

Potential for disruption As part of cyber conflict (i.e. Estonia) As target of cyber protest (i.e. anti-globalization) Potential accountability for misuse (i.e. botnets) Potential for data corruption

Reputational hits; legal accountability Impact operations or customers through data

Now Future

Terrorism
DDOS and poisoning attacks Focused attacks coordinated with physical attacks

Emerging

Copyright Sam Kamanga 2012

Africa Could Become The Cybercrime Capital Of The World

It is estimated that approximately 80% of computers in the African continent are already infected with viruses and other malicious software

Broadband services are opening in the continent

More users are accessing the web The number of virus and spam related cases as well as online fraudsters is in the rise

No clear ICT laws and policies in place

Mobile Phone phishing in Tanzania is common

Copyright Sam Kamanga 2012

Cybercrime Is On The Rise

Cyber Crime The computer as a target attacking the computers of others (spreading viruses is an example). The computer as a weapon using a computer to commit "traditional crime" that we see in the physical world (such as fraud or illegal activities). Cybercrime is on the rise Organizations' run on vulnerable systems Cybercrime is borderless and anonymous

High demand for services, low risk

Relative easy to conduct activities

The computer as an accessory - using a computer as a "fancy filing cabinet" to store illegal or stolen information.

Copyright Sam Kamanga 2012

Why Cyber Security Needs Special Attention?

Nowadays almost everybody is using computers, smart mobile devices

Individual persons, Business and Clients White collar criminals Hackers Terrorist organizations

There are more Cyber-criminals than law enforcers Information has become a big asset Money transactions are moving through the internet (Mobile money)

Copyright Sam Kamanga 2012

The Dilemma of Security

The problem that we cannot get away from computer security. We can only have a good Cyber security if everyone understands what Computer security means, and agrees with the need for security. Computer Security is a social problem, because it has no meaning until a person defines what it means to them. The harsh reality is the following: In practice, most users have little or no understanding of computer security. THIS IS BIGGEST SECURITY HOLE
Copyright Sam Kamanga 2012

Is your computer secure?

Social Media
As computer technology increases, social media becomes more and more of a widely used source of communication. It has become so popular that it is completely changing the way people view and respond to society, and opening up new ways for people to interact with each other. This is both a good and bad thing. Advantages being that it has given people the convenience of being able to connect with others all over the world without having to step a foot out of their homes and also the rare cases that crimes are sometimes solved through the help of a social media site. However, the problems created by these sites are much more prevalent than advantages because it gives malicious people the ability to create more danger among the millions of internet users. Information that is posted on the internet by people who believe it to only to be viewable among their friends often find that they have unintentionally shared personal facts with hundreds of people, some whom plan to use it against them.

Copyright Sam Kamanga 2012

Social Media
It is amazing how technology has sped up every process of life, from social interaction to your local public getting its news. The social media also has a way of molding the minds of people, especially the youth, to opinions presented on television and the internet. These stories are usually based on entertainment and political values. People begin to see what is popular and what the majority of people think about certain events. This can alter the way they may think of something that happens even if it wasnt their initial opinion in the first place.

Facebook has reached 900 Million global users

Copyright Sam Kamanga 2012

Facebook's Impact
A Driver for Democracy
With roughly 80% of Facebook's monthly users located outside the U.S. and Canada, it is no huge surprise that Facebook is responsible for sparking the uprisings in the Middle East at the beginning of 2011, which started in Tunisia after a man selling fruits and vegetables set himself on fire in a market. He felt humiliated when police demanded him to hand over his cart for not having a permit. His personal revolt ignited protests in Tunisia which spread to Egypt, Libya, Syria and Yemen.

Copyright Sam Kamanga 2012

Facebook's Impact
Facebook was gigantic in the Arab Spring and in every other political uprising that we have heard of in Spain and the Occupy Movement because people do not think of it as a political act. Facebook users can just update their status on Facebook and their friends see it and they are broadcasting without even knowing it. In 2009, a video showing the death of a young female Iranian protester, named Neda, shot by a government gunman gripped the world. The video went viral with the help of Facebook and other social media networks.

Copyright Sam Kamanga 2012

Employment and Social Media Networking

Although these social networking sites are intended for friends to see, a recent Microsoft survey found that 79 percent of employers use these site to evaluate potential employees. Microsoft also found that 70 percent of recruiters and hiring managers have rejected an applicant based on information they had found online. Lets say you are an employer looking over somebodys application and CV. Everything is looking good, this person seems to be qualified, they have a good CV and no runsins with the law. Now all you have to do is check their Facebook or MySpace to see how they spend their time out of the office to try to get a feel of what kind of person they are. E.g. You get to the page and look at the pictures to find that they are pictures of you at parties; drinking or using drugs. It isn't just the photos that are causing employees to make rash decisions, but also text content found on users home pages. A study conducted by Career Builder about what content caused employers to not hire candidates;

E.g. Job Candidate: Gangemasi Sempili

Study showed inappropriate photographs on social media networks or information, content about drinking or using drugs were the major causes of not employing certain people.

Copyright Sam Kamanga 2012

Cyber Bullying in Social Media Networking

Source: Mwananchi Newspaper August 2012

Copyright Sam Kamanga 2012

Social Media Websites

Composite of the logos of more than 200 social media websites

Copyright Sam Kamanga 2012

Are We Safe ?

Copyright Sam Kamanga 2012

It Is Happening

Source: Mwananchi Newspaper August 2012

Copyright Sam Kamanga 2012

Preventing Cybercrime

Copyright Sam Kamanga 2012

Conclusion
The threat on Cyber Security is real. Cyber security management requires a combined effort and collaboration between all stakeholders. As a country we need to develop relevant Policies, Legal and Regulatory. We need to build capacity in ;
Technical Legal and Policy.
Copyright Sam Kamanga 2012

Quote Of The Day

The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly paid armed guards. Even then, I wouldnt stake my life on it.
- Professor Gene Spafford

Copyright Sam Kamanga 2012

Questions

Copyright Sam Kamanga 2012

Contact Information Email: skamanga@sandatasolutions.com Tel: 0784-761167 Tel: 0715761167