ICT ministers reiterate need for Africa to be involved in cyber security 0 1237

ICT ministers reiterate need for Africa to be actively involved in cyber-security, cybercrime

On Thursday 23rd November, African Ministers of Communication and Information Technologies gathered in Addis Ababa for their second ordinary session of the Specialized Technical Committee on Communication and ICT (STC CICT-2) to discuss and make decisions regarding continental and regional programmes that impact Africans in the communications and ICT sectors.

The Ministerial Conference was officially opened by Mr Cheikh Bedda, Director, Infrastructure and Energy Department, on behalf of the Commissioner, Dr. Amani Abou-Zeid Commissioner for Infrastructure and Energy of the African Union, under the chairmanship of Honorable H.E. Mr Modibo Arouna Touré, Minister of Digital Economy and Communication of the Republic of Mali.

Mr Bedda emphasized “The AU Commission strongly believes that the building of Africa’s information society requires a secure and safe Cyber space, an appropriate infrastructure and efficient coordination and adequate harmonized legal and regulatory frameworks”. He went on to mention that “The AU Commission developed a Convention on Cyber legislation for the continent that adheres to the legal and regulatory requirements on electronic transactions, cyber security, and personal data protection. The Convention was adopted by AU Assembly in June 2014,”

The main topics discussed in this conference centered around the evolution of the information society in Africa and its ongoing digital transformation, namely: the intra Africa connectivity; access to broadband Internet; delivery of digital services and digital literacy of the African citizens.

“The Governance of the Internet is a concern to all of us because it is in the heart of economic, political, geopolitical stakes at the national level. For this particular reason it becomes imperative for Africa to become actively involved in the dynamics of Internet Governance, Cybersecurity, and Cybercrime” – Minister Modibo Arouna Touré, Chair of the STC on Communication and ICT

 

The meeting elected the following Members to the Bureau of the CCICT-2 for the next 2 years:

  • Eastern Africa: Ethiopia- Chair of the Bureau;
  • Central Africa: Congo- 1st Vice Chair of the Bureau;
  • Northern Africa: Tunisia- 2nd Vice Chair of the Bureau;
  • Southern Africa: South Africa- 3rd Vice Chair of the Bureau;
  • Western Africa: Ghana- Rapporteur of the Bureau

This second 2017 ordinary session of the Specialized Technical Committee (STC) on Communication and ICT ended on Friday November 24, 2017.

 

Previous ArticleNext Article

Time to change your Twitter password 0 623

Twitter Password

An internal bug exposed the passwords of an undisclosed number of the more than 330 million Twitter users.

Twitter CTO Parag Agrawal announced that it was a “bug that stored passwords unmasked in an internal log”. He went on to state “we have fixed the bug and our investigation shows no indication of breach or misuse”.

The Social Media platform are insisting that there is no sign of danger and that there is no reason to believe that the passwords were exposed outside of the organisation. However, they are still advising users to change their Twitter passwords and those of any other online service using the same password.

Some additional password tips from Twitter include enabling two-factor authentication and also using a password manager to create a strong and unique password for every individual online service.

Approximately US $150,000 worth of Ethereum-based cryptocurrency stolen 0 700

Online cryptocurrency website MyEtherWallet.com has confirmed that some visitors could have been temporarily redirected to a phishing site designed to steal users’ credentials and – ultimately – empty their cryptocurrency wallets.

According to reports, whoever was behind the attack may have successfully stolen approximately US $152,000 worth of Ethereum-based cryptocurrency.

However,  MyEtherWallet may not have been at fault, as the website explained in its statement:

“This is not due to a lack of security on the [MyEtherWallet] platform. It is due to hackers finding vulnerabilities in public facing DNS servers.”

British security researcher Kevin Beaumont confirms in a blog post that some of MyEtherWallet’s traffic had been redirected to a server based in Russia after traffic intended for Amazon’s DNS resolvers was pointed to a server hosted in Chicago by Equinix.

For the scheme to succeed, someone pulled off a hijack of a crucial component of the internet known as Border Gateway Protocol (BGP), to reroute traffic intended for Amazon’s Route 53 DNS service to the server in Chicago. As a consequence, for some users, entering myetherwallet.com into their browser did not take them to the genuine site but instead to a server at an IP address chosen by the hackers.

The only obvious clue that a typical user might have spotted was that when they visited the fake MyEtherWallet site they would have seen an error message telling them that the site was using an untrustworthy SSL certificate.

It seems that the attackers made a mistake in not obtaining a valid SSL certificate.

Despite the error with their SSL certificate, the hackers haven’t done badly for themselves – both in this attack and in the past. Fascinatingly, the bogus MyEtherWallet website set up by the criminals was moving stolen cryptocurrency into a wallet which already contained some US $27 million worth of assets. Inevitably that raises questions of its own – have the hackers already made a substantial fortune through other attacks, or might their activities be supported by a nation state?

In a statement Equinix confirmed that a customer’s equipment at its Chicago data center was used in the hackers’ hijacking of Amazon’s Route 53 DNS service:

“The server used in this incident was not an Equinix server but rather customer equipment deployed at one of our Chicago IBX data centers… We generally do not have visibility or control over what our customers – or customers of our customers – do with their equipment.”

Amazon however, do not find the blame to lie on themselves, communicating the following statement:

“Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”

Some advice from award winning security blogger, researcher and speaker, Graham Cluley – avoid putting your cryptocurrency wallet online, keep them off your smartphone or computer and perhaps instead invest in a hardware wallet.