KDF’s Twitter account and that of its spokesperson Emmanuel Chirchir were hacked into on July 20, 2014.
There
are several ways hackers can access a user’s passwords, according to
John Walubengo, a lecturer at the Multimedia University of Kenya’s
Faculty of Information and Technology (IT).
“There
are Internet tools used by hackers to extract people’s passwords. This
happens if the user’s software is not updated,” said Mr Walubengo.
When
KDF’s Twitter account and that of its spokesperson Emmanuel Chirchir
were hacked into on Sunday, the hackers — who identified themselves as
belonging to the group Anonymous — started tweeting from the account,
portraying the military in a bad light.
WEAK PASSWORDS
Mr
Walubengo noted that weak passwords make it easy for hackers to
infiltrate a user’s account, adding that a strong password ought to be
acquired for every account.
“Hackers can access
accounts if the passwords are weak and maybe depict people’s names.
Through brute-force attack, the hackers run through a dictionary of
English words and if the user’s password is a name in the English
dictionary, it is cracked,” he added.
IT departments, however, have very little control when it comes to how users generate passwords.
“If
someone has created a weak password, then there is nothing the IT staff
can do to prevent cyber attacks on the system, thus it is upon the
users to be educated on Internet security for the safety of the entire
system,” said Mr Walubengo.
Another common way hackers
access a user’s passwords is through social engineering, where a user
clicks on a link for a promotion, say, to win merchandise.
KEYBOARD ACTIVITY
“These
links open up the hardware to some viruses that the hackers use to
monitor keyboard activity. Through the activities they are able to
access the passwords and use them to hack into the system,” said
Walubengo.
Mr Walubengo advises those who hope to
secure their accounts and websites to frequently update their software,
have a password that combines letters of the alphabet and numerals, not
include an English word and avoid clicking on promotional links online
that could harbour a virus.
The KDF Twitter
infiltration was not the first time the Kenyan government had suffered a
cyber attack. In 2012 an Indonesian hacker identified as Diexer took
down more than 100 government websites overnight following tutorials
from a security forum called Forum Code Security.
The then e-Government Directorate secretary Dr Katherine Getao told the Nation that efforts would be made to restore the websites and protect them from future attacks.
IMPLICATIONS OF ATTACKS
“From
my analysis as an independent reviewer of government websites, I would
say the sites are not as secure as they should be,” concluded Mr
Walubengo.
The implications of such attacks for the
government’s security and financial sites are dire. Hackers could gain
access to sensitive military information and they could manipulate the
systems to wire money to unauthorised accounts through commands issued
by hackers purporting to be government officials.
With
the recent move by the Jubilee government to offer most services online,
there is another risk of services being unavailable to the public when
such infiltration occurs to key websites that provide the services.
According
to Dennis Itumbi, the Director of Digital Communication in the Office
of the President, who spoke to Nation.co.ke by phone Tuesday, plans were
under way to set up a central point from which all government websites
would be managed.
No comments :
Post a Comment