Tuesday, May 7, 2013

Taste of Cyber Crime in Developing Nations - The Ugandan Version


Developing nations tasting cyber crime – the Ugandan Version
During the online classes on cyber security at Diplo Foundation a lot was discussed about cyber security and cyber crime. At that time most of the discussion points seemed alien to some of us from developing countries, sorry my country Uganda is not a developing nation but an underdeveloped country with out a cyber security team in police, no CERT teams whatsoever in the nation and a very naive society as regards cyber security. Most of the points of discussion were theories in Uganda, with some formulated guidelines but nothing practical done. Whenever it came to practical examples as regards cyber security, I always had to borrow some from Kenya, our eastern Neighbour.
In just a flash of time, here we are talking about the practicability of cyber security and having life scaring occurrences of cyber crime. A 26 year old girl was kidnapped and whisked away by unknown individuals because of a promised cup of coffee from a facebook chat. People have lost thousands of dollars to unknown individuals who use legitimate email accounts of friends portraying a dangerous situation a friend is going through thus soliciting for funds. Mobile Money, a Mobile cellular service for transfer of money in Uganda, being used to cheat non-suspecting individuals and many more stories that come in a form of 'too good to be true' wins.
The ICT society in Uganda, I should say, has always ignored most of the cyber crime scenarios not because they were petty but because few involved risk to life. A day when a story about the disappearance of a girl come to media, most of the ICT discussion forums developed ideas on how ICT can be used to or otherwise find solution to the rampant cyber crimes in the country and to the suprise of many of us, almost all people had knowledge of the other cyber crimes.
A lot has been said but as members suggested the Uganda police as a centre for solution development. The naked truth which actually hurts came to surface about this point. The national ICT Infrastructure doesn't have systems whatsoever to fight cyber crime. The Police at this time of the day, which is supposed to be spearheading the initiatives for cyber security is still planning on training a critical mass of specialists in cyber security. The Ministry of ICT, that is supposed to think about a National CERT has some thing on paper but nothing physical. It was further discovered that as regards the ministry of finance's commitment towards development of ICTs in the Country through the budgetary allocations, it is still hard for a national body to think about Computer Emergency Response Teams and investments in Cyber security, besides, it has no direct inflows for the country.
In the absence of funds and technical capacity by government and cooperate bodies to fight cyber crime, what are we left for? Should Uganda become a fertile land for cyber crime? Should all cyber criminals relocate to underdeveloped nations like Uganda? The answer is No, and a Big No.
Uganda through education and sensitization can fight cyber crime. As Michelle Rhee
said that the most sustainable way of fighting poverty is through education, I also say that the most sustainable way and method for fighting cyber crime is through education and sensitization of the general mass. We only need to make cyber crime the least profitable business, and trust me, no one will be willing to invest in it. We can only make it least profitable by minimising the would be clientèle. Which is only done through sensitization of the general population to detect and avoid cyber crime.
I would at this moment want to quote one of the contributors; “In times past, mothers and aunties taught their pre-pubescent daughters not go to the well alone, or talk to strangers on the way there. Have the reasons for these admonitions been erased by the coming of modernity?” Literally meaning that in Africa we have always had our own ways of averting normal crime by staying away from possible crime or its source, possibly through taking strangers by caution. This is no longer the way we behave. The y-generation has this power 'to find out', even when the finding involves going through a populated Den. May be if we also revisited our African methods of parenting and applied some of the principles not the methods directly however, some of these cyber crimes will be avoided.
I finally smell, at the end of the day, the solution to cyber crime, particularly the one that targets us common individuals is not technology but vigilance and being on a look out of any abnormal occurrences.
Did I make my point noticeable? I am not sure but I believe other people have some techniques of helping out our naïve society as regards this fresh problem.

Thursday, February 14, 2013

The Internet and the way we find love


When studying computer and collaborative education back then in high school, we used to mention a number of advantages and benefits of the Internet but there was this advantage that, I come to see today, we never used to mention. I am not sure whether the Internet was not yet developed enough to be considered as a means for online dating or we were not mature enough to be given that information.
Yesterday being a 14th of February, a day when some people who celebrate love only once in a year, were expressing love to their loved ones, I got to think about the effects of Internet in the way we express our love. Today some people don't even have the time to make calls, deliver physical gifts but an Internet message suffices. It further goes on how we set out to find this love. How do we get our loved one?
It is with no doubt that some people have found their loved one through the Internet, a phenomenon called Internet dating. Does it really work, is it worth considering as regards serious relationships?
As people call it gambling, some give it the credit of gambling with no down side. With out denial, some people have been lucky enough to find their life partners, loved ones through online dating.
In our traditional under developed nations, it is a thing reserved for the developed nations. I am not sure whether it is because of moral 'reservedness' or Internet penetration hindrances that have maintained this status but it is a matter of serious consideration.
The Internet to some critics, is a factor that has developed this high degrees of laziness and it goes with out query that this factor has also eaten into the way we date today. Our generation is characterised with the need to automate every thing to an extent of going behind a computer screen to find love. Either we are not bold enough or confident enough to present our selves to the prospective lovers, it still shows the power of the Internet.
Caution however has to be exercised as the same Internet we praise can be the mother of disaster. We have heard of men who meet men instead of ladies because of Internet dating, people who go for their first date with the Internet match only to find them selves loosing all their belongings. In the name of love we might meet all sorts of people with vast intentions. The Internet is a collection of all sorts of people with good and bad plans, people who want to use every opportunity to earn a living because of the freedom of expression and anonymity. It is against that background that we have to take due consideration before we jump into this automated love searching.
As I move out to deliver a flower (physical natural flower by the way) to some one, I want us to reflect on the matter of online dating. Whether it really works. Is it where the world is moving in search for love? Will our traditional beliefs in love and relationships die out as we experience higher and better Internet penetrations?

Thursday, January 3, 2013

Removing and ommiting commands from bash command history


You have possibly worked on a linux/unix server and you possibly don't want the security auditor, subordinates, manager, workmate to know what you have been working on. Chances are high that the first place people will go to in case they want to know what you have been doing on a server is the command history.
Many servers now days are using /bin/bash as the default shell and as a default this shell keeps history of all commands run. How then can one make sure that the command run are not recorded in the command history located at ~/.bash_history ?
This is something I have tested with ma system and it works pretty well.

Assumptions:
My command prompt is indicated by the '$' and it is also assumed that you are not a super user on the computer.

First I need to disable bash from caching and recording ma commands.
$ set +o history
When bash cannot record your command history, the last command that you have run at all times is the set command but it will raise question to those who understand it. They will know that you set off command history and possibly you run other commands there after. I then have to remove it from the history it's self.
I shall need to know which history ID it is taking by running
$ history
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
757 set +o history
From the output it is seen that command 'set +o history' took position (ID) 757
I can then remove it from the history
$ history -d757
When I run history again you will realise that 'set +o history' is not listed any more.
$ history
751 fmt -w 10 odlove.txt
752 fmt -w 58 odlove.txt
753 man fmt
754 clear
755 cd ~
756 where
I can now run all the commands I want to run in the dark and they will never be brought to light at any one moment.
You have to remember to turn on history because it's absence can also raise questions.
$ set -o history
The system will never at anyone moment ever show that the commands I run in the dark have even ever been executed.
Make sure that in the command history there is no command that is related to history cause it can be enough to show that you know about hiding commands and manipulating the command history.

This method is good in case you are training and doing work on systems that are very sensitive but dangerous for security audits and also a bad habbit.

Stay blessed as you cheat systems.

Tuesday, October 9, 2012

Are we independent??


Every one watching the local Television stations will bear with me that every one has been notified about 9th October 2012. The city (Kampala) has been repainted with the national colours. Waking up one of the mornings, I found every media house talking about 'Ug @ 50' which amplified my thinking about the whole saga.
True, Uganda as a nation, the national flag, the national anthem and the national court of arms and a few Ugandans are making 50 years come 09th October 2012. however, one wonders whether we are really 50 years of age.
With over 7.5million people below the poverty line, it keeps me wondering what we have been doing for the last 50 years. Have we been walking ahead, backwards, or standing? Many people and many more are going to bed (if they have one) with out a meal. This is worsened by the increasing diseases. There are many diseases that kill people and yet these diseases could have been dealt with. In this current time and age, why should some one die of Malaria? Why should some one have polio? At 50 years these are some of the things we should be reading about in the historical books.
With a nearly one out of every five children in a country not educated, it is truly alarming if you are still celebrating 50 years of independence. This figure is even worse when it gets to girls in rural areas who have to leave school for early marriages and because the parents cannot afford the very little asked at school.
Uganda is among the countries with alarming rates of child mortality. The life-expectancy at birth is particularly low. It still goes with out saying the life-expectancy of the country is below 60 years. Life is not a guarantee in Uganda, yet we are independent.
With the national Unemployment standing at 80% and under employment at 17%, I still wonder whether independence was to benefit us or to hurt us. It is a level in time where we should be comparing parameters back in time and smile but the reverse is true for the employment sector. With the increasing graduations in the different tertiary institutions, this percentage can only grow.
A country that boosts of an agricultural economy, to find people dying of hunger is a laughable issue. You would expect a lot many problems in undeveloped nations that are agricultural but not hunger. Here you are, you are too lucky a person that U will find both in Uganda that plans to celebrate a golden independence jubilee.
Some of the good infrastructure we are proud of were developed in the per-colonial times with little or no development added to them. The country boost of the worst infrastructure with the few developments done by funders like World bank and the European Union, etc. With over 70% of the population not on the national power grid, and less than 10% of the road network tarmacked, I don't see whether we are 50 years of age.
Right now, we are talking about the information age, where the Internet is the major driver of every thing, including development. Many countries even the ones we think we are older than are far better than us when it comes to this. If you took a look at the population, very few people can surf around the Internet, leave alone use it for their work. With the poor infrastructure, and poor governance, no one ever expects to see an Internet penetration close to 100% even by Ug@1000, in the next
50 years.
Independence is the ability of a person or state to stand with out interference of support from any one. The support can be financial, in-kind support, or political. Now that we are still making deficit budgets with financial donations still showing up on our budgets, are we independent yet?
The 1962 function has been defined as a process in which the white man handed over the colonial powers to other black colonial masters. Uganda transferred it's colonial masters from white to black. The bad story is that the blacks who took over this power where inhuman, never cared and worse than then whites.
The major reasons all these problems have been hitting on the same nation is because of poor governance and corruption. Uganda is among the very few countries that condone the worst act of corruption. No wonder the country has no functional water system, railway system, health system, Road system and every thing is rub by propaganda. Uganda is also infected with a problem of leaders who don't know how to set priorities. How can a third world country equip it's self with the state of art military machinery as if it were a world super power preparing for war, or a security company ready to be hired for war and the benefits could help the citizens?
Someone has ever asked me why Kenya, Singapore and the likes are too far developed yet we are more endowed as far as resources are concerned and we were even better than then in terms of development way back in 1962? What went wrong? Who cursed us?
If it came to enlisting the status of Uganda, I don't think I cannot stop but that's not what brought me today. What I wanted us to look at today is,; As we celebrate 50 years of independence, we need to establish what has been reached at, and what has been missed. For what has been reached at, we need to find strategies of how to consolidate on them and use them to find what has eluded us.
So my Question still stands; with all the unreached population, with public services, should we go ahead and spend that so many million dollars on one day of Golden celebrations?


REFERENCES:


Saturday, October 6, 2012

Our Online Safety and Privacy-What can we do to maintain it?


Even in the developing nations, Internet is respected as an enabler. No doubt about this as more and more people are using Internet to go about business. Statements have come out predicting that by the year 2022, Internet will be a 'must' of life. In the same line the UN is moving to make broadband access a human right. It is with no doubt now that Internet is moving to rule our lives, in education, medicines, communications (emails and so on), banking, society (through social media like Facebook, Twitter, etc) and generally in the way we live our lives.
As we move around the Internet, we often find problems, either people with bad intentions or our poor enlightenment which might end up being costly to us. The problems on the Internet might include, although not limited to:
a) Cyberstalking: Cyberstalking is a technologically-based “attack” on one person who has been targeted specifically for that attack for reasons of anger, revenge or control. Cyberstalking can take many forms, including embarrassment, accusations, monitoring, making threats, harassment or gathering information in order to harass and humiliate the victim.
b) Identity Theft: Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, Email Address credentials, or credit card number, without your permission, to commit fraud or other crimes.
c) Spam and Unsolicited communications1: Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. The hidden dangers of spam is that; Eight out of ten spam emails contain covert tracking codes that enable the sender to record and log recipients' email addresses as soon as a message is opened.
d) Hackers: A hacker is someone who finds weaknesses in a computer or computer network, though the term can also refer to someone with an advanced understanding of computers and computer networks. The dangers of Hackers range from petty theft of little information from your computer to state sponsored crimes like state attacks. Hackers can at times be taken under identity theft or vise versa.
e) Con-men and Scammers: These are people who tell stories that are too good to be true in a way of winning your heart with intentions of stealing from you. They are too common on the Internet mainly through email and other social networks now days. They will either exploit your wish to make quick money or your sympathetic heart to cheat you.
The different harmful people and activities cannot be enlisted and finished in this paper but they are many and we are assured, they are going to increase as Internet develops.

What should be done?
Just like in any security related scenario, your best way out is your defense and your defense is your curiosity and keenness.
1) When on the Internet, don't click on links you are not sure of. Some of these links can install Malware on to the computer. Malware is short for malicious Software which has a potential to gathering sensitive information or gain access to private computer systems. It could be a virus, worm, Trojan, spyware or Adware. There are many tempting links on the Internet which will entice your eyes and these are well designed to force your hand into clicking. Don't touch them unless they are linking to a website or program you know and intend to use.
2) In addition to suspicious links on the Internet, a number of suspicious softwares are given to us to install on our computers. Some of these softwares are used as back doors into our computers by hackers. Only install programs that you know their use and source. Things like 'Updates are available for installation' will drag you into thinking that the updates or softwares are legitimate yet they are dangerous. In addition to suspicious links, don't allow browser pop ups. Pop ups are web browser display windows that suddenly appear in your active display window intended to attract web traffic or capture email addresses. If you are not knowledgeable enough about some thing, it is advisable to ask those who you think know.
3) Filling online forms: In a number of times we are presented with online forms to fill. These forms have spaces of email address, contact address and passwords. You find people providing their true email addresses, with at times their passwords. If you asked these people why they fill such forms, you will be baffled by their response(s). Some will tell you that they thought it was a requirement to access the web page, and so many others. The trick here is, never to fill forms unless you know what it is meant for and unless you have requested for the form. These forms are used for information gathering, a very popular trick in spamming.
4) Use strong Passwords and protect your password jealously. There are programs out there that test usernames and passwords into applications and passwords that appear in the dictionary, simple alphanumerical characters like 'paul123' don't need more than an hour to be cracked. Online applications today enforce strong password cultures although some are still backwards as regards this. A strong password should at least contain a Cap, Numeral, and an Alphabetic letter with more than six characters. Passwords with special characters like '@,#,$,%,^,&,*,' etc are the hardest to crack. As part of good password cultures, we are encouraged to always change our passwords periodically (year). Remember to make a password strong, hard to crack but simple to remember. Avoid bad habits of writing passwords on papers because they are too hard to remember.
5) Password memory and Full time log in. Many applications, have options of 'Leave me logged in' and 'Remember my ID and password'. Although these are good for speedy web-browsing and password memory since we have many to remember, they are very dangerous habits. At times people use them on public computer for example computers of friends, Internet cafe computers and school or university computers. With these options, we are only weakening the work of Hackers and identity thieves. Make sure these 'check boxes’ are not ticked before clicking the login button. As a policy, always remember to logout your account after use. If in a cafe, use the last five minutes to logout your accounts. When the cafe session screen appears on the monitor, it doesn't mean that your accounts are logged out; it only means you cannot access your accounts. If someone activates the session, it will continue with your account.
6) Clear Cookies in your web browser as often as possible. A cookie is a small piece of data sent from a website and stored in a user's web-browser while a user is browsing a website. When the user browses the same website the date stored in the cookie can be retrieved by the website to notify the website of the users' previous activities. Cookies wouldn't have been dangerous if other dangerous people never looked for them from our computers and used them for their purposes like marketing, login information gathering etc. As you move around the Internet you click on many things, these things you click on depict your likes, and dislikes. If this information is stored on the computer in the browser, it is almost available to all the people on the Internet, that is, if they want it. The security or defense is to remove it very often. Most web-browser cookies can be cleared under the 'Tools' menu and 'Clear recent history' or specifically you can look for help in different browsers.
7) Desist from the habit of sending (forwarding) spam. We have already talked about spam in the previous paragraphs and its dangers. Spam propagation is a hard part for those in the business and the best way to reducing running costs is through every day people, people we trust. We often receive mails that ask as to resend or something will happen, mails that are meant to educate us about some thing but force use to forward them as they are. Chances are high, these mails have background code and this code is being executed every time the mail is opened. You and me as naive users, the best work we can do for the SPAM companies is by propagating this spam.
8) Where possible use secure web browsing. Normal web-browsing is done through http (hyper text transfer protocol) and this is the most common mode of web-browsing. Now days, a number of websites are provided over both http and https. The 's' at the end of https stands for secure. It thus means that browsing over https is a little more secure and it provides a little more secure environment for business transactions. If a website offers both https and http, please choose https.
9) Have an updated Anti-virus, Firewall, Anti-Spyware, Anti-Adware and Anti-Malware program on your computer for those that use them. For all the problems we have talked about, some of these applications can be of use. Although some of these programs are costly, intended to attract web traffic or capture email addresses the cost is not equal to what you would loose if any of the problems mentioned above ever happened to you. Now days all these applications can be sold in single software and many software (Anti-virus) companies are combining them in one package, making work easier.

Finally but not least, we need to pay attention to all that the computer tells us through warning messages and where possible ask if you are not sure. At times the notifications on the computer are misleading and yet at time they are critically informative. It is through reading, experience and inquiry that you can know which one is misleading and which one is safe. As we have seen, it is not any ones work to have our privacy and security on the Internet but our own. Those days, it used to the work of IT support officers and security engineers to ensure our security on Internet, but things have changed. We deal with the Internet more closely, more frequently and more personally that the IT teams are no longer fully responsible for our security. I therefore call upon you all to educate those around you and take these few skills and others you might have into action to minimise losses and pain on the Internet as we strive to have a healthier and cleaner Internet with no crime.
1 http://www.information-age.com/articles/295441/the-hidden-danger-of-spam.thtml
 

Friday, August 3, 2012

Internet penetration and Reading culture in Developing countries


It has always been stated that the best way to hide information from an African is by writing it. Africans are well known for the poorest reading habits. Every motivational talk I have attended, has had to mention reading as the best way to redeem Africa. Reading, on a number of cases has been sought after as the best way to run away from the cyclic cycle of poverty affecting the developing countries. Finding the number of people in Africa who can read a book and complete it is a tricky task. Many people have always blamed this problem (poor reading) to limited availability of reading materials. Most of the materials are for sale, at prices most people would not want to reserve for reading purposes.
With the invent of web 2.0, more information has been readily availed for almost all people who can access even the slowest Internet. The past five years have seen most of the African countries more than double their Internet Penetration numbers1. Internet has become cheaper, and more available on the move.
There are no concrete numbers on our reading habits and the increasing availability of Internet but many people are arguing that it is not the absence of what to read that created this bad reading habit, but the culture. A lot of information is available in the print media, either free of charge to access but not all is read.
Recently, on one of the discussion forums2, (I-network) we discussed how government was looking at facilitating Members of Parliament (MPs) with laptops, smart phones (actually Ipads) to have more access to discussion documents while in house or any where because some MPs complained that the printed reports are just bulky. It however was deduced that this will not change the reading habits of the house. MPs will continue coming to the floor with out information about the discussion topic.
With the advent of web 2.0 Internet, Internet use and reading has increased but what is discussed is fun, jokes, obnoxious news and some few quotes. Social networks are now responsible for over 28% of Internet Penetration in Africa3. It is very hard to find some one reading and linking other friends to some piece of good reading material if it is developmental. If some one does share material, very few people will follow it, but let it be a joke, nude pictures, music and name it in that line, the followers will be in millions.
Can some one comfortably state that developing countries where cursed when it comes to reading and nothing will ever change the trends? Do you think the higher Internet penetration will ultimately change the course with time? How can we use this almost free resource (Internet) to advance our reading culture as we know reading is knowledge and knowledge is wealth; a better way to move away from the enslavement of poverty.

REF:
 
1http://royal.pingdom.com/2012/04/19/world-internet-population-has-doubled-in-the-last-5-years/
2http://next.dgroups.org/iicd/i-network/
3http://www.internetworldstats.com/stats1.htm

Sunday, July 22, 2012

Internet bundling and it's effects to Internet penetration in developing countries


Internet bundling and it's effects to Internet penetration in developing countries
East Africa being a community of developing countries, has been blessed with the appearance of three submarine cables* at the East African coast. Coming from satellite Internet which is known to have a minimum round trip time of 500ms to optic fibre Internet which reduces the round trip time to even less than 10ms, every thing in Internet speeds and Internet bandwidth has increased at the coast and in the inlands of the East African community. More Internet can be accessed on the move (mobile Internet), more people are becoming abreast with the Internet and the different terminologies, more Internet service providers, more content is being developed and more innovations are coming up in the world of Internet. If all that is not enough, many countries have developed Internet Exchange Points (IXPs) which help in reducing the time to access local content and also develop the capacity of local content creation. The case here in Uganda is the Uganda Internet Exchange Point (UIXP). When Uganda only had satellite ISPs (Internet Service Providers), Internet was expensive, slow, and limited the access to some websites like torrent sites. Although with the increasing number of ISPs, most of these limitations have been done with, but a new innovation has been noticed. Those days, Internet was sold in the whole, meaning you paid for a service and it did not matter how you used the service. These days, even after paying for the service, there is a limit to how much of the data you can download and upload in a particular period of time. This phenomenal is referred to as data capping or data bundling in Internet terminologies.
How has Internet Bundling affected Internet usage?
With the advent of social networks and the entire web 2.0, a lot of content is available, more people are living life on the Internet and more people are joining the Internet. As more demand for the Internet grows, the supply seems to be constrained which leaves people demanding for more. Those who cannot afford the bundles are left to access Internet in corporate offices, Internet cafes and friends computers where possible. This leaves this type of population with out service. Some people still believe that once they have paid some money to the ISPs, they should be let to use the Internet freely with out boundaries. They further assert that, it is because of these boundaries that innovations and some initiatives are limited as some content will require more bundles than other content, which brings in the topic of net neutrality. There are questions like, who uses the unused bundles at the end of the month? Why should ISPs buy unlimited Internet and resell limited Internet? This school of thought therefore confirms that if Internet bundling is stopped, East Africa will even realise deeper Internet penetration.

From the other side of the corridor, is a group of people who believe that it is because of these bundles and these limitations that we can even enjoy the speeds we are talking about. Although there is more capacity available at the coast due to the optical fibres, the ISPs are let trunk space which is a resource. This resource will be unusable by a good part of society if not well managed. If we allow a group of people to clog and monopolise it with some 'capacity-eating' content, other people will not be able to use it yet they have paid for the service. This introduces a topic of fair user policy. It is upon this argument that ISPs limit on how much someone can download and upload even after paying for a monthly subscription. People in finance also believe if it was not for data capping, Internet wouldn't be a good business to invest in. Because of this bundling business, ISPs can be able to sell more and more bundles and accumulate some profits. Some one has once told me that if it was not for data bundling, it would be hard for people with low income to even afford that small Internet. When Internet is bundled, every one is allowed to buy a portion depending on what he wants and what he can afford. Since we are a majority of low income earners, the only way we can access Internet is by buying small affordable bundles.
Each side of the corridor has more points to put across as regards this topic but these are the fundamental basics. It is upon these basics that I would wish to engage you (my reader). Do you think bundling of Internet has hampered the speed and depth of Internet penetration in developing nations? Would the situation be better without bundling?
Your Opinion is much appreciated.
*Seacom, TEAMs and EASSy