How to keep hackers at bay

In the wake of a hacking incident involving the Kenya Defence Forces (KDF), an expert has said that Internet software should be updated frequently to avoid creating loopholes that can be exploited by hackers to infiltrate it.

There are several ways hackers can access a user’s passwords, according to John Walubengo, a lecturer at the Multimedia University of Kenya’s Faculty of Information and Technology (IT).

Key among the vulnerabilities, he said, is when the software in use is not up-to-date.

“There are Internet tools used by hackers to extract people’s passwords. This happens if the user’s software is not updated,” said Mr Walubengo.

When KDF’s Twitter account and that of its spokesperson Emmanuel Chirchir were hacked into on Sunday, the hackers — who identified themselves as belonging to the group Anonymous — started tweeting from the account, portraying the military in a bad light.

WEAK PASSWORDS

Mr Walubengo noted that weak passwords make it easy for hackers to infiltrate a user’s account, adding that a strong password ought to be acquired for every account.

“Hackers can access accounts if the passwords are weak and maybe depict people’s names. Through brute-force attack, the hackers run through a dictionary of English words and if the user’s password is a name in the English dictionary, it is cracked,” he added.

IT departments, however, have very little control when it comes to how users generate passwords.

“If someone has created a weak password, then there is nothing the IT staff can do to prevent cyber attacks on the system, thus it is upon the users to be educated on Internet security for the safety of the entire system,” said Mr Walubengo.

Another common way hackers access a user’s passwords is through social engineering, where a user clicks on a link for a promotion, say, to win merchandise.

KEYBOARD ACTIVITY

“These links open up the hardware to some viruses that the hackers use to monitor keyboard activity. Through the activities they are able to access the passwords and use them to hack into the system,” said Walubengo.

Mr Walubengo advises those who hope to secure their accounts and websites to frequently update their software, have a password that combines letters of the alphabet and numerals, not include an English word and avoid clicking on promotional links online that could harbour a virus.

The KDF Twitter infiltration was not the first time the Kenyan government had suffered a cyber attack. In 2012 an Indonesian hacker identified as Diexer took down more than 100 government websites overnight following tutorials from a security forum called Forum Code Security.

The then e-Government Directorate secretary Dr Katherine Getao told the Nation that efforts would be made to restore the websites and protect them from future attacks.

IMPLICATIONS OF ATTACKS

“From my analysis as an independent reviewer of government websites, I would say the sites are not as secure as they should be,” concluded Mr Walubengo.

The implications of such attacks for the government’s security and financial sites are dire. Hackers could gain access to sensitive military information and they could manipulate the systems to wire money to unauthorised accounts through commands issued by hackers purporting to be government officials.

With the recent move by the Jubilee government to offer most services online, there is another risk of services being unavailable to the public when such infiltration occurs to key websites that provide the services.

According to Dennis Itumbi, the Director of Digital Communication in the Office of the President, who spoke to Nation.co.ke by phone Tuesday, plans were under way to set up a central point from which all government websites would be managed.