Cyber security no longer a fail-safe
According to the Tanzania cyber security report, the cost of cybercrime in the country is estimated at USD 85 million in 2016.
Digital attacks are becoming the norm as our work and personal lives become more saturated by technology. Simultaneously, censorship and information manipulation have taken on new forms in the digital age as online tools become more sophisticated and simpler to use. May’s edition of #HHDAR focused on tools that newsrooms, human rights activists and bloggers can use to protect their websites (and in turn their content) from digital attacks such as hacking, Distributed Denial of Service (DDoS), and hijacking. Laura Tich, Code for Africa’s Tech Evangelist and Robert Matafu of Cyber security firm Kabolik helped to demystify the world of online security for the gathering.
Unfortunately, too many Tanzanian users are unaware of the various threats they are exposed to on a daily basis. According to Robert, such exposure ranges from well-meaning conversations about sensitive data in an elevator to sharing of sensitive information on unsecured servers or visiting malicious websites using company computers. These security lapses have exposed many Tanzanian organisations to phishing and other social engineering related attacks.
According to Laura, many people aren’t aware of the type of attacks they are exposed to:
“One of the more common forms of attack is known as the man in the middle attack (MiTMA). This occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.”
MiTMA attacks serve the purpose of stealing passwords, credit card details and other confidential information.
The next most common form of online attack is referred to as phishing. In this form of attack, hackers enter a site to steal sensitive information from unsuspecting Internet users.
According to Robert, its this mode of attack that most media outlets should protect themselves against.
“Phishing allows a hacker to enter your system and manipulate your content. If you run a news site or blog then this person can implant fake news onto your publication and undermine your reputation but also land you in massive trouble for breaking media regulations.”
This was the very first time for many attendees to hear about the various types of attacks they can be exposed to. Journalist Elizabeth Tsungaraza says cyber security is still a foreign concept for many.
“The most important thing I learned today is to think of my online security in the same way I think of my home security. I think we as Tanzanians are not yet used to this idea.”
But participants were left armed with a basic understanding of various types of cyber attacks out there, as well as a few tips on how to protect themselves.
- Don’t log onto unverified public wifi-spots.
- Be careful while sharing flash drives and letting others connect their devices to yours.
- Beware of re-registration prompts even from trusted platforms such as Microsoft. You can easily tell if these are authentic by checking the URL.
- Keep your software up to date: This is critical in ensuring your site is secure.
- Use strong passwords: We all know complex passwords are best but not everyone heeds this advice. Using strong passwords is crucial in relation to your server and website admin, but it is equally as important to insist users follow good practice in forming passwords in order to maintain the security of their accounts.
- This can be done using website security tools, and is often referred to as penetration testing.
Would your newsroom like help with Digital Security?
ANCIR is offering a helpline, technical resources, and sharing best-practices with newsrooms and human rights activists for FREE. If you’d like to get access to these and more, sign up here to be considered for our digital security support.
The African Network of Centers for Investigative Reporting (ANCIR) is an association of the continent’s best investigative newsrooms, ranging from large traditional media to small specialist units.
ANCIR works to strengthen African investigative journalism by improving the techniques, expertise, the tools used in muckraking newsrooms. This includes providing member newsrooms with the world’s best encryption and semantic analysis technologies, to forensic research support (through the Investigative Dashboard), legal services, and seed grants for cross-border collaboration.
ANCIR is incubated by and receives technical support from Code for Africa.
The worlds of hackers and journalists are coming together, as reporting goes digital and Internet companies become media empires.
Journalists call themselves “hacks,” someone who can churn out words in any situation. Hackers use the digital equivalent of duct tape to whip out code.
Hacker-journalists try and bridge the two worlds. Hacks/Hackers Africa aims to bring all these people together — those who are working to help people make sense of our world. It’s for hackers exploring technologies to filter and visualize information, and for journalists who use technology to find and tell stories. In the age of information overload and collapse of traditional business models for legacy media, their work has become even more crucial.
Code for Africa, is the continent’s largest #OpenData and civic technology initiative, recognises this and is spearheading the establishment of a network of HacksHackers chapters across Africa to help bring together pioneers for collaborative projects and new ventures.