The Twitter accounts of the Kenyan defence forces (@KDF ) and its spokesman Major Emmanuel Chirchir were hacked by activists more than 10 hours ago. Soon after taking over the 2 twitter accounts, the activists claimed to be the Anonymous group a loosely associated international network of activist and hacktivist entities.
— Kenya Defence Forces (@kdfinfo) July 21, 2014
However, several Kenyan Information Security experts do not think that this is the work of the Anonymous group, rather, it was organised and orchestrated by an ambitious local who felt by associating the hack wit the group, it would get more attention. That seems to have worked as all major news organisations ran with the story of an anonymous hacking.
I can tell you for free there’s nothing pointing to Anonymous on that hacked account. The culprit is very local & ambitious #InfoSec
— Ty (@tyrus_) July 21, 2014
The Kenyan Government’s Digital Strategist Dennis Itumbi confirmed that they had gotten intouch with twitter in-order to regain control of the two accounts.
— Dennis Itumbi (@OleItumbi) July 21, 2014
I spoke to Tyrus Kamau- a Cyber Security Evangelist on this incident as well as on his remarks via his twitter handle.
AfroMum: Would you speculate on how the 2 twitter accounts might have been hacked.
Tyrus: My opinion would range from the simplest to the most complex. The account could have been compromised as a result of an internal contact sharing the password with a concerned interest. It could have also been a weak password which might have been bruteforced. On the complex end of it, someone could have performed a phishing attack which could have involved a malicious link with an enticing subject on it. Once clicked, such an attack hijacks the users current session and immediately the attacker could have changed the passphrase. The possibilities are limitless but those are some of the most common attacks.
AM: According to your tweet , you don’t think this is the work of the famous Anonymous group? explain
Ty: There could be a possibility someone paid a member of the famed Anonymous group to perform the hack. Thereafter, handing over the account to a local contact to spread their message. Again this is an assumption based on point one, ie the account was actually hacked. Keep in mind even script kiddies(those who simply download tools and start hacking) want to be associated with the best. The same way terrorist groups will claim responsibility shadowing under a renowned group.
AM: Following the hacking, you have reached out to Dennis Itumbi, the Government Of Kenya’s Digital Strategist, are you able to comment on this?
Ty: Yes I did though I cannot comment on that at this stage. All I can say is it was purely at an advisory capacity to secure other Government of Kenya institutes.
AM: In the tweet below, you speculate that the next frontier for mass action will be in cyberspace, could you explain
Cyber Space; next frontier for mass action and demonstration. No GSU rungus. tear gas, running around. You can do it from bed.
— Ty (@tyrus_) July 21, 2014
Ty: In the recent Syria war, cyber warfare was used as a means to spread propaganda by Pro-Assad supporters. Seeing the power social media has brought up nations with regards to uprisings, I believe it’s only a matter of time before Kenya starts seeing a wave of such. What makes it a more attractive option is because it’s relatively difficult to track someone and also our laws are at their infancy stage to wage a successful prosecution whether within or without our borders.
AM: It has been over 10 hours since the 2 twitter accounts were hacked, and the hacker is still posting through the accounts, what would you attribute the delay in securing back the two accounts to?
Ty: First of all it you need to be aided by the social media company, Twitter. This takes hours before an approval can be made. Remember, most of the social media companies are from the west and so the laws on privacy and data protection for any user (legitimate or not) are always given priority. There has to be enough supporting evidence to the claim that the account has been hacked. Keep in mind that it’s entirely up to the users to be careful about their passwords and account details. Eventually, Twitter should be able to restore the accounts to their rightful owners but that does take time.
AM:This hack could have been prevented by the 2 step verification process provided by Twitter as mentioned by some Kenyans on Twitter, do you share the same opinion?
Ty: I totally agree. This is the lowest hanging fruit when it comes to any online account protection. It’s a combination of something you know (a password) and something you have(your phone). Even if your account is compromised, the attacker would have to know the secret code sent to your phone to login to your account. This applies to Gmail as well. These tools are provided for free and users should always make good use of them.
AM: What would be your advice to institutions, Government or other using the internet on Cyber Security.
Ty: First piece of advice is Training and Awareness. Users are always the weakest link to any system compromise. You could have the best technology in the world but one silly mistake will bring the organization down.
Two, proper cyber security posture. I have said time and again, organizations will only know their weak points by engaging someone to perform a Threat Assessment from an attackers perspective. This goes beyond your regular penetration tests and Vulnerability assessments. It encompasses impersonation, tailing of high value targets, surveillance etc. Third, Investment in Online Reputation management. Your Internet reputation isn’t about what you put online but what people say about you. It’s prudent to have someone keeping a pulse on your brand.