This year the Africa Internet Summit was held in Kampala, Uganda. I could not be physically present as I had to fly urgently to Johannesburg for both personal and business reasons. For those, who are not aware of the Africa Internet Summit AIS’19, it is an event initiated by the ISOC and Afrinic organizations to discuss policy and tech happening in the big Africa continent. There were also few presentations about networking and tech by ISOC, ICANN, Dot Africa TLD, etc. Jeremy Daniel (Cyberstorm.mu) and Loganaden Velvindron (AfriNIC) were present there to lead the hackathon on NTP, and well as a presentation by Loganaden Velvindron who spoken on, QUIC (Quick UDP Internet Connections) which is a new encrypted-by-default Internet transport protocol, that provides a number of improvements designed to accelerate HTTP traffic as well as make it more secure, with the intended goal of eventually replacing TCP and TLS on the web.
As I could not be physically present, I registered myself to attend remotely. The streaming was amazing and worked pretty fine for me with really little major networking issues. The hackathon was lead by the cyberstorm.mu team. I remember last year during the Africa Internet Summit 2018, I was there leading for the NTP hackathon.
Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)
NTS measures are to enable NTP entities to cryptographically identify their communication partner, to ensure authenticity and integrity of exchanged time synchronization packets, and to provide replay protection.
There were also one of the most interesting parts that are policy discussion in the Africa region. The online streaming was very good with little connectivity problems noted. I’m glad about the NTP hackathon which was led by the cyberstorm.mu team. There were also other tracks such as IPwave, IPv6, DNS, etc. More information is also available on the official AIS wiki page. There is also another French article on ict.io as well as an English article from the Internet Society which covers the AIS hackathon.
We are for free and opensource software. We are presenting Mauritius worldwide in the IT sector. We are a Linux and Open source group which is going further and beyond. We believe in collaborative work and team spirit. We believed in running codes. We strived for excellence. We have contributed codes in several popular applications. We have worked on Internet-Drafts. We participate heavily in Hackathons.
The next step of cyberstorm.mu is championing several tracks for the IETF 103 hackathon remotely at Bangkok, Thailand. We have been welcomed by many people both from Mauritius and overseas, even from Silicon Valley, USA. No wonder, our past achievements is now a new step to reach today’s objectives – To focus heavily on research and development. Loganaden Velvindron from cyberstorm.mu mentioned on his Medium blog about the change cyberstorm.mu want to achieve: “The namecyberstorm.mu is an interesting one. It’s about change coming. Don’t get me wrong: I still love hacking. For me, hacking is about finding clever solutions to problems.” The youngest guy from the team is also going to participate in the IETF 103 hackathon.
If you think about the number of attacks on the rise in the world, statistics and figures would prove you all. For example, if you think about preventing attacks such as Man-in-the-Middle attacks, guidance in implementing the right TLS Protocol, formerly called SSL is important. TLS is the security protocol that underlies the web. Passive attacks such as tapping – Monitoring of unencrypted communications, Encryption – Intercepting encrypted information flows, Scanning – Scanning ports connected on the Internet and Traffic analysis – building and processing of information from data analysis are surely on the rise. The RFC 7258 as described emphasized on pervasive monitoring mitigations where possible. Pervasive monitoring is also described as an attack and therefore it is an offense.
In 2017, we had so many cybersecurity disasters – Active attacks such as the Shadow Brokers which claimed to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. We had also the WannaCry which netted almost 52 bitcoins, or about $130,000. The Wikileaks CIA Vault 7 which contains alleged spying operations and hacking tools. The cyberstorm.mu team, clearly reacted on this issue under the Operation Crypto Redemption and submitted several patches and encouraged many Open Source organizations to patch up those vulnerabilities. According to Africa News, only South Africa seem to be impacted. It can clearly be seen that the attackers know which country they are aiming during mass phishing.
AFRICA least hit by WANNA CRY – Photo credits Africanews.com
But hey! If you give a thought about it. Did the attackers really aimed in Africa? Why Africa was not really impacted? I highly doubt that there was pervasive monitoring prior to the attack. It may also not be the case due to phishing as it depends on who got trapped with the malware. Still, phishing on large scale can be behind the intelligence of Pervasive monitoring! On the other hand, Checkpoint demonstrated how the risk is high in Africa with a map below displays the risk index globally (green – low risk, red- high-risk risker, white – insufficient data), demonstrating the main risk areas around the world.
Several countries were listed as white due to insufficient data which could account to reliable data about the risk index in the African continent. Of course, it describes active attacks risks in the African continent. Attacks over countries are now evolving. What I mean is that there could be first a pervasive monitoring system which helps attackers to move further towards their target for example: When to perform mass phishing to get more money!
The fundamental of pervasive monitoring remains mostly about building profiles of a person. It is clear that many are vulnerable to these type of attacks due to the presence on social media and social networks. A nation can be a target! Staffs from a particular company can be a target! But what is most sensible is when the data from pervasive monitoring has already been processed into meaningful information, attackers can sell that information which cost millions and maybe billions of dollars.
Over the past decade, the billion people who live in Africa have experienced the fastest growth the continent has ever seen, and many of its countries (Nigeria, Ethiopia, Mozambique, Guinea) are among the fastest growing in the world. A growing body of evidence backs our view that as Africa’s population doubles to two billion over the next several decades, its GDP will increase from $2 trillion today to $29 trillion in today’s money by 2050. What has changed? Many governments have learned from their mistakes and seen the positive reform examples not just in Asia, but more importantly in Africa itself, from Mauritius to Botswana and Cape Verde, and now Ghana to Rwanda. In most countries there has been no single reform miracle, like China’s in 1978 or India’s in 1991, but rather a series of small steps which taken together have been just as powerful. – cnn.com
Since Africa is on the edge of a rich economy boom, passive attacks will be on the rise probably from many other countries which will want to invest heavily. But where to invest? How much to invest? The information will be on sale probably from a cheap pervasive monitoring instead of an expensive survey!
We all knew that it is difficult to detect pervasive monitoring. However, I believe that data which had been processed from pervasive monitoring can still be analyzed again to understand how it was used. For example, Pervasive data gathered during a previous election campaign comparison with a new election campaign. The dark web is not just being used by individuals. According to Corregedor, private organizations and governments are increasingly using it as a source of threat intelligence. With the threat of cybercrime comes the threat of cyber warfare, and state-sponsored attacks on multinational corporations or other countries. South Africa, as with any other country, is equally at risk from this kind of threat, Corredegor says, because it is difficult to monitor the dark web for national threat intelligence. – mg.co.za
As the first defense, it would be better to adopt TLS to prevent eavesdropping. The use of DNSSEC, SMTP Strict Transport Security and various other security protocols should be taken into consideration. Bear in mind that DNS tells all about you, from where you shop, what you shop online, what web pages you looked out and what you purchased! ISPs should enforce security protocols such as PKIs (Public Key Infrastructure), DANE (DNS Authentication of Named Entities) and DKIM (Domain Keys Infrastructure Mails). Improving internet infrastructure must progress before it is too late. Emails that are not digitally signed are also a good source of data to be processed anew. A simple example of dead.letters can be a source of getting gathering data on the internet.
According to The New York Times, the NSA is monitoring approximately 100,000 computers worldwide with spy software named Quantum. Quantum enables the NSA to conduct surveillance on those computers on the one hand, and can also create a digital highway for launching cyber attacks. A Proof of Concept explained by NetreseC how to detect “Quantum Insert” in the network environment.
One of the various reasons we don’t have much privacy in the online world is that people simply don’t realize the amount of information they leak daily. Worst is when companies leak information on staffs. To resolve such scenarios, since computer today are fast enough, norms to ensure that companies are implementing the use of TCPcrypt can be made mandatory.