Tag: mauritius

Pervasive Monitoring and Security in Africa

If you think about the number of attacks on the rise in the world, statistics and figures would proved you all. For example, if you think about preventing attacks such as, Man-in-the-Middle attacks, guidance in implementing the right TLS Protocol, formerly called SSL is important. TLS is the security protocol that underlies the web. Passive attacks such as tapping – Monitoring of unencrypted communications, Encryption – Intercepting encrypted information flows, Scanning – Scanning ports connected on the Internet and Traffic analysis – building  and processing of information from data analysis are surely on the rise. The RFC 7258 as described emphasised on pervasive monitoring mitigations where possible. Pervasive monitoring is also described as an attack and therefore it is an offence.

In 2017, we had so many cybersecurity disasters – Active attacks such as the Shadow Brokers which claimed to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. We had also the WannaCry which netted almost 52 bitcoins, or about $130,000. The Wikileaks CIA Vault 7 which contains alleged spying operations and hacking tools. The hackers.mu team, clearly reacted on this issue under the Operation Crypto Redemption and submitted several patches and encouraged many Open Source organisations to patch up those vulnerabilities. According to Africa News, only South Africa seem to be impacted. It can clearly be seen that the attackers know which country they are aiming during mass phishing. 

AFRICA least hit by WANNACRY - Photo credits Africanews.com

AFRICA least hit by WANNACRY – Photo credits Africanews.com

But hey! If you give a thought about it. Did the attackers really aimed Africa? Why Africa was not really impacted? I highly doubt that there was a pervasive monitoring prior to the attack. It may also not be the case due to phishing as it depends who got trapped with the malware. Still phishing on large scale can be behind the intelligence of Pervasive monitoring! On the other hand, Checkpoint demonstrated how the risk is high in Africa with a map below displays the risk index globally (green – low risk, red- high risk risker, white – insufficient data), demonstrating the main risk areas around the world.

Photo Credits: Checkpoint.com
Photo Credits: Checkpoint.com

Several countries were listed as white due to insufficient data which could account to reliable data about the risk index in the African continent. Of course, it describe active attacks risks in the African continent. Attacks over countries are now evolving. What I mean is that there could be first a pervasive monitoring system which help attackers to move further towards their target for example: When to perform a mass phishing to get more money!

The fundamental of pervasive monitoring remain mostly about building profiles of a person. It is clear that many are vulnerable to these type of attacks due to presence on social media and social networks. A nation can be a target! Staffs from a particular company can be a target! But what is most sensible is when the data from pervasive monitoring has already been processed into meaningful information, attackers can sell those information which cost millions and may be billions of dollars.

Over the past decade, the billion people who live in Africa have experienced the fastest growth the continent has ever seen, and many of its countries (Nigeria, Ethiopia, Mozambique, Guinea) are among the fastest growing in the world. A growing body of evidence backs our view that as Africa’s population doubles to two billion over the next several decades, its GDP will increase from $2 trillion today to $29 trillion in today’s money by 2050.  What has changed? Many governments have learnt from their mistakes and seen the positive reform examples not just in Asia, but more importantly in Africa itself, from Mauritius to Botswana and Cape Verde, and now Ghana to Rwanda. In most countries there has been no single reform miracle, like China’s in 1978 or India’s in 1991, but rather a series of small steps which taken together have been just as powerful. – cnn.com

Photo Credits: African-markets.com
Photo Credits: African-markets.com

Since Africa is on the edge of a rich economy boom, passive attacks will be on the rise probably from many other countries which will want to invest heavily. But where to invest? How much to invest? The information will be on sale probably from a cheap pervasive monitoring instead of an expensive survey!

We all knew that it is difficult to detect pervasive monitoring. However, I believe that data which had been processed from pervasive monitoring can still be analysed again to understand how it was used. For example: Pervasive data gathered during a previous election campaign comparison with a new election campaign. The dark web is not just being used by individuals. According to Corregedor, private organisations and governments are increasingly using it as a source of threat intelligence.With the threat of cybercrime comes the threat of cyberwarfare, and state-sponsored attacks on multinational corporations or other countries. South Africa, as with any other country, is equally at risk from this kind of threat, Corredegor says, because it is difficult to monitor the dark web for national threat intelligence. – mg.co.za

As first defence, it would be better to adopt TLS to prevent eavesdropping. The use of DNSSEC, SMTP Strict Transport Security and various other security protocols should be taken into consideration. Bear in mind that DNS tells all about you, from where you shop, what you shop online, what web pages you looked out and what you purchased! ISPs should enforced security protocols such as PKIs (Public Key Infrastructure), DANE (DNS Authentication of Named Entities) and DKIM (Domain Keys Infrastructure Mails). Improving internet infrastructure must progress before it is too late. Emails that are not digitally signed are also a good source of data to be processed anew. A simple example of dead.letters can be a source of getting gathering data on the internet.

According to The New York Times, the NSA is monitoring approximately 100,000 computers worldwide with spy software named Quantum. Quantum enables the NSA to conduct surveillance on those computers on the one hand, and can also create a digital highway for launching cyberattacks. A Proof of Concept explained by NetreseC how to detect “Quantum Insert” in the network environment.

 

 

One of the various reasons we don’t have much privacy in the online world is that people simply don’t realised the amount of information they leak daily. Worst is when companies leak information of staffs. To resolve such scenarios, since computer today are fast enough, norms to ensure that companies are implementing the use of tcpcrypt can be made mandatory.

REFERENCES:

  1.  https://tools.ietf.org/html/rfc7258
  2. https://www.wired.com/story/2017-biggest-hacks-so-far
  3. https://hackers.mu/news/operation-crypto-redemption 
  4. http://www.africanews.com/2017/05/15/africa-least-hit-by-wannacry-ransomware-cyber-attack/
  5. https://blog.checkpoint.com/2017/06/20/mays-wanted-malware-fireball-wannacry-impact-1-4-organizations-globally 
  6. http://globalpublicsquare.blogs.cnn.com/2013/01/22/get-ready-for-an-africa-boom
  7. https://mg.co.za/article/2016-07-15-00-beware-of-the-webs-dark-side 
  8. https://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html
  9. https://www.netresec.com/?page=Blog&month=2015-09&post=Covert-Man-on-the-Side-Attacks
  10. http://tcpcrypt.org

 

A trip to a Wind Farm at Plaine Des Roches

This Sunday the 16th of April, I came across an interesting location in the North-East at Plaine Des Roches, Mauritius where electricity is produced through Wind Farms. The company is Quadran which has invested in this environmental friendly interesting project. Quadran is the global actor in renewable energy encompassing hydroelectricity, solar energy, wind energy and biogas. It has 130 collaborators from 13 agencies and subsidiaries in France metropolitan and Outre-mer including Reunion Island.Quadran. 

The electricity is produced by means of kinetic energy from the wind. The wind turns the blades, which spin a shaft connected to a generator which makes electricity. At some moment, when there is not enough wind, a fuel-powered engine will use switch on automatically for some seconds to run the turbine after which, the wind will take over to turn the blades.

I believe that Mauritius which is looking forward for a more eco-friendly island should invest more in these type of project. This project which involves 11 wind turbines with a power production of 9, 35 MW will satisfy the energy consumption of approximately 10,150 people.

However, side effects of wind turbines are not false. According to some source, there are also reports of negative effects on radio and television reception in wind farm communities. Potential solutions include predictive interference modeling as a component of site selection. A 2007 report by the U.S. National Research Council noted that noise produced by wind turbines is generally not a major concern for humans beyond a half-mile or so. Low-frequency vibration and its effects on humans are not well understood and sensitivity to such vibration resulting from wind-turbine noise is highly variable among humans. – www.nap.edu

Hackathon Mauritius 2016

Hackers Mauritius is the first Linux and Open source Developers team in Mauritius. A hackathon with the theme – SAD “Search and Destroy” will be organized for 2 consecutive days. Members of Hackers Mauritius will have to fixed up the maximum possible bugs on several opensource software including OpenSUSE and other linux distributions.

It takes place on Thurday 28th and Friday 29th of April 2016 hosted by ISVTEC at its own office.

11012704_114957932208465_4463539958738370286_n

Operation SAD
  • What is operation S.A.D?

Operation S.A.D nick named, search and destroy, is the first Linux hackathon we will be holding in Mauritius to massively fix some security issues in some Opensource software right now, we’ll be dealing with some crypto code which many enterprise, users and embedded appliances are relying upon daily.

  • What is a hackathon?

“In June of 1999, OpenBSD held the first hackathon. In the months leading up to this, either Theo or Niels Provos had coined this new word “hackathon”. “Here also we wish to adhere to that same idea of a hackathon.

  • Is everybody invited in a Hackathon?

Quoting from the ones who coined the word hackathon:“Hackathons attendees come by invitation only. Some new people in the community who show promise are sometimes invited to see if they have what it takes. However, hackathons are not developer training events.”

In 3 days we have to focus in fixing the maximum bugs that we can. Remember this is hopefully going to make some burst of patches from our small island, which is kinda cool 🙂

Next time somebody says that we didn’t invite the whole world to participate in the hackathon, you can reference to this. Ever wondered how many lines of code you can write if you need to focus on getting others up to speed? If you are a developer and reading this, you will know, this is not about your technical knowledge, but mostly about the entire procedures to get code from nothing up to production. There will be the time for the walk throughs also, but that will be for another project.

  • Why an event when no one is invited to participate?

Not at all, on the 30th of April, we shall have a presentation openned to the public, to talk a bit about what we did during the hackathon, how opensource software development contribution works in general AND forget not, the new changes that have been submitted upstream. We will bring this in a form that Mauritian tech people can understand it.

  • Prizes?

Yes, despite there are rumors by some people who do not quite understand how a hackathon works, we are actually offering some prizes to 3 people who can actually solve a set of challenge we are making. The top 3 highschool students who manages to do them based on our criteria set, will get a small walk-through with us first, and will get each a seat for the hackathon. We are targeting youngsters here, but the learning process, that skillset or instinct needed to make someone a hacker needs to be built with passion and the perfect age is when one is young enough.

  • Who is invited on the 30th?

Members of the IT community in Mauritius or elsewhere is invited to join in on Saturday the 30th of April. We shall update you with the correct information as we go along.

  • More information will be posted
  • Sponsors

All of our thanks goes to ISVTEC who is going to host our hackathon. We can truly recommend ISVTEC for all your managed services needs (please visit their website for details about the long list of services provided). Many thanks to silent sponsors of hackers.mu also who wishes to remain silent

Adventuring with Pro photomakers of Charles Telfair Institute

“The word ‘photo’ is derived from the greek word ‘photos’. Adventuring in the world of photons is simply amazing” – Yush of EYELIGHT Studios (main wedding photographer}, student of CTI and BCS, the chartered institute for IT . The photography world is so vast and profound that i could not prevent myself to blog about it. I was introduced to the different concepts in the world of photography by some students of Charles Telfair Institute. EYELIGHT studios, is now emerging in the world of photography after the hard work of these guys from CTI who are evangelizing their talent and skills as  ‘photopreneurs’

eyelightstudios
Copyright 2015 -Eyelight Studios

Though as an amateur, i used to shoot pictures with my little Samsung phablet and various point and shoots, the guys of EYELIGHT Studios demonstrated to me there fascinating tools of photography today at Merville beach hotel. I used to see professional pictures but this time i was on the backstage with them. “Mastering the techniques and bringing new concepts forward is a must to excel in this world and we are working to show the world our competence and effectiveness” – Yas of EYELIGHT studios as main studio photographer. “The managerial tasks, advertisements and bookeeping tasks is carried by me and i assured the good running of all projects” – Akshay of EYELIGHT studios also student member of the British Computer Society and CTI

Their most used equipements to render their task easy are Nikons cameras D7200 D7100 D5300 and D5200. A phantom 4 drone is also available for events, hotel’s marketing aerial shots. Flash photos are performed using speed lights and triggers. combined with soft-boxes and reflectors.

They have accomplished several tasks using the Adobe Photoshop, lightroom, After Effects, Premier, Portrait professional and several softwares.

Actions of the Pro Photo makers on the Backstage

20151018_170147

20151018_165803

Here is an idea of the final picture after the shoot without further post-processing.

_YAS1442
Copyright 2015 – EyeLightStudios

You can also contact them for photography and videography events and services. Check them out through their Facebook page.