Malawi’s cyberspace suffered a dose of humiliation on Saturday when notorious Algerians secretly blew off IT gates and hacked a number of government websites, exposing shallowness of Malawi’s cyberspace security.The spoofing happened soon after the soccer battle between the Algerian team and our home team – The Flames. After beating Malawi in the soccer front, Algerian hacker(s) identifying themselves as “L’APoca-Da”, sneaked into some of the government’s websites defacing them before posting their victory results of the game which ended 2 goals to nil.
However, according to investigations sanctioned by the State, the hackers were into a ‘deep’ mission than superficially displayed. The nature of the attack prompted government to quickly assemble a team of IT experts to probe into the breach. The team, which incorporated the National Intelligence Bureau (NIB), comprised of IT experts from strategic institutions and agencies including the Malawi Defense Forces (MDF).
The findings of the investigations, which were ready by 3:00 am today, Monday, suggested that the cyber attack, which was capable of sweeping up huge amounts of sensitive data, was a spying attempt. Whether we continue calling it “attempt”, Malawian Watchdog shares the same question.
The report, which was accompanied by a communiqué from the Ministry of Home Affairs and Internal Security and was addressed to the State President, quickly leaked to Malawian Watchdog. Currently at our disposal, the report indicates that two attempts were made on the president’s website, seven on defense-related site and three on the country’s Foreign Ministry. The report addresses that just one hacking attempt was successful in which the hacker successfully tampered with the website’s internal database. However, the report admits, other websites ‘were reasonably’ defaced.Among other agencies, the cyber attack targeted three Ministries: the Ministry of Defense; Ministry of Lands; Ministry of Justice; Ministry of Foreign Affairs and International Relations; and the Ministry of Home Affairs”, the report reveals, adding that “by observing the targeted institutions and agencies, the [Cyber] assaults may have been engineered to extract classified information on security matters of the State.”
Collaborating this envisage, was the communiqué prepared by the Ministry of Home Affairs which postulation that a possibility that the hacker could be linked to Tanzania might be ruled in. Tanzania and Malawi are currently in a boarder wrangle in which the former is claiming part of what has been Lake Malawi. The wrangle got more pronounced during the Joyce Banda administration and went silence since the coming in of new government.
Reports are indicating that Tanzania is currently patrolling its claimed part of the Lake with armored boats while the issue, which is now with an African dialogue body, is nowhere in the knowledge of the public.
Malawian Watchdog has further learnt that one of the affected websites had crashed after receiving a huge amount of service requests that crippled its system.
The report has asserted a probability that a particular malicious software (malware) called ‘Flame’ was used to cripple down other 2 websites, one belonging to the Ministry of Home Affairs and another of the security agency – NIB.
According to the report, Flame is a cyber-espionage tool that was created by a ‘hacktivist’ group of the Middle East and has been used in such cyber attacks targeting governments and other institutions in Syria, Israel, Saudi Arabia and China among notable ‘victimized’ countries.
This espionage tool is said to possess capabilities of recording audio and keyboard activity, switch on a device’s camera or turn an infected telephone into recording device. It uses computer Bluetooth connectivity to extract information from other Bluetooth-enabled devices nearby, sending the data back to as far as Algeria itself. These attacks, the official report says, use vulnerabilities in computer’s operating system that has never been exploited before.
“The hacker used an exploited flaw in Adobe Systems’ ColdFusion software which is used to construct websites, to achieve his break-in. It is unknown exactly how many systems have been compromised as our assessment may not be necessarily conclusive, but it is a widespread problem that should be addressed”. The 7-page report further reads.
After accessing the report, Malawian Watchdog systematically went about engaging key government officials to find out their concerns on the reported cyber crisis. One official from the Ministry of Home Affairs was willing to talk to us on strict condition of guaranteed anonymity. In her response to a quizzer, she admitted that the government does not have adequate defensive capacity to repel such adversaries who may launch cyber attack to its systems.
Her revelation was indeed summing up as it was commensurate to a way-forward suggestion made by the investigative team in the recommendations part of its report. The team suggested that the government should consider establishing a cyber security agency capable of repelling the hacktivists. The report bemoaned that overlooking this necessity has resulted into this breach.
“As this kind of attacks had, probably, been out of consideration, thereby overlooking the necessity to institutionalize anti-hacking agencies, this report recommends that such an institution be seriously considered lest the nation be at a risk of further such attacks, which bears more danger to the national security”.
The concerns are coming against a backdrop of government’s dominance on social media, especially Facebook, where State-sponsored spies and fanatics are busy cracking propaganda and baseless attacks (in forms of intimidations, blackmailing and sabotage) at the expense of such important tasks as building and enhancing cock-sure security in our national cyber zone.
