Tag Archives: hacking

#Anonymous to Hack #Uganda

Posted on March 26, 2016 | Leave a comment

160115192610-anonymous-2-540x304

Anonymous hacktivists Image courtesy of CNN

We are Anonymous,

We are Legion,

We do not Forgive,

We do not Forget.

That is the introduction to the press release by Anonymous, the globally acclaimed Hacktivist group that pursues anyone and everyone they deem as being unfair to society. In a February 17th 2016 press release published on the Anonymous Video Network, they state;

“Operation Africa is an ongoing operation by several activists within Anonymous who have begun cooperating. The focus of the operation is the disassembly of corporations and governments that enable and perpetuate corruption on the African continent. This consists of organisations responsible for child abuse labour as well as internet censorship within the continent and globally. We are fighting alongside other operations such as OP Nigeria as well as Anonymous SA to help free the continent from exploitation as well as the plague of exploitation that has been occurring for centuries…. No Longer will we stand by and watch these blatant abuses of power occur. We will continue to fight for their liberties until all our brothers on the continent are freed from the shackles of corruption and greed.

We will not sleep

We will stop at nothing

We are Anonymous

They should have expected us”

A follow up of this threat on the Anonymous Website reveals that Uganda is one of the countries they are initially targeting. The concerns these hactivists have regarding Internet Censorship and Corruption hit the Bull’s Eye when it comes to my country.

In the run up to the elections of February 18th 2016, I was taken back when I saw the display of military hardware that the Government had just imported and the subsequent chest thumping by the security agencies. In this day and age, it is important to know that the threats are changing. It seems like we are speeding past the era of physically confrontational armed rebellions that involve spending days and nights in bushes and spilling blood. Field battles while fighting for a cause are being replaced by online activism.

Why should we be concerned about the threat that Anonymous extends?

Other than defacing some random websites here and there, this group has the ability to inflict serious damage if they put their minds to it. I know the Uganda Police has put up a cyber crime unit but it’s abilities are still wanting due to numerous reasons.

Some of the most hard hitting acts Anonymous could engage in and affect the Government of Uganda could be;

  1. Shutdown of all Government related Websites: The use of the internet to share information by the government is growing astronomically. Through the use of DDoS attacks they can put all targeted sites on their knees. Major corporations like CNN have been victims of this. Government agencies like Uganda Tourism Board that grossly rely on the internet to market the country’s tourism are likely to be badly affected. With numerous internet facing systems deployed by various ministries like Finance, Education, Agriculture, Justice among others, any service shutdown is likely to have a significant impact on operations as well as the general economy.
  2. Access Credentials: By breaking into the online systems and accessing user credentials of various Government officials, a lot can be unearthed about the internal operations and on a brighter side, it could even help the general public uncover the rot that could be going on in some agencies. In February 2016, the group hacked into the servers of the Broadband Systems Corporation a key service provider to the Government of Rwanda. They altered all system passwords and extracted numerous account credentials used by Government agencies to communicate. The exploits were sampled here.
  3. Internet Blackout: Just like they did in Turkey, the group has the capacity to shutdown internet services across the country thereby leading to loss of business for many. The efforts by UCC to limit internet access would pale in comparison to the kind of damage Anonymous can potentially inflict if they take this route. As I write this, the group has promised an April Fool’s day surprise for Donald Trump and believe me, they will deliver even as the FBI watches. Such missions are handled by the elite of the elite Anonymous hackers who are able to completely erase any traceability in the event that the authorities tried to locate them.
  4. Disabling .ug: By focusing efforts on the root servers of the Ugandan Top Level Domain, which controls all sites that end with the suffix .ug, any website with a similar ending gets affected and cant be accessed online. When the Turkey attack was done, over 400,000 sites were offline for a period of Seven (7) days. You cant send or receive email or even have your content on the website accessed due to failure to resolve the DNS. We dont want that to happen. Three days of Facebook Censorship in Uganda were enough to show us how critical and part of life the internet has become to our lives.
  5. Infrastructure Attacks: Anonymous has the ability to target critical banking infrastructure in the country as well as any other service providers like Electricity and Water utilities for as long as they have systems that are interlinked with one or two gateways to the internet. Just imagine if they got into the UMEME network and remotely manipulated the Yaka Software Systems by resetting all customer units to zero or better still provide free power to all customers? They could easily get access to national security installations and siphon out critical information that the Government is heavily dependent upon or even expose key security informants that have for long operated undercover. Access to the Civil Aviation Authority network could easily lead them into our Airport network thereby disorganising flight arrangements and putting flights at risk. After all, they are Anonymous, we should expect them!

I could go on and on about potential exploits by this group. It is therefore a pity that the Government is silent over these threats. Perhaps they have no choice and are just clueless over how to engage this elite group of hactivists, hence having to wait and accept fate like a lamb ready for massacre.

Interestingly though, we don’t seem to be very far from getting our own Ugandan version of hactivists likely to link up with Operation Africa. The Hackers Uganda team did participate in the resistance against the aborted giveaway of Mabira Forest to an investor to grow sugarcanes way back in 2011. They hacked the Uganda Investment Authority website and left a message of defiance.

Over to the Uganda Police and the various security agencies that litter our land, are you ready for this teargas proof approach to civil disobedience?

On twitter @wirejames

Leave a comment

Posted in Technology

Tagged , , , , , , ,

Muwema Vs Facebook

Posted on March 24, 2016 | 2 comments

For a while now I have been debating over whether to write an article about the current Cyber Security threat the Government of Uganda is facing or the comedy that Counsel Fred Muwema has opted for. It was not until I came across this article giving Facebook 6 days to cooperate in regard to his intent to sue for defamation that I thought I needed to weigh in into this saga. Interestingly, while reading the article, I was entertained further when on the same page I saw an advert by one of Uganda’s leading comedians Pablo advertising his Good Friday Nyama Choma event. To be honest, Muwema’s threats and Pablo’s comedy make a good match.

In Point No. 8 of the letter Counsel Muwema allegedly wrote to Facebook, he states; “To this end I request for the Internet Protocol address of the subject user by the 29th March 2016 to be able to determine the user’s physical location, email, telephone, address and other useful identifier information.”

To take on such a battle with Facebook, Counsel Muwema reminds me of the time I visited the game park and saw a dog barking at an elephant. The elephant just went about it’s business and only occasionally looked through the corner of it’s eye to see what the source of noise was. For the attention the dog wanted, that is the best it could get from the elephant.

So Counsel, who told you that getting the IP address information is a guarantee of identifying the facebook user TVO? I will not blame you for thinking this way but probably my disappointment should be directed to the erstwhile technology advisers you surround yourself with.

For a highly marked Government critic like TVO, it would be foolhardy of one to expect him to use a pedestrian approach when engaging in what he does best. The precautions I expect such a person to take are beyond the ordinary since what he is doing is a matter of life and death and could see him (depending on where he is) either be incarcerated for life or extradited to Uganda to face incarceration.

In the world of VPNs (Virtual Private Networks) and Encryption, TVO has the ability to fool even Facebook about his whereabouts. One can be in Uganda but on accessing a site in the UK, you can utilise Internet protocol addresses from the Ukraine thereby making the UK servers believe and log your origin as the Ukraine.

Besides, what makes you think that TVO is one person? It could as well be a distributed team hence even getting the IP address may not help you uncover them. Advances in technology have made it more difficult to keep up to pace with tracking online users.

Have you heard of FreeNet, the Underground Internet? Off their website, the FreeNet project is essentially an internet within the internet, but with absolutely no censorship. The information hosted on Freenet is encryted and routed through many different nodes, which makes it incredibly difficult to track who is providing and requesting the information on its servers. Thus Freenet accomplishes absolute freedom of speech!

How about the Deep Web and Dark Web? Due to the love for privacy, anonymous browsers like the ToRBrowser are now in vogue lately allowing users to browse the internet surreptitiously and without being easily traced. When you make a request to find a web page, the request to find the intended destination is wrapped in layers of encryption or code – like the skin of an onion. Instead of going direct to the web page your request is bounced randomly across a network relay of computers all across the globe. As your request arrives at a new location a level of encryption is unlocked. All the relay computer sees are instructions to send the request on to the next location.

In real world language; bouncing across different locations makes it near impossible to trace the user. Meaning you become anonymous.

The TVO I have observed is not daft enough to utilise the internet plainly. I therefore want to take you out of your illusion Counsel by advising you to concentrate on matters other than taking on Facebook or hunting for TVO. If it is publicity you wanted, you have already got it.

My 2 Pence.

Follow @wirejames on Twitter.

Additional Research from:

https://www.scenesofreason.com/the-deep-web-vs-dark-web/

http://highexistence.com/freenet-the-underground-internet/

 

2 Comments

Posted in Technology

Tagged , , , , , ,