Tag Archives: nita-u

Stolen National ID Data ~ Questioning The New Vision’s Agenda

The headline on the front page of the Sunday Vision screamed, PANIC AS NATIONAL ID DATA IS STOLEN. I dropped all I was doing to quickly get myself a copy of the news paper. Being one of those people that have continuously cautioned our government over its handling of electronic data, I was only too eager to see what had been done wrong this time round.

vision_headline

The screaming Sunday Vision Headline

The title of the article gives one the impression that the folks at the National Identification and Registration Authority (NIRA) were caught napping on duty.

In the article, a one Norbert Kamwebaze was allegedly paid twice for work he did for Roko Construction with the second payment being dished out to an imposter who presented an ID card to Roko that had all his details save for a difference in the face.

The article starts off with a clear indication of the agenda the authors had; “Panic has gripped members of the public after it emerged that confidential data that Ugandans submitted to NIRA could have landed in wrong hands….” Using a very basic example, we have had forgery of permits for a long time in this country where someone lifts all the information of a legitimate permit and only changes the face to reflect his. Why has there never been any doubt cast on Face Technologies over our data? I was irked by the quick conclusion being insinuated in the article yet the details of the story indicate that suspicion should first be cast elsewhere.

Let us look at the issues raised so far and what they mean;

  • Mr. Kamwebaze was contracted by Roko construction to do a job for UGX 51 Million Shillings

  • Upon completion of the job, he was paid in full but not before producing proof of his identity by presenting a National ID which was duly photocopied.

  • Mr. Kamwebaze proceeded to bank the cheque on his account in Barclays bank and it was cleared.

  • A few days later, another person bearing a similar ID appeared at Roko for payment and was issued a cheque for payment.

This is where the story gets an interesting twist. Roko as a company has decent accounting systems in place with well set processes and procedures. I have done work for them before and know that the point persons one deals with when it comes to finances are limited and they usually know even off head who has been paid. The issuance of cheques follows some fairly lengthy procedures and this makes me wonder how a second cheque could have been issued without internal connivance. Is it possible that by coincidence all those who handled the first payment issued were never available when the impostor turned up?

  • The double payment was discovered by the Roko top management.

This is already a pointer that the lower level staff have some serious questions to answer.

  • The impostor opened up an account with the same bank, Barclays using the same bio data as Mr. Kamwesigye, went ahead to ensure the account had the same bank balance as that of the legitimate Kamwesigye and two days later, deposited the cheque of 51 Million. Upon maturity, he withdrew all the money.

This raises some interesting questions. They are:

  1. Could it be that the banking software used by Barclays has no ability to detect duplicates? How could two accounts with similar bio data exist yet having different photographs? Shouldn’t a flag have been raised internally at least first with the Systems Security team?

  2. How did the impostor get to know the details on the legitimate Kamwesigye’s account including bank balance? Was he working with an insider in Barclays? Could there have been collusion between Mr Kamwesigye and this alleged impostor?

Back to the National ID, no where in the article does it indicate the trail to NIRA. There is a presumption that the NIRA database could have been hacked to get this information but this does not appear to hold much water considering that there are still many other ways one would have accessed this ID information. Based on my assessment, these are the first areas of suspicion before casting NIRA in bad light:

  • The impostor could have worked with staff at Roko who availed him the ID information since they already had a photocopy and considering that he picked his money after the real claimant had already got his.

  • The real Mr. Kamwebaze could have connived with the impostor and come up with the new ID that the impostor used.

  • The impostor could have tracked Mr. Kamwebaze and been able to get access to his National ID without his knowledge. Thereafter, he hatched out his plan.

At this point, unless further information is availed showing complicity by NIRA, I am inclined to believe that this was more of social engineering than hacking into the National ID Database.

It is on this note that I would like to register my disappointment with the New Vision for falling prey to the sensationalist headline approach typical of the reckless Ugandan tabloids.

One positive though the article brings out is the need for our public institutions to guard against data pilferage. Remember, the weakest link in any IT systems is the human being. Employ professionals who know what they are doing and are willing to stand by a pre-set code of ethics. We shall minimise the likely occurrence of such.

Eid Mubarak to my Muslim brothers and sisters.

James Wire is a Technology and Small Business Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Advertisements

Free MyUG WiFi? Kifeesi to go Online

Kifeesi is a renowned criminal gang in Kampala city that has baffled the minds of many. Their daring moves at carrying out broad day light robberies in the busy downtown spots without fear of the law enforcement officers have raised many eye brows. Like the ruthless Mungiki of Kenya, Kifeesi could easily be rated as a younger sibling or rather a Mungiki wannabe. NBS Tv did a good investigation on this gang here.

kifeesi

Kifeesi Criminals arrested. Courtesy picture from Eagle Online

Crime is crime. A criminal mind is always ready to operate anywhere for as long as the terrain is conducive. The recent announcement by the Minister of Information Communication Technology and National Guidance about the free offer of WiFi internet access in Kampala has been met with mixed opinions. Many urban dwelling Ugandans have taken on the use of the internet with a lot of zeal over the past five years. Facebook and WhatsApp seem to have the lion’s share of activity. Free WiFi is seen as “manna from heaven.”

unnamed-2Accessing the free WiFi in Kampala entails being within an area that has the signal hence allowing your phone or mobile gadget to connect. The hotspots have been spread in certain locations for starters with others to follow suit later. As a first time user, you are expected to submit some profile information and then get access thereafter. In keeping with the expectations of Hon. Father Lokodo the State Minister for Ethics and Integrity, no pornography shall be accessible.

Now to Kifeesi. I foresee a re-invention of Kifeesi as this WiFi takes root. A Kifeesi that will no longer be content about merely stealing your phone or robbing you of that pocket change. This Kifeesi is IT savvy. Their goal is to either;

  • Steal your online identity or

  • Con your online friends or

  • Rob your bank account or

  • Blackmail you or

  • Settle scores

How is the new Kifeesi likely to do it?

By identifying a public area that people frequent to access free WiFi, all they need to do is set up rogue WiFi hotspots that have eerily similar names like those of the official HotSpot provider. If the HotSpots by NITA-U are named MyUG (for example’s sake), Kifeesi can setup MyUG1 and then link that hotspot to the internet.

The unsuspecting public will innocently hook onto that hotspot and start chatting away using all sorts of social media utilities (encrypted and unencrypted). Before you know it, you’re availing Kifeesi a lot of information about yourself and others you interact with. What they do with that information is dependent on how much they are willing to go after you. Your login credentials to access various online services can easily be harvested and either sold on the online blackmarket or even used to rob you or endanger others.

Kifeesi Victim

Let us take the case of a one Natabo. She works for a leading bank and is a top level manager. She gets duped into using the Kifeesi WiFi. She quickly gets into her Facebook account, Instagram, Twitter and WhatsApp. As she interacts with her online community of friends, the Kifeesi hotspot is logging all her traffic to and from the internet while diverting it to a separate location for further analysis. After a “nice” time chatting online, she chooses to check her bank email before leaving and this involves logging into the system. Again, her information is logged.

This is phase one for Kifeesi and so far, some success has been registered. Now is the time to go to the next step.

Kifeesi in Action

With basic tools got online, the Kifeesi crew sifts through Natabo’s data and extracts all sorts of unencrypted information that it uses to build a profile of who she is. With sniffed logins and passwords, they are able to undertake further access to her numerous online accounts. The killer comes in when they access her bank email. There-in lies confidential corporate data on various key client accounts as well as the internal workings of the bank.

Kifeesi Next Steps

With the gathered credentials so far, Kifeesi can choose to trade the confidential bank information got from her email to the competition. This is one of the ways industrial espionage takes place of late.

Natabo’s friends can be duped using the various social media accounts into undertaking certain financial transactions under the guise of dealing with her.

Natabo’s secret chats, photo exchanges among others could easily be used to blackmail her into paying a ransom to Kifeesi or else she faces tabloid exposure.

Natabo’s friends could be lured into appointments that could endanger them. The end result would be robbery or even physical harm like rape.

And much more.

Exercise Caution

As you spring out to partake of the free MyUG WiFi, exercise caution. Do not just log onto any hotspot that remotely resembles the official hotspots in name. Ensure that you carefully study the WiFi to be connected to. This will reduce on your level of susceptibility to fraud.

By doing that, you and me can manage the emerging online Kifeesi.

Follow @wirejames on Twitter

IDLELO 7 – Uganda’s Open Source Moment

The year was 1997 when as a student at Makerere University, I had the privilege of hobnobbing with a select group of ‘internet techies.’ One of them whom I later got to know was Kiggundu Mukasa had just returned from the USA after spending some time there studying and working. He was the first local advocate of Linux (an Open Source Operating System) and using the software CDs he had returned with, he very willingly shared with those who were already technically astute. Individuals like Paul Bagyenda and Terah Kaggwa are some of the very first I know of that toyed around with Linux in this country.

Our meet-ups used to be in Baghdad (Wandegeya) at the site of the current KCCA market and that is where the first unofficial Linux User Group (LUG) meetings took place. The inspiration that some of us got as a result of the open sharing that used to take place skewed our minds into embracing Free and Open Source Software (FOSS) as the future for this nation and Africa at large.

Being convinced about a cause is one thing while having others buy into the same cause is another. The resistance faced while spreading the FOSS gospel then was so stiff that hadn’t it taken firm determination, Uganda would not be the Open Source beacon of hope that it is today. From Government to the private sector, IT professionals were sceptical of anything Open Source and while some of their reasons were valid, others bordered on mere fear for change of the status-quo.

Over the years, numerous developments have gradually altered local perceptions about FOSS and these include;

  • The increasing clout of FOSS products/companies like Fedora, SuSe, MySQL among others in the IT world.

  • Exposure by many IT professionals to FOSS systems starting with those that got a chance to pursue their studies out of the country.

  • Increasing grip that Proprietary Software companies were having on Software Licensing compliance.

  • The enactment of laws that rendered activities like software piracy illegal.

  • The growth of e-government

  • The limited operational budgets at the disposal of many Government organisations.

  • The Internet Service providers that majorly offered firewall and mail server systems based on FOSS.

  • The existence of a vibrant Linux User group that at one point used to carry out school outreach programmes.

  • Coordinated efforts of FOSS promotion with other African countries through the pan African FOSSFA organisation.

In November 2002, during an ICT Policy and Civil Society Workshop in Addis Ababa, Ethiopia, it was agreed that a framework for Open Source Solutions be developed. This process later led to the formation of the Free Software and Open Source Foundation for Africa (FOSSFA) a year later. Come 2004, the first ever African Conference on the Digital Commons was held in South Africa where it was later dubbed IDLELO (meaning common grazing ground). This event is carried out every two years and attracts participants who are actively participating or interested in the FOSS world. IDLELO is to Africa what OSCON is to the USA.

Twelve years later, from the 22nd to 24th of August 2016, Uganda will proudly host IDLELO 7. What makes it even more interesting is the level of Government involvement. After shouting ourselves hoarse for nearly a decade, the local FOSS community had given up on ever seeing the Government of Uganda play an active role in promoting FOSS. However, over the last two years, the National IT Authority of Uganda has warmed up to the idea of integrating FOSS in the Government plans for e-government. A FOSS policy is in advanced stages of being approved thanks to this same organisation pursuing the matter. The financial and logistical support NITA-U has extended to the event clearly shows that this time round, the Government is serious about going in bed with Free Software.

It is therefore a very exciting and emotional moment for many that have seen the baby strides FOSS has taken to gain a foothold in Uganda. Hosting the Who is Who of Africa’s FOSS world is likely to alter our path for the better and for good.

To the delegates coming over, Ugandans are known for their hospitality and we are certain that you will leave a piece of your life in Kampala.

Hubasangaliye

Tubaaniriza

Twabashemererwa

Wajoli i Uganda 

Follow @wirejames on Twitter

Hon. Minister Sir, This is what I wanted to say

In Uganda, it is out of the ordinary for a Government minister to engage the citizenry in a consultative manner. In most cases it is a one way engagement where he/she is telling the citizens what to or not to do. This is why I was taken aback when I received the call inviting me to the ICT & Communications Stakeholders’ dialogue convened by the Ministry of ICT and National Guidance that took place on the 7th of July 2016.

That morning, I decided to pen down issues I thought I needed to share but midway my attempt, the little devil in me reminded me that it was going to be business as usual hence I might not even get a chance to air my views. I proceeded to send some Whatsapp messages to my Wawa buddy Simon Kaheru.

Screen Shot 2016-07-08 at 09.03.21

As you can see, he lambasted me for being negative and that is when I realised that just maybe, this is likely to be Business Unusual this time round. Given two minutes to make my submission, I realised that I had a herculean task and hence had to summarise in a manner that would make the creators of WinZip envy me.

Hon. Frank Tumwebaze, this is what I had to share after being fervently reminded that it was a dialogue NOT a finger pointing and popularity seeking contest.

Uganda may have made strides in the ICT sector over the years but like any other industry, we are always on the road, seeking moving on to the next best thing. As a result, my views on the industry currently while not exhausted by this submission are;

Get the National Fibre Backbone closer to the people. The National Data Backbone rollout by government is an impressive feat and should be applauded. Despite the hiccups faced in it’s initial stages, the team at The National IT Authority, Uganda (NITA-U) was able to turn around a nearly failing project into the deployment success it currently is. Steps were taken to have a private sector company manage it’s commercialisation but to-date, we are yet to see and feel it’s effect directly as citizens. While it may be interconnecting some critical government infrastructure that we rely on already, as well as offering capacity to some large corporates, as a resident of a village in Mukono Town Council, I would like to see it impact me directly. Short of working out ways in which we can see real value as lay men, it will remain a white elephant to us.

Case in point, Smile Telecom and Roke Telekom have some pretty decent internet access offers, however, because they have to roll out their networks from scratch as they extend the services from town to town, this has slowed their growth. Why can’t we win over some of these providers to use this backbone as a backhaul thereby allowing them to concentrate on final delivery of services in the various towns? The argument might come up that “They haven’t approached us” or “we failed to agree” but this is not the attitude of a proactive mindset. It always helps to engage and find out what middle ground one could achieve. So, the company contracted to manage this fibre needs to offer more services than merely maintaining the proper functionality of the cable. It should be able to advise the government on how to better utilise the resource, attract more customers through well packaged incentives.

By offering good backhaul links between the towns, this fibre has the potential to create a spinout of numerous Virtual Service Providers who can effectively offer services in their local areas and hence widen the catchment area of internet and e-government usage in this country. Imagine if the fibre has a termination point in Kumi and a one Ejalu sets up a local WiFi network in Kumi town with backhaul access to Roke Telekom in Kampala via the National fibre, he can provide not only a much cheaper service than the grossly expensive bundles that our Telecoms have made us accustomed to but also has the opportunity to customise its delivery through the use of open source software as well as language translations to suit the locals. The future of most services is localisation.

Certification of ICT Practitioners. NITA-U has come up with a proposal to regulate all ICT practitioners in the country just like is done in the Legal, Engineering and Surveying sectors. This is being met with alot of resistance from industry players.

However, in my personal opinion, this resentment is probably as a result of uncalled for Fear, Uncertainty and Doubt (FUD). The government needs to come out and sensitise the affected parties about the intentions of this initiative as well as make modifications where necessary.

The ICT industry is not as straight jacket as the Legal, Architectural, Survey and Engineering domains that are pre-defined out of the box. Many, including yours truly are self trained practitioners who spent sleepless nights utilising internet resources to gain skills. To be told that you need to have a certain certificate before being allowed to offer an IT service is a threat to our very existence. However, more of this is covered in this article I wrote on the need for certification.

Outsourcing. Through NITA-U, the government has made efforts to promote this sector of ICT Business. Truth be told, not much has been achieved and this could be attributed to the misguided belief that business opportunities will come from outside the country as opposed from within.

The Indian BPO industry honed its skills from the pro-active approach taken by the government to outsource services for some of their work to local businesses right from the local government level up to the national. A similar approach would help our companies too.

It is no secret that most government departments in Uganda need digitisation of their records. Secondly, there are numerous citizen centered services that the BPO sector could run on behalf of Government agencies e.g. The immigration department could have a tracking system for Passport management run by a private company to respond to various passport related queries instead of the massive human traffic that makes daily pilgrimages to their offices giving a semblance of a busy environment.

The Uganda Revenue Authority had a similar problem when it used to centrally manage all lodging of paperwork by clearing agents and various tax payers until they came up with an IT solution that allowed third party service providers to plug into the system and offer the same services. The traffic at their head office reduced very significantly.

Local Content. Local Content refers to the percentage of locally produced materials, personnel, financing, goods and services rendered to an industry and which can be measured in monetary terms.

Just like the Oil Industry, it is high time a local content policy for the ICT industry in Uganda was effected. I know NITA-U is working on this but it’s important that we bring it to the fore. During the run up to the previous elections, the discontent by many arose from the fact that most opportunities in the country are seen to be bypassing the local providers in preference for foreign. With all ‘big’ jobs naturally gravitating to foreign owned companies, this has left many brilliant ICT professionals with nothing to do locally as well as led to the closure of many a business venture.

Take a stroll around Africa and you will be amazed at the number of projects Ugandan ICT professionals have implemented. During a consulting gig for the Common Market for Eastern and Southern Africa (COMESA), I felt very proud when the head of the ICT department praised the Ugandan consultants they had used claiming they always did a great job. Why then can’t these very resourceful Ugandans be appreciated back home in preference for foreign journeymen way past their sell by date in their home countries? Yesterday, a friend intimated to me that a reknowned financial institution in Uganda flew in expatriates to install a Cat6 Cable Network in their offices. It is such instances that make me resort to Tamale Mirundi’s expletives “Ngalabi Za Mitwe” (Drum heads).

The cry by Government officials that we are not yet skilled enough is hogwash because we would not be hired by international agencies if that was the case.

I propose that an inventory be done of ICT practitioners in this nation complete with their areas of specialisation and businesses (if any). A move towards empowering them either through selective bidding (locking out foreign entities) or ensuring a procurement structure that enforces partnership of foreign entities with local businesses in order to undertake projects would be welcome. We need to start sieving the deal makers from the real solution providers and this is where accreditation through certification might come in handy.

National ICT Strategy. It is said that one human year equals four technology years. In other-words, every three months that elapse equal to one technology year. As a nation we are good at making plans, policies and the like, however, in some cases these are driven by the need to achieve simplistic quick gains without looking at the long haul.

We also tend to have a disease of implementation. When the good plans are made, either the resources (not only money) required to see them through are not availed or government departments attempt to outmuscle one another for implementation rights.

What we need is a well rounded strategy with a multi-disciplinary and long term perspective. ICT is an enabler, so any plans should take into consideration our aspirations in the Health, Education, Agriculture, Manufacturing, Transport, Tourism and other sectors. How can we can use ICT to address corruption, traffic jams, trade, manufacturing, illiteracy, security, travel, piracy, climate change among others. The desire for shortcuts will keep us heading back and forth in an unending loop only to take us back to the starting point.

Hon. Minister Sir, this is what I never had a chance to share in detail. I am glad you have read it in it’s entirety now. By the way, you asked where the developer of Me2U is. I would like to gladly tell you that he is very alive and plying his trade from Entebbe with a largely foreign clientele that keeps him busy. Not wanting to soil his career with the intricate dynamics involved in getting local business (especially government), he opted for the foreign strategy. Otherwise he is one of the most deeply rooted nationalists I know of in this country.

For God and My Country

Follow @wirejames on Twitter

How safe is our Government?

Holed up in a makeshift office are Zabu and Zaba two very articulate young men whose mindsets would give the elderly a run for their money. Among their peers, they seem weird and only find solace with more mature and forward looking people… Recently, while doing a routine play of locating WiFi hotspots, they chanced upon a provider who happens to be one of the biggest in the WiFi market in Uganda…. In a flash, they gained access to over 2000 client login accounts. Are we secure? Read more here.

stock-photo-programming-code-abstract-screen-of-software-developer-computer-script-230705509