[ISN] Cyber Crime Crisis Looms in Zimbabwe

From: InfoSec News (isnat_private)
Date: Mon May 06 2002 - 00:30:27 PDT

  • Next message: InfoSec News: "[ISN] Biometric Security Not Ready to Replace Passwords"

    Financial Gazette (Harare)
    May 3, 2002 
    Posted to the web May 3, 2002 
    Joseph Ngwawi Business News Editor
    IMAGINE your bank statement being transmitted spontaneously via
    electronic mail to millions of individuals and companies across the
    world because a virus has attacked the bank's computer system.
    Chris Wilson - this is not his real name - says he once received
    e-mail messages containing information on financial statements of
    customers of a local commercial bank.
    The above example is just the tip of the iceberg on how susceptible
    the computer system could be to hackers and how incidents such as
    these aid the new global fad of cyber crime.
    Computer experts say at least one computer network in Zimbabwe is
    attacked by hackers every 30 minutes and that the local private sector
    is sitting on a time bomb amid fears cyber security is not accorded
    the top priority that it deserves.
    Although actual figures on the financial losses incurred by local
    firms and organisations due to cyber crime are not documented,
    Zimbabwe has not been spared some of the dangers of the new
    information age.
    In the United States, the financial losses due to cyber crime are
    estimated at more than US$450 million a year.
    According to computer experts, the Internet connection is the most
    frequent point of attack. The laxity of information security policies
    in the country just makes this worse.
    Computer experts say almost all computer systems in the country have
    been violated in one way or another in the past year, resulting in
    billions of dollars worth of financial losses.
    In just two of these cases, separate Harare-based companies lost
    millions of dollars due to the sophisticated manipulation of the
    accounting systems by their workers who colluded with some outsiders.
    Other losses have occurred through theft of proprietary information,
    which is later used by a company's competitors.
    But David Behr, head of one of the country's leading Internet service
    providers, Zimbabwe Online, says no cases of industrial espionage have
    been recorded yet in Zimbabwe, adding that the main culprits are
    usually the so-called "script kiddies" who spend most of their time
    surfing at Internet cafes.
    "The main culprits are not the government or the corporates but these
    are usually fairly young people, probably male with a lot of time on
    their hands," Behr said.
    The script kiddies are usually able to break into an organisation's
    personal files and use or alter the information.
    Harare-based computer expert John Sheppard said the situation was
    compounded by the absence of sound information security systems at
    most Zimbabwean firms, which increased the chances of them falling
    prey to cyber criminals.
    He noted that the bulk of Zimbabwe's computer networks were not
    properly protected against viruses, one of the means by which hackers
    and other people could sabotage an organisation's database.
    He said it was possible for sensitive information to be transmitted to
    other people whenever a company's or bank's computer system is
    attacked by a virus.
    "Many outbreaks such as the outbreak of a variant of the Klez virus
    that hit the country recently are totally controllable by a
    combination of virus education, intelligent virus and general security
    protection and by ensuring that programmes such as Outlook Express and
    Internet are patched and updated to current patch levels," Sheppard
    The Klez virus hit Zimbabwe's Internet industry two weeks ago,
    completely shutting out more than 75 percent of the country's
    companies and individuals from the rest of the world.
    The virus affected access to the Internet by most companies and
    deleted their files or documents, sending a warning signal that
    Zimbabwe, as part of the global information village, must get its act
    together or suffer major losses soon.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon May 06 2002 - 03:43:10 PDT