Djibouti (HAN) May 5. 2016. Public Diplomacy & Regional Security News.
Headline: Kenyan government was hacked (cyber crime) again last week
The Ministry of Foreign Affairs experienced what is known as a ‘social-engineering’ attack.
Social engineering is a pretty common attack that plays on the victim’s psychology by deceiving them into divulging confidential information.
In this case, staff at the Ministry were tricked into sharing their email passwords with the hackers. Using these passwords, the hackers managed to log into the staff email and harvested some not-too-sensitive data. This followed an attack in 2012 by an Indonesian hacker that took down 103 government websites. Although the ICT Cabinet Secretary Joe Mucheru has downplayed the impact of the attack, it does raise some pertinent questions.
1- Somalia: US comes to struggling AMISOM’s Aid – Africa Confidential reported
According to Africa Confidential report, “the African Union member countries are at odds, leaving US air power – and some propaganda – to make up for military failures. The international coalition against Al Harakat al Shabaab al Mujahideen has been relying recently on a war of words – as well as United States drones and Special Forces – to keep up pressure on the Islamist militia. The African Mission in Somalia’s (Amisom) member countries are experiencing chronic command problems which compromise their effectiveness; Burundian, Ugandan and Kenyan contingents suffered devastating attacks which they have struggled to respond to.”
2- Djibouti: Moving AFRICOM from Germany to Morocco or Somalia
The U.S. combatant command for the region has been stuck in Germany for eight years. It is time to make another attempt to find a host country in Africa, Somalia and Morocco may be the place.
Moving AFRICOM from Germany to Morocco or Somalia would show their recommitment to stabilize the regions of North Africa and East Africa. U.S. Africa Command, or AFRICOM, is “responsible for all U.S. Department of Defense operations, exercises and security cooperation on the African continent, its island nations, and surrounding waters.” Since its inception as an independent command in October 2008, AFRICOM headquarters has been located at Kelley Barracks in Stuttgart, Germany. Other command assets are located at Ramstein Air Base in Germany; in Italy at Vicenza and Naples; and at Camp Lemonnier in Djibouti. AFRICOM’s European headquarters was intended to be temporary, lasting only until a basing agreement could be reached with a partner country on the continent.
3- Protecting People: Can aid reform end Ethiopia’s repeated hunger emergencies?
Ethiopia-the Horn of Africa nation’s worst drought in 50 years has left her destitute, reduced to arguing with neighbors over the allocation of aid rations. “But there’s still this level of vulnerability and poverty that is persistent and that’s harder to turn a corner on.”
“Ultimately, there does need to be a vision for this not being a donor-financed safety net,” according to the Greg Collins, director of the Center for Resilience at the U.S. Agency for International Development (USAID).
Update: This year, one in five Ethiopians need food aid, with 8 million receiving support from the PSNP and another 10.2 million from a $1.4 billion humanitarian appeal. Millions of farmers and herders across Africa have been pushed into crisis by drought this year, raising questions about the ability of aid to break the hunger cycle, despite a resolve to do so after famine killed 260,000 people in Somalia in 2011.
4- Leadership Crisis: Turkey’s set AKP to call for extraordinary congress: rumors of PM resignation
According to reports that came after the PM met with President Recep Tayyip Erdoğan amid rumors of a resignation.
Mr. Davutoglu’s departure also deprives Turkey’s North Atlantic Treaty Organization allies of a critical partner.
Intel sources say the party will hold a congress soon, with the PM not running for the seat.
Presidential sources said no further statement would be made, noting only that the pair’s regular meeting had ended.
prime ministry sources said the party MYK would convene to discuss the matter of a congress. Erdoğan said “you should not forget how you got your post,” in pointed remarks before the meeting.
“There is no difference between a village head who could not win the hearts of the people in his village or neighborhood and a president who could not win the support of his people,” Erdoğan said in Ankara, addressing a group of neighborhood heads (muhtars) on May 4.
5- Saudi Arabia wages public campaign to boost reputation in Canada – $15-billion deal to buy Canadian-made combat vehicles.
Saudi Arabia is mounting a charm offensive in Ottawa this month that appears aimed at boosting its reputation among Canadians – or at least federal politicians – with a celebration of Saudi culture that will include folk dancers on Parliament Hill.
The Mideast country’s abysmal human-rights record has featured prominently in a growing controversy about a $15-billion deal to buy Canadian-made combat vehicles.
6- The Defense Secretary Ash Carter Says Fight Against Islamic State ‘Far From Over’
The Obama administration has made recent statements about “accelerating” the war against the Islamic State in the Middle East and retaking 40 percent of its territory, but Defense Secretary Ash Carter claims the war against the terror group is “far from over.” While speaking at the top of a 12 nation ministerial meeting in Stuttgart, Germany, Carter took a moment to recognize the sacrifice of an “American service member,” but did not mention the man by name or his service. However, Arizona Gov. Ducey identified the man as Navy SEAL Charles Keating IV. Keating died during an “extremely heavy, extremely intense” firefight with U.S. forces and Kurdish Peshmerga troops in northern Iraq on May 3. He was the grandson of Charles Keating, Jr., the Arizona financier at the center of the 1989 savings and loan scandal, which led to five U.S. Senators being accused of corruption. The senators allegedly involved were dubbed ‘The Keating Five.’ Carter and other officials are waiting a complete 24 hours to publicly share Keating’s name.
7- North Korea’s Jailing of U.S. Citizens Raises Specter of Travel Ban
North Korea last week sentenced Korean-American businessman Kim Dong-chul to 10 years of hard labor for alleged espionage. Weeks earlier, the country sentenced University of Virginia student Otto Warmbier to 15 years of hard labor on charges of stealing a propaganda poster. These incidents have some officials floating the idea of a travel ban to the isolated country. The U.S. State Department doesn’t typically restrict the rights of Americans to visit other countries, though it does issue travel warnings. In the case of North Korea, the warning states that “the risk of arrest and long-term detention” is high. Some lawmakers expect Congress to consider introducing a bill this year to help stem the flow of U.S. citizens traveling to North Korea. “If a travel ban is compelled anywhere, it’s compelled in a country like North Korea, which is under a series of U.N. Security Council resolutions for being a dire threat to its neighbors, and is responsible for crimes against humanity,” said Joshua Stanton, a Washington-based lawyer. Currently, about 5,000 to 6,000 Westerners travel to North Korea each year. The issue is complicated by the fact that extracting U.S. prisoners from North Korea is not easy. Any instance of freeing a prisoner has only happened by dispatching a high-level representative such as the President. A State Department spokesperson did not supply an answer when asked in March if a Libya-style travel ban could be imposed on North Korea.
8- Two Dead in Shooting at Knight Transportation Building in Katy, Texas
A Texas trucking company worker who was fired Wednesday returned and shot another man before he killed himself, according to officials. Harris County Sheriff Ron Hickman said another person was injured in the deadly shooting at Knight Transportation in the Houston suburb of Katy, Texas. Heavily-armed sheriff’s deputies continued to search the facility, but a lockdown was lifted at the nearby Franz Elementary School and the Morton Ranch High School. Hickman did not divulge any additional information about the injured person. Police said the victim was an employee who was shot in the face with a bean bag fired from a shotgun.
9- Cyber-security Confidential Sources Reported, “IT Leaders Pick Productivity Over Security”
Two new studies have highlighted the effect of poor cybersecurity practices. Barkly, an endpoint security company, released its 2016 Cybersecurity Confidence Report. It found that cybersecurity confidence is low, and revealed major flaws in how businesses and IT leaders approach security. There is a chronic lack of communication between the C-Suite and IT leaders, and this dissonance is slowing down overall productivity around the country. But slowing productivity is not the only culprit; IT professionals are simply abandoning effective security practices and making basic tasks needlessly difficult. For example, improper methods can make it difficult to calculate the return on investment for security, which in turn can impact the bottom line and the overall financial backing for a company’s security program. Another study from ISACA/RSA unveiled general apathy as a culprit and found that 24 percent of IT professionals “didn’t know” if user credentials were hacked or stolen or if hackers exploited their organization. Twenty-three percent were not even sure if they had experienced an advanced hack. Both studies show that businesses must reconsider their cybersecurity measures.
10- Breach in Security Allowed Gun on Kimball High School Campus
Parents will meet with the Dallas school superintendent on May 3, after a student brought a gun into Kimball High School and accidentally shot himself in the hand and leg. Dallas ISD Police Chief Craig Miller said that the student “actually came through the metal detectors,” and that the gun “was detected, but they were ushered on through the metal detectors.” Many parents now have questions about how the gun ended up on the school’s campus. “That’s still part of the investigation and we’re working on that,” said Miller. According to Miller, the metal detectors are typically staffed by school employees, not police or security officers. He would not comment on what problems the student may have been having at the school, but did acknowledge that a meeting with administrators and a parent had taken place. The district said it will interview the teacher and all students who were in the classroom where the shooting happened. Metal detector policy changes will be made if necessary.
11- BYOD Security Management Still an Issue for Businesses
Seventy-two percent of organizations, led by the financial services industry, support bring-your-own-device (BYOD) policies for all or some employees, according to a recent Bitglass survey of more than 800 cybersecurity professionals in the financial services, technology, healthcare, government, and education sectors. However, relatively few organizations can control access to corporate data, remotely wipe devices, or enforce device encryption. In addition, only 14 percent of organizations have successfully deployed mobile application management (MAM) solutions. “Regulated industries such as healthcare and financial services require that large numbers of users handle personally identifiable information, and the success of their business depends on their ability to protect customer data,” says Bitglass’ Rich Campagna. Fewer than half of organizations are doing anything other than password protection on BYOD devices, even choosing to forgo policy basics such as remote wipe and encryption. The report also found 62 percent of healthcare organizations see compliance as a top security concern because of HIPAA’s stringent requirements. Organizations across all sectors voiced concerns about data leakage, including 81 percent of financial services organizations, 90 percent of healthcare organizations, and 79 percent of education organizations. Finally, the report found device encryption was supported in only 36 percent of education organizations, 56 percent of financial services organizations, and 57 percent of healthcare organizations.
12- Headaches Likely to Grow Over Auto Cybersecurity Concerns
Issues related to automobile cybersecurity are likely to become more pronounced in the near future as experts attempt to eliminate risks, but federal auto cybersecurity standards are not expected until at least 2018. A new report from the U.S. Government Accountability Office (GAO) also cites expert opinion that it will be about five years before technologies for securing and authenticating the legitimacy of communications via in-vehicle networks are incorporated during vehicle design and production. According to the report, today’s vehicles often have multiple interfaces that make vehicle systems susceptible to cyberattacks. The onboard diagnostics port is one point of exploitation stakeholders are concerned with, while GAO also noted wireless attacks, such as those targeting weaknesses in autos’ built-in cellular-calling capabilities, present the biggest risk to passengers. Remote cyberattacks on auto systems are a source of concern, but some experts say attacks comparable to current hacking demonstrations would be difficult to accomplish. Most industry experts polled by GAO agreed automakers should place safety-critical systems and non-safety-critical systems on separate in-vehicle networks and restrict communication between them. Two U.S. industry groups are spearheading a push to set up an Automotive Information Sharing and Analysis Center to collect and analyze intelligence information and support a forum for members to anonymously share threat and vulnerability information with one another.
13- 4 Password Managers That Make Online Security Effortless
A good password manager can relieve the burden of memorizing complex logins and keep data secure. These tools encrypt login info and lock it with a single master password. There are several features to look for in a password manager. The first is password generation— the ability to create complex passwords out of letters, numbers, and special characters. The strongest passwords are long, random strings of characters. The second feature is auto-fill and auto-login. Ideally, a master password should be the only password a user should have to enter when using a password manager. Some will even auto-fill login credentials when visiting a specific site. A third feature to look for is secure sharing. A password manager should let a user share their password without compromising security. The next feature should be two-factor authentication, which will safeguard against unauthorized access to a users password vault. Lastly, the password manager should work on multiple devices and operating systems. CSO Online recommends several password managers, such as Last Pass, Dashlane, 1Password, or True Key by Intel Security.
14- Ransomware Trends to Watch in 2016 and Beyond
Much of ransomware’s staying power can be attributed to the creativity of malware authors. Using existing ransomware samples, cyber criminals tweak them to avoid detection while the viruses spread. Losses are mounting. The U.S. Federal Bureau of Investigation, for example, reported a loss of $18 million over a 15-month period in 2014 and 2015 due to such attacks. In 2015, the most significant forms of ransomware included teslacrypt, CTB-Locker, Social Engineering, and Operation Kofer. Given ransomware’s persistence, CSO’s, IT departments, and end users may face various challenges going into 2016. Hackers, like those currently running the Chimera campaign in Germany, may threaten people with the idea of exposing their encrypted personal information in public if the demanded ransom is not paid. Cyber criminal entrepreneurs may start offering ransomware as a service, creating a supply chain effect. Similarly, hackers will likely develop and use more sophisticated delivery mechanisms in order to extort money from their victims. The Android platform, already a target since 2015, remains particularly vulnerable to various attacks. Notably, as more common platforms, such as smartphones, become more secure and more companies and users become better educated about ransomware, hackers will likely begin to target less protected Internet-connected devices, such as smart TVs or cars.