Kenya among the countries hit by espionage software

According to Kaspersky Lab, the attackers deliver the spyware via e-mail attachments such as Microsoft Excel, Word and probably PDF documents to unsuspecting victims. Photo/File
According to Kaspersky Lab, the attackers deliver the spyware via e-mail attachments such as Microsoft Excel, Word and probably PDF documents to unsuspecting victims. Photo/File 

Kenya is among five African countries hit by a new espionage software targeting information from government agencies and research institutions.

The new spying software known as “Red October” was detected this week by Kaspersky Lab despite having been in existence for the last five years.

It has been used to steal information from governments, embassies, the military and research institutes in different parts of the world.

“We knew of the attacks after an alert from our global cybersecurity networks. I cannot pinpoint the embassies but normally the attackers target countries they have a keen interest in,” said Information and Communications permanent secretary Bitange Ndemo.

In April last year Kenya Computer Incident Response Team (KE-CIRT) was established to monitor internet traffic in an effort to curb cybercrime.  

The Communications Commission of Kenya also invested Sh20 million last year in equipment to connect to other regional and global networks to monitor and tackle cyber crimes.

According to Kaspersky Lab, the attackers deliver the spyware via e-mail attachments such as Microsoft Excel, Word and probably PDF documents to unsuspecting victims.

Once a recipient opens the documents on a vulnerable system, the malicious code spreads and squats in the recipient’s computer where it initiates communication with servers controlled remotely by the attackers.

The software has the ability to steal live information, delete files and to deploy more malicious codes for gathering intelligence needed by the attackers.

The spyware, believed to be the work of Russian attackers, is also capable of infiltrating smartphones, networking equipment and removable hard drives.

KE-CIRT, a Moscow-based cybersecurity firm, said Red October was launched in 2007 targeting networks inside embassies and research institutes, trade and commerce offices; and energy, aerospace and defence firms in more than 20 countries.

The main objective of the attackers was to gather intelligence from the compromised organisations, which included computer systems, personal mobile devices and network equipment,” read a report released on Tuesday.

Most of the targets were in Eastern Europe and others in North America, Western Europe and Africa where the spyware also hit diplomatic missions of South Africa, Tanzania, Uganda and Congo.

Cybersecurity analysts said government agencies and even private firm will need to invest in detection software that sells at between Sh1 million and Sh5 million to guard against malicious attacks.

Such attacks have made cybersecurity a growth industry worldwide, spawning high demand for qualified professionals that has seen public agencies like KE-CIRT lose experts to the private sector.

Dr Ndemo said uncompetitive salaries made the government lose two years ago eight officers it had to trained to tackle cybercrime, posing a threat to ambitious digital projects being undertaken.

Cyber crimes such as violation of confidentiality, copyright and trademark infringement have been on the increase in Kenya since the landing of undersea fibre-optic cables in Mombasa three years ago.

Advanced economies like the US have been grappling with more sophisticated forms such as cyber terrorism, cyber warfare and cyber laundering.

Forensic experts

Over the past year, more than 2,000 websites in Kenya were hacked into with forensic experts estimating the crimes to have cost East Africa Sh3 billion annually.

William Makatiani, an analyst with Serianu Limited, a local cyber security firm, said the espionage software can squat on one’s computer without being noticed.

“The bad news is that most organisations or government agencies lack monitoring tools,” Mr Makatiani said.

“This kind of software cannot be detected by the anti-viruses and that is why it took Kaspersky’s such a long period to detect it.”

He advised public agencies and private companies to invest in intelligence software that gathers information on who accesses what files and from where.

Red October’s is the latest of several attacks that left more than 100 government websites compromised between January and April last year.

During the April attack, most of the sites allowed customers to access sensitive account information, upload documents or perform transactions.

The latest attack, however, differs from previous ones that mainly targeted banking institutions with an aim of stealing confidential information such as Personal Identification Numbers for use in Automated Teller Machines fraud.

Described as an ‘advanced cyber-espionage network’ Red October also uses information harvested from infected networks in later attacks.

Kaspersky noted that stolen credentials were compiled in a list and used when the attackers needed to guess secret phrases in other locations.

“To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries (mainly Germany and Russia),” said the report.

A survey by PricewaterhouseCoopers (PwC) Global Economic crime survey found that countries such as Kenya, South Africa and the UK had recorded a 40 per cent increase in fraud cases in 2011, threatening the drive towards a cashless economy.

Latest Central Bank of Kenya (CBK) data shows that the value of plastic card transactions in Kenya jumped 40 per cent to Sh214 billion in the first three months of 2012, despite rising insecurity and fraud cases.

The number of cards in circulation rose to 9.6 million in March 2012 up from 8.2 million in March 2011 with debit cards accounting for about 82 per cent of transacted values.