No Longer a Safe World

Fri, Apr 12, 2013
By publisher
16 MIN READ

Cover Box, Featured

Ebongabasi Ekpe-Juda, a security consultant, discusses how internet technology has made the world very unsafe in an interview with Olu Ojewale, general editor, Realnews. Excerpts:

Realnews: What is this cybercrimes or cyber warfare all about?
Ekpe-Juda: Cybercrime is a new face of warfare today in the world because less blood is spilled. In the internet warfare, little military reaction comes into play. What nations do now is that through the internet, they can shoot down a very significant infrastructure, like what happened to Iran in 2010. When Iran was just about to commission its new nuclear plant, a virus or a worm called Stuxnet was sent into the system. Stuxnet has the ability of reprogramming the logic box that people in the control room who are supposed to be watching the signal may not detect its presence. It works this way, you are at the control, when it gets to a certain level, you shut it down and put on another one. The signal keeps rising or going depending on the type they are using. It is like a temperature gauge in your car; when you are driving a car, and it gets into a hot red zone, you either stop the car or slow down or park and allow it to cool before you continue. But if someone gets to the logic box, the thing could be reading 10 when in actual fact it has got to 100. Before you know it, an explosion occurs. The Stuxnet has ability to re-programme the logic box. It works on the Alternative Data Streams, ADS, so that you, who are watching the data, would do a wrong reading whereas somewhere, there is a different story entirely. It also happened to the US National Aeronautics and Space Administration, NASA, when they were to commission or launch Endeavour. A virus was sent to hit the space craft on May 16, 2012. It did not take off. Stuxnet was also implicated in the BP Gulf oil leaks. People said the programme in the logic box did not show that there was going to be an explosion. But it happened. So, that’s how it works. It is a very fearsome worm that has been developed to fight nations. There are many of them. My book on the security awareness that your editor-in-chief edited for me has many cases. As he just finished it and I was looking at the correction, I got another alert that a new worm called MiniDuke has been discovered. These are happening on a daily basis. It is a preferred warfare strategy now because it involves minimal bloodshed unlike sending weapons of mass destruction which goes down and kills a whole lots of people in a place. There will be an outcry. But this one can do more than that one because it destroys physical critical infrastructures. Like in Nigeria today, one can send a worm into an electricity grid, it will blow up in one axis.

America has indentified 16 critical infrastructures that they are guarding very jealously that nothing must happen to them. These are oil and gas, gas pipelines, railway lines that carry millions of passengers a day at terrible speed, and others.

Actually, what we are calling virus today started as an experiment by students of Massachusetts Institute of Technology, MIT. They were playing with some things to see how they could affect some other things in the campus and they were able to come up with this. Other people have latched up to it and then doing some very terrible things with it.

Realnews: So this virus can be developed by anyone?
Ekpe-JudaEkpe-Juda: Yes, even by small nations. Unfortunately, the big ones that are coming up, what I called devastating discovery are now nation-state sponsored because of the heavy finances involved. But it means small nations can still do it. It is all like a big armament. Since you can’t build a plane, you are handicapped. Those who have the plane now bomb you. You can’t build a ship. But these small nations can actually develop their own virus or worms and send to big nations.  It is no longer lack of money, or size or capability. One nation can do it. That is the fearsome thing. This thing called drone in the US is part of it. You send through a computer and kill people they want killed. Nobody mans it. Some just sit at the control room and send it and do what you want to do.

Realnews: What do they want to achieve through this drone?
Ekpe-Juda: To me as a man of God, I can only say the world is coming to an end. That means we are getting towards the end of the world. That is what I can tell you. By so doing they are also coming up with things that we can use to destroy. When they came to Nigeria, I was very close to the man that brought ECONET to Nigeria. The man made a statement, saying that they were just manufacturing the phone for us, and that before they know it, we are going to do terrible things with the phone. That is what is happening. Someone who manufactured computer did not have the intention of criminality, but people are using it to commit crimes in different forms. So, all these point to the fact that, now we have graduated to doing chips. Very soon chips will be embedded in human body either in your thumb or forehead for us to do some things. We are moving towards that in a rapid speed. That has been predicted in the Bible. I see that as the fulfilment in the scripture that the world is coming to an end.

Realnews: Is internet attack preventable?
Ekpe-Juda: Yes. To a large extent, yes. If you have knowledge. The Bible says how will they know if they don’t teach them? If I don’t teach you what it is all about, you don’t know what it is all about. You are ignorant. That’s why in my small organisation, we go around training people on security awareness so that people will get to know what is happening in the cyber world and they can protect themselves. But unfortunately, I must say this, what people are rather doing is investing in technology that is not going to help so much. I say it is not going to help so much because in 2012, NASA had spent $58 million of its $1.5 billion budget for cybercrime and by May,  it had spent $58 million. It had suffered 13 major attacks and security breaches, in one year. It goes to show the extent which technology has failed because what will you do if you put all technologies here to log out for somebody. That technology is not going to work on its own. It is going to affect human beings. When the wetware, that is what we call human being, is not properly informed, he is vulnerable to attack. So, no matter the sophistication that you have, if the wetware is unprotected, uninformed, uneducated, you will still have these problems. I went to the Federal Airports Authority of Nigeria, FAAN, and I talked to the general manager, GM. He said with the equipment I have here, you can’t just bring in anything to disrupt our system. I laughed at him because he was talking as an ignorant educated person. What equipment does FBI not have? FBI was hacked into last year; Pentagon was hacked into last year. Five top US offices were hacked into last year. A small place like FAAN says it has equipment to log people out. I just laughed at the ignorance. So, the whole thing boils down to letting people know what can happen so that they don’t become victim.

Realnews: Is it just creating awareness that can save people from an attack?
Ekpe-Juda: Yes. In certain sections of the economy of the US, security awareness is done five times every year for those who have something to do with that place. Failure to do that, you are logged out of the system; the access is removed. You just have to do it. Knowledge is very important. I just finished writing a book, and another worm was discovered. I just have to put it in the book. Do I know if another virus will be discovered tomorrow? As they discover new ones it surpasses the ability of your technology. I went to a computer shop in Chicago in the US to buy an anti-virus. A young lady that attended to me said sir, you want to buy an anti-virus? I said yes. I said I want to buy a Norton, she said don’t buy a Norton. I asked why, she said Norton produces anti-virus and produces virus that make it useless. Anti-viruses are manufactured by an organisation and viruses are manufactured by organisations. So, they will tell you that you test it to see the beauty of what we have developed. They make it so you can upgrade it. People keep developing.

McAfee gave a figure that two million viruses are developed every month and  there are 286 million viruses in the world today. So your anti-virus may not protect you and it may not be able to work against what is discovered tomorrow.

Realnews: Does that mean that antivirus is useless?
Ekpe-Juda: No, it is not completely useless. What it means is that you must keep updating your antivirus even on a daily basis so that whatever has been discovered newly can also be captured by that, otherwise, you become stale. You put it and it is not able to protect you against anything. If you have not updated it to the level that it should be.

Realnews: Sometime ago, a television station in South Korea was completely shut down because of internet attack…
Ekpe-Juda: Yes. That was last week. They were hit. You know Pakistan and India are on a war-path. They send virus against each other regularly. The hack that happened at NASA was done by a company supported by a Chinese government. It is a mini warfare.

Realnews: So, what do they want?
Ekpe-JudaEkpe-Juda: So that they can stop you from what they don’t want you to do. Unfortunately, this is not a issue of having so much money. We have super powers, but there is no super power in cybercrimes. Everybody that decides to invest some reasonable money can become a super power. I said to you the other time that McAfee reported two million new computer viruses are identified monthly. McAfee is an antivirus producer. Smitech said there are 286 million malwares in function in the world today. One antivirus cannot fight all that. That is the ones they know. What about the ones they don’t know that are coming up?

Realnews: Since one cannot control people’s minds not to produce these viruses, what can one do?
Ekpe-Juda: What you should do is embark on developing your people. I don’t know what the Nigerian government is doing, but I know that governments have ethical hackers, people who hack for government establishments to discover vulnerabilities they have so that they can attack those vulnerabilities. I doubt if the Nigerian government has that. Ok, train people on hacking. Kevin Mitnick was a criminal jailed and banned from touching computers for some years by the US courts because of his criminality. Today, he is a consultant. You cannot talk about hacking without mentioning his name. He is known around the world. Now, he consults for governments and organisations on cybercrimes. He is doing very much on cybercrimes.

Realnews: What is the right attitude to deal with hackers?
Ekpe-Juda: The FBI reported that there is a town in Romania; all that people there do is hacking. The FBI picked them up, jailed them; they came out and continue. One of the viruses that hit the US establishment was traced to Belarus in Romania. Some countries are behind it. They have no oil and so, this is how they make their money.

Realnews: Who pays them to do that?
Ekpe-Juda: If your citizens become rich, they will pay tax to you. They will buy things in the markets and that will stimulate the economy.

Realnews: Is there any particular reason why people go into hacking. Is it for money, fame…
Ekpe-Juda: There are five types of hackers. There are those who do it for the fun of it. Children, for instance. There was a story of a 17-year-old Canadian schoolboy who sent a DDoS (denial-of-service) attack to CMM Computer organisation, Yahoo and eBay. When he was interviewed, he said he just wanted to see if it could be done. That’s for the boy. Some hack to make money. They hack to your establishment and stop you working and tell you to pay a ransom. Some do it as revenge. Like I said, India and Pakistan are currently at war on the net. They are not carrying any gun but they are committing colossal damages to the economy of their countries.

Some just want to embarrass you. You go to the chat room, you get friendly with somebody and you don’t know that he has planted a malware. Such thing happened to a lady film director in the US. She was in a chat room chatting with somebody, the person got close to her. Unknown to her they were taking her nude photographs. Then, they used it against her and she had to pay some ransom. They say some people do it just to embarrass you. They will just post your nude photographs on the net and people see it.

There are various reasons for hacking. It is a warfare strategy now through which to fight war. There was a malware called Gaze that was discovered in July last year. It was sent to the Middle East to monitor bank transactions so they can know who is funding Hezbollah. There are various reasons. There are political reasons, there are religious reasons, there are terrorist reasons for going into internet warfare.

Realnews: You mean it can be used by terrorists?
Ekpe-Juda: There is what is called cyber terrorism. It can be used. If Boko Haram were an enlightened group and they decide to hit the NNPC, and the corporation cannot function for two to three days, you know how much Nigeria would have lost? Or if they decide to hit the CBN and paralyse all the systems; can you imagine how much the country will lose by that? There is what is called zombie computer. They use computer to connect other million computers you don’t know to send DDoS attacks to people on operation.

Realnews: Whose responsibility is it to protect us from such attacks?
Ekpe-Juda: It is an organisation’s responsibility to train people, the governments, individuals and anybody who can use a computer. Anybody that has facility to go online can be hit. It is not until you are very big or very small. Anybody can be hit.

Realnews: Is it the same method that some youngsters who are engaged in yahoo, yahoo use?
Ekpe-Juda: That’s part of internet crimes. In the 60s, around 1968, there was this notorious armed robber in the US who was caught and interviewed. When they asked him why he robbed banks, he said that’s where the money was. Today, people go to internet to hack your credentials and your data because money is data now and it has a market. They sell these data. If I pick up your credit card now, I can sell it depending on how saturated the market is. Two to five dollars; two to $10. If I pick your bank details with your account number, with your soft code, I can sell it for any amount depending on how saturated the market is.

Ekpe-JudaLet me give you an information. Mac Goodman, a retired police chief, who worked at the Los Angeles police department in charge of internet unit, and now managing director of Data Security, Strategy and Investigation, firm attended a conference recently and gave some reports. He reported that for $10 you could buy a credit card that has a value of $25,000; for $700 you could buy a credit card that has $82,000 credit on it. You could buy physical credit card from $2 to $90. You could buy physical credit card with details for $190. A cloned card goes for $20 to $300. Fake ATM card goes for $35,000; bank credential go for between $700 and $800 with balances; design of fake online stores rental $800 to $2000 and so on. These are prices for which you can buy data in the market. The danger now is that I don’t need to be a computer savvy to get into this. I can rent a bonnet and send it to anybody I want to. So, that makes it fearsome.

A pastor friend told me this story. I don’t know how true it is. He said a man in Lekki has a phone that was sent to him from the US by his brother. If he comes to your organisation, all your security gadgets fail. And one day he was angry with the MTN for what it did to him and decided to hack into its system and start making calls free. I don’t know how true it is, but I know it is possible. Once it can be conceptualised, it can be done.

Realnews: Then, who is safe?
Ekpe-Juda: Nobody. Unless you don’t use a computer; unless you have nothing to do online. Nobody is safe. The only way to get protected is to have knowledge of it so, that you don’t fall victim.

Realnews: Is there no way around it?
Ekpe-Juda: The only way around it is for you to know so that you don’t fall victim. I receive torrent of mails every day. Last time, I was told that Dr. Sanusi Lamido asked them to write to me that if I was still in the US, that I should come and collect my benefits. I just laughed. Some would say their fathers and mothers died in a car accident and so they need people to transfer money. Some would say you have won an internet raffle and you should fill the following form. If you fill that form, you open yourself up for attack. Some clone bank data. They have done it. They ask you that due to the CBN directives that you should update your data and ask you to fill certain information online otherwise your account will be dysfunctional. They ask you to supply your bank details, and once you supply that, they will transfer all the money in your account and go away. That’s how bad it is. So, you need knowledge so that you don’t fall victim. Another thing is don’t open mails that you don’t know the sender.

— Apr. 22, 2013 @ 01:00 GMT

Tags:

One thought on "No Longer a Safe World"