Monday, January 28, 2008

The Kenyan ICT Bigwigs (Corporate) - Part 4

Mr. Robert Kariuki Mugo joined Flashcom in 2006 as the CEO. Flashcom is a locally owned CDMA (Code Division Multiple Access) wireless connection provider (local loop operator). He has over 12 years experience in the ICT industry. The University of Nairobi Electrical and Electronic Engineering graduate has been a pioneer in companies like Africa Online Kenya, Africa Online Holdings, UUNET Africa, UUNET Kenya and UUNET Communications.

Flashcom is growing in leaps and bounds under the stewardship of Mugo. It has managed to double its subscriber base in the wireless services and offers advanced voice services as well as data services on a single line.

Flashcom has bet on CDMA as the future wireless standard in Kenya. Its main competitors are Popote and Telkom Wireless who also offer services on CDMA.

Mugo contends that CDMA is the way to go due to its high quality voice, high speed data, efficient use of frequency and its low infrastructure framework.

Mugo has an ambitious plan of going regional by offering converged services offering voice, data and video as they plan on taking advantage of the fibre optic cable technology.

Flashcom has managed to maintain its stronghold in Nairobi due to the greater number of base-stations the company has in the area.

Kenya-Byte wishes Mugo future success.

Thursday, January 24, 2008

FORENSIC COMPUTING IN KENYA - PART 2

CHALLENGES


In the first part of the series we were able to establish the difference between ICT security and forensics. We outlined that computer forensics is the acquisition, examination, and reporting of information found on computers and networks that pertain to a criminal or civil investigation, although the same processes and methods are applied to corporate and other "private" investigations. Forensic computing will in the immediate future increase in importance for Kenyan companies, legal practitioners and law enforcers. There are a number of underlying reasons that demand we pay more attention to cyber crime and our attendant capacity to investigate and prosecute cyber offenders.

The first is that cyber-crimes are particularly lucrative because they are generally non-violent crimes. Secondly these crimes yield high profits despite low investment and risk. Compare this with a bank robbery which requires considerable organization, financing and risk. Cyber crime has a relatively low risk of capture and if caught and convicted the result is usually a relatively short prison sentence. Computer forensics and digital investigations have become an integral part of police work in the new millennium. Computers are now as much a part of the modern law enforcement officer's daily routine as the fimbo, sidearm, two-way radio, or handcuffs.

At the heart of a computer forensic investigation is digital evidence. Everything that someone does on a computer or a network leaves traces. Locard’s Principle of Exchange states that any person who enters a scene of crime leaves something behind and takes something from the scene with them. This applies to the physical and digital realms. In this instance deleted files, registry entries to the internet history cache, automatic word backup files, e-mail headers and instant messaging logs give clues as to the intermediate servers through which information has traversed. Server logs also provide information about every computer host accessing a web site.

Obtaining digital evidence and maintaining its integrity and admissibility is achievable. The problem is in conducting a successful prosecution. At this point in time - 2008 - various challenges confront the cyber forensic investigator in Kenya. They are mainly legal, financial, scope of jurisdiction, training, the ubiquitous and dynamic access to the internet, ignorance and the absence of a supervisory authority. I want to briefly discuss these challenges.

Various countries have introduced legislation that directly deals with cyber crime while others have reformed and modified their existing criminal laws to include this emerging crime. However many countries do not have adequate legislation that addresses cyber crime and this includes Kenya. Cyber crime laws, for example, protect certain rights and assets such as privacy and identity by rendering illegal the interception and unauthorized access to digital data and resources privately owned. They also provide legal frameworks that assist forensic investigators in achieving successful prosecutions. The United Kingdom for example has introduced various legislative initiatives over time, meant to specifically address cyber crime. These include the Computer Misuse Act (1990), the Criminal Justice and Police Act (2001), the Police & Criminal Evidence Act (1984) and the Regulation of Investigatory Powers Act (2000) among others. In the United States of America, legislation has also been introduced to combat cyber crime for example the Patriot Act (2001), Homeland Security Act (2002), Prosecutorial Remedies and Tools Against the Exploitation of Children Today (PROTECT) Act among many others. The absence of an integrated cyber legal framework in Kenya provides a great challenge to successful local cyber crime investigations and digital evidence gathering efforts. The Kenya Communications Bill 2007 proposes to create a number of new offences and to prescribe the maximum punishments to be meted out on offenders. It mentions various offences. They include tampering with a computer’s programme source code, availing an electronic signature certificate for a fraudulent purpose, interfering with the operation of mobile telephone equipment, hacking into a computer system, unauthorized access and publishing obscene information in electronic form. It is well and good for the bill to list punishable offences and prescribe penalties. What the bill has failed to recommend and spell out is the legal process of cyber crime investigation and digital handling in Kenya. This is absolutely necessary because it translates to the rate of successful prosecutions. This issue is especially relevant to our investors, for example call centers, which need a legislative umbrella that safeguards their operations (i.e. identity details and data handling).

Another challenge that confronts forensic investigators in Kenya is jurisdiction. The internet is borderless. Serious crimes are now facilitated by the internet where cyber criminals are in one country while the victims are located in another. Trans-national computer crime has emerged as a mounting problem due to the global nature of the internet. Developing countries are especially vulnerable due to the presence of inadequate cyber crime legislation. While international offending is by no means a uniquely modern phenomenon, the global nature of cyberspace significantly enhances the ability of offenders to commit crimes in one country which will affect individuals in a variety of other countries. Examples such as identity theft, Nigerian 409, scams and phishing are crimes perpetrated through the use of multiple servers in various countries. Cyberstalking and other child sexual exploitation activities have been dramatically enabled because of the global reach of the internet. We need to introduce relevant laws in Kenya that address this amorphous context of the internet. This is a global effort and we need to join other countries in this concerted effort of combating global cyber crime.

Global liaison is an area that also presents a challenge to computer forensic investigation. No area of criminal activity is more on the cutting edge or has greater global implications than crime involving technology and computers. It is evident that as the globalization of distributed computing continues, and as computer criminals become more sophisticated, law enforcement will increasingly need timely access to computer or telecommunication information from multiple countries. These efforts will require a global agency that coordinates them. Mechanisms would have to be introduced that cater for digital evidence interchange between countries, standardization of procedures, personnel training and investigation co-operation. Currently the International Police (Interpol), Virtual Global Taskforce and the Cyber Law Enforcement Organization are bodies attempting to provide the focus for global effort in fighting cyber crime. There is however a greater requirement to have a more concerted effort to strengthen these organizations and others so as to pre-empt fragmented national and regional efforts. Kenya needs to assign responsibility of regional and international digital co-operation efforts to a specific entity for example the yet to be established Kenya Police High Tech Crime Unit.

We are faced with a further challenge of training which has resulted in a shortage of adequately trained cyber forensic investigators. Training a computer forensic expert would result in an efficient and high job performance. A failure to provide sufficient training would leave investigators and their agencies vulnerable to court dismissals (either civil or criminal) and failure to effectively process digital evidence may exculpate an individual, or may result in failure to protect an organization in the event of a dispute. Competence is paramount. As has been stated before, the intricate process of gathering digital evidence and its presentation in court requires an investigator to have highly developed technical computer and legal skills. This training should ideally be found at the undergraduate and postgraduate levels in our local universities (e.g. Jomo Kenyatta University, Juja). This training is currently provided by Karman Security Services Limited which is located in Kitisuru and was founded in 2007 by former CID director, Mr. Joseph Kamau. This initiative is commendable and will go a long way in enhancing the computer forensic capacity in Kenya.

Directly related to the shortage of adequately trained computer forensic investigators is the limitation imposed by budgets or financial resources. Kenya is adversely affected by this problem. Law enforcement agencies are allocated budgets to fight crime. The budget is often inadequate considering the needs. Financial budgets are therefore allocated to various competing areas. Cyber-crime units compete for scarce resources with other criminal departments for example homicide (flying squad), tribal clashes, terrorism, rape, kidnappings, financial fraud, drugs, murder among others. Funds are required to finance computer forensic labs, train officers, purchase software and hardware equipment, logistics and finance computer crime legislation. This problem is global and is evident in the fact that only a small proportion of computer crime ever gets to be investigated and prosecuted by forensic investigators. A 10,000 dollar threshold is placed by most computer crime units in America. This means that if complaints are lower than this threshold then they are not investigated and instead manpower and financial resources are concentrated on computer crimes targeting banks, critical infrastructure, government facilities and high-impact sites. This situation puts the computer crime victim(s) at risk because they are forced to do most of the investigations and leg-work themselves. This is evident in most victims of online identity theft who are forced to launch investigations using their own resources. Financial institutions are also adversely affected by this state of affairs. Considerable resources are used to hire private forensic investigators to unearth fraud and criminal activities in these organizations. It is imperative that the Kenyan Police force establish a fully funded High-Tech Crime Unit. In as much as basic security provision is a problem that we are perennially grappling with in Kenya; I contend that cyber crime should be accorded its due attention and funding by our law enforcement agencies and the central government.

Another related challenge is the dynamic nature of information technology where software and hardware advances demand constant re-training and re-acquaintance. This can put a strain on a cyber crime unit that would want its officers to spend more time investigating cases than been in continuous training sessions.

In the next part of this series I will discuss the various benefits that Kenya would accrue from having an efficient and effective cyber forensic capacity.

Monday, January 21, 2008

Happy New Year Friends,

My most sincere best wishes to you for 2008. My last article was way back in August 2007. It was a difficult late last year for me due to the transition I was making. I am now back in Kenya for good and despite the post-election matata I am glad to be back home.

I studiously avoid delving into politics in this blog. However its pervasive and destructive onslaught threatens to smash our country into smithereens. As ICT professionals we have an obligation and responsibility to our motherland. The time has come to stand forward and be counted. I would appeal to all brothers and sisters to promote peace, love and unity. We have the power to build or destroy our nation. Let’s opt for the right thing.

Mimi bado najivunia kuwa Mkenya!!!

FORENSIC COMPUTING IN KENYA - PART 1

Sometime back I promised to introduce forensic computing and discuss its relevance to our nascent ICT sector. I will outline these aspects as a series.

In a previous article I mentioned that we cannot ignore the security of our ICT infrastructure. Just as we protect other resources, we need to appreciate the importance of safeguarding the Kenyan cyber highway from virtual fraudsters, muggers and other malignant characters. Note that computer forensics and security differ in definition though they are fundamentally complementary. ICT security involves the implementation of safeguards that protect against intrusion, mishaps and mistakes. Our dependence on ICT is steadily growing and is present in many different aspects of our lives e.g. public utilities (KPLC), communications (mobile telephony e.g. Safaricom), financial institutions (ATM’s), medical (diagnostic equipment) and others. ICT security will therefore involve the implementation of a security fabric that covers and protects the ICT resources of an organization.

This security fabric has various components woven into it and they include: physical security, operational security, information security, disaster recovery, access control, cryptography, auditing, laws and ethics. It is the responsibility of organizational management in Kenya to set the tone for what role security will play in their companies. Management must decide what data is valuable and needs to protected, who is responsible for protecting it and to what extent, to what extent employees may access and use the data, and what the consequences are for noncompliance.

Forensic computing on the other hand is about the detection and investigation of criminal activities committed online. To achieve this, the process of evidence gathering is fundamental. Forensic computing like any other forensic science involves the use of sophisticated and modern technology tools and procedures that must be followed to guarantee the accuracy of the preservation of evidence and the accuracy of results concerning computer evidence processing. Due to the special characteristics of digital evidence it is necessary to consider it separately and with special consideration.

Digital evidence comes in many forms and will include all physical evidence for example the computer the crime was committed against or used, peripherals, mobile devices and other physical storage devices like DVDs, CDs, memory pens, paper evidence, documentation and others. Evidence will also involve the examination of non-physical evidence e.g. registers, memory cache, virtual and physical memory, network status, all running processes and logical file systems.

Good practice must be adhered to in the evidence gathering process otherwise a case or prosecution would be easily jeopardized by sloppy handling. Evidence must comply with the rules for the same. One must account for any changes and the original evidence must be handled as little as possible. Evidence must be of high enough standard to withstand the test of a court process. This involves its admissibility, authenticity, completeness, reliability and believability. When handling digital evidence good practice principles must be adhered to. They are;

Principle 1 No action should be taken by a law enforcement agency or investigator to change data held on a computer, device or storage medium which may be relied upon in court.
Principle 2 In rare circumstances where original data must be accessed, that person accessing it must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3 An audit trail or other record or all processes applied to digital evidence should be created and preserved. An independent third party should be able to scrutinize these processes and arrive at the same result.
Principle 4 The person in charge of the investigation, the case officer, has overall responsibility for ensuring that the law and these principles are adhered to.

Due to the high quality demanded from gathering digital evidence, the computing forensic investigator must have substantial expertise in the methods and technology used. It is also necessary for the forensic expert to be well versed in legal procedures. We can therefore observe that substantial demands are made to the training and capacity of the computing forensic expert. He/she also requires a physical and legal environment that facilitates professional digital evidence gathering.

In the next part of this series I will discuss the various challenges (e.g. legislative/legal, financial, training etc) computer forensic experts face in Kenya and suggest various approaches we should adopt in surmounting these challenges.