Saturday, May 08, 2010


Cyber-criminals in Kenya are very much in tune with global criminal trends. The perpetrators of cyber-crime can generally be loosely divided into two categories. The first one consists of traditional crime organizations that have discovered that cyber-crime can be lucrative. These traditionalists have an established hierarchy and can be national or global depending on the availability of computer skill sets within the organization.

Cyber-crime to these traditionalists is another revenue stream like kidnapping, burglary, mugging amongst many others. The form of cyber-crime that these traditionalists engage in includes credit card skimming, identity theft and general fraud. Good examples, in Africa, are the Nigerian criminal organizations whose cyber-crime tentacles undoubtedly reach into Kenya.

The second group consists of skilled hackers who initially get together for other reasons apart from money. The initial motive might be to share technical knowledge but with time the collective goal translates into obtaining money illegally. This group is loosely structured and engages in technically demanding cyber-crimes for example hacking, denial-of-service attacks, coding of viruses and others.

There are a number of cyber-crimes that are perpetrated by both the traditionalists and the skilled hackers. One of them is the creation and control of botnets.

Botnets, also called bots, are malicious software programs that are loaded on a target system unbeknownst to the victim. This malicious software is installed through viruses like Trojans. Once a computer is infected with a botnet virus it is controlled through the back door. Infected computers are then controlled to distribute more malicious software such as keyloggers and forward transmissions such as 419 scams and spam.

Businesses have to be aware of botnet attacks because these attacks can spread like a pandemic across an organization. They therefore have to consider a botnet attack when evaluating risk. There are various ways businesses can protect themselves from these botnet attacks. They should participate in information sharing with law enforcement agents so as to better understand these threats. Secondly they should conduct stringent employee background checks. This will reduce exposure to criminal activity from inside.

Businesses should also implement a combination of detection, incident prevention and management. This means sensitive data should be secured with need-to-see access. Separation of duties should be enforced and strong authentication mechanisms employed.

The internet is simply a new medium to commit old crimes and botnets are a new vehicle. Botnet crime is a serious threat and local businesses should protect themselves.

No comments: