Saturday, September 10, 2011
HACKERS STEAL ICC WITNESS EMAILS - THE STAR OF SATURDAY, 10 SEPTEMBER 2011 00:04 BY MATHEWS NDANYI
INTERNET spies have hacked into the email of ICC witnesses. Two witnesses under protection abroad confirmed yesterday that some of their emails had leaked and their confidential information was being circulated by some individuals. The hackers have now been able to identify the witnesses putting their security at risk. The hackers also gained access into the email communications of two human rights groups handling issues of the 2007-08 post-election violence in the Rift Valley. The Centre for Human Rights and Democracy and the Centre Against Torture are both based in Eldoret. CHRD programmes officer Nick Omito reported the matter to police in Eldoret where investigations have been launched. Eldoret deputy police boss Benjamin Onsongo said they would investigate the matter after recording statements from the complainants. “This may expose us to serious security risks and we have reported to the authorities to see how we can deal with the matter,” said one witness who expressed fear for his life. The two witnesses whose emails were hacked are from the Rift Valley region. Those responsible for the hacking are said to be people inside Kenya with interest in the hearings at the International Criminal Court. Omito said confidential information from CHRD had been leaked out and was being circulated on the internet. He said the NGO had taken action to protect sensitive information that the hackers were targeting from the CHRD email addresses. “Such acts are dangerous and obviously expose us to security risks,” said Omito. He said the hacking would not deter the CHRD from fighting for human rights and justice. The hacking comes two months after burglars broke into the CHRD offices in Eldoret and stole computers and laptops containing information on the post-election violence. Police are still investigating that break-in and theft. CAT offices were also raided and several items stolen from their office which has since been relocated for security reasons. One hacked email from a witness indicates he is dissatisfied with the protection programme under which they have been placed in various European countries. The hacking took place from last week as the ICC confirmation hearings began at the Hague. Eldoret North MP William Ruto, Tinderet MP Henry Kosgey and Kass FM radio presenter Joshua arap Sang appeared for the confirmation hearings which will determine whether they should face charges of crimes against humanity in a full trial. Deputy Prime Minister Uhuru Kenyatta, Head of Civil Service Francis Muthaura and former police chief Hussein Ali are scheduled to appear next at The Hague from September 21. In May I published the below article in the EAStandard about the need to protect your e-mails titled DO YOU KNOW HOW TO PROTECT YOUR E-MAIL? E-mails are no longer the novelty they used to be a few years ago. Apart from enabling social communication, e-mails have also become integral to businesses. Environmental concerns have also contributed to the commonality of e-mails. In an effort to conserve the environment computer users are exhorted to use e-mails instead of paper correspondence. All these factors have contributed to the acceptance of electronic messaging. We have gotten so used to e-mailing that we send them across an insecure internet without a second thought. We attach private testimonials, sales figures, marketing plans and other confidential files to our e-mails, hoping that no one opens them. Sending these unprotected emails is usually convenient in the short-term. However this insecurity can be very costly in the long-term. Ensuring that only the intended recipients are able to receive your e-mails requires secure e-mail transmission technology. The average computer user can employ various solutions and one of the most effective is S/MIME (Secure/Multipurpose Internet Mail Extensions) that is installed on individual PCs. This is a protocol that secures your emails by using digital signatures and encryption. By digitally signing an e-mail it is possible to prove who the sender of that e-mail was. However this does not stop anyone from reading it as it transits through the internet. Encryption then comes in handy by making sure that the e-mail is unreadable during transit. The signing works in tandem with the encryption and this makes it extremely difficult to intercept and read the e-mail. For free to use web-based emails PGP (Pretty Good Privacy) is another appropriate solution for that ordinary computer user. It is a signing and encrypting software that works well with the popular browsers like Firefox, Mozilla and Netscape and is widely used for encrypting and securing e-mails. The fundamental difference is that it embeds with your browser. Another solution would be to implement centralized encryption protocols that shift the encryption functionalities from the individual desktop to a dedicated e-mail gateway. An e-mail gateway is a server that connects two or more electronic mail systems and transfers messages between them. Encryption technology is integrated into these servers with other security components such as virus scanners and firewalls. This solution is however highly complex and expensive and would be unsuitable for the ordinary computer user. Whichever security solution you opt for remember that e-mails are increasingly targeted by hackers nowadays.