Bruno Mwebaze an ethical hacker and tutor at the Institute of Forensic and ICT Security, says that there are simple things organisations usually ignore yet they are being explored by hackers to comprise systems.
experts have explained the weak links often used by cyber criminals to access
At the beginning of the month, yet to be identified hackers
broke into Uganda's mobile money systems and made off with billions of
shillings. The hackers compromised the system of a third-party integrating
service provider, Pegasus Technologies which links the mobile money systems of
telecoms with local and international banks and other financial providers.
Unconfirmed reports indicate that over 1.5 Billion Shillings might
have been lost by Airtel while MTN being the mobile money giant is believed to
have lost more than that amount.
Bruno Mwebaze an ethical hacker
and tutor at the Institute of Forensic and ICT Security, says that there are
simple things organizations usually ignore yet they are being explored by
hackers to comprise systems.
Mwebaze says avoiding cyber-attacks, is not an individual role but a
responsibility of every person within an organization. For instance, leaving an
open E-mail account, the untimely response of unusual behavior detected in a
system, sharing E-mail passwords, opening documents or E-mails in internet
cafes could all be a starting point for hackers.
//cue in “it’s not one…
Cue out “…next three months”//
Allan Sserwanga, another tutor at the institute explains that hackers have increased
their target on third parties. Third parties come in because companies’ systems
are designed differently.
//cue in “to integrate systems…
Cue out “…no longer reconciling”//
Peter Magemeso says soft wares such as Kali Linux, parrot and Ubuntu all can be
used for offensive and defensive purposes. For one to be secure, Magemeso says
you must know how to use such software to create attacks and how to use them to
defend your system from intruders.
//cue in “There are so many soft wares…
Cue out “…that network”//
Magemeso further explains that cyber intruders usually use two methods which
include phishing and man-in-the-middle. Phishing is the fraudulent attempt to
obtain sensitive information or data, such as usernames, passwords and credit
card details, by disguising oneself as a trustworthy entity in an electronic
With phishing, one creates a connection with a machine or system.
This happens when the system’s timeframe is about to expire or has expired.
Sserwanga, Magemeso and Mwebaze say ‘phishers’ keep monitoring whatever one
does on a computer and keep taking screenshots of whatever is being done.
//cue in “I will create…
Cue out “…malicious software”//
Mwebaze, Magemeso and Sserwanga are currently working with security agencies to
set up robust cyber units. They have trained cyber investigators and have been
hired to investigate unauthorized access to systems. Mwebaze says one incident
that left him shocked was when late last year a ‘phisher’ sent a photo link of
singer Rema Namakula’s honeymoon to a local bank branch’s manager.
Rema’s photo link caused the loss of millions of shillings since the manager
was doing computations on her computer. The incident was also captured in last
year crime report. To minimize cases of hacking systems, Sserwanga says
companies should organise regular cyber training to their staff.