wazua Tue, Nov 12, 2024
Welcome Guest Search | Active Topics | Log In | Register

Data Maniacs
murchr
#1 Posted : Thursday, January 15, 2015 8:28:52 PM
Rank: Elder


Joined: 2/26/2012
Posts: 15,980
Seems like hacking into the corporate databases has now become the norm in Kenya, the latest hack happened at NIC BANK (For all with accounts there..not that i want to cause panic..but be very afraid). Are Kenyans aware of the outcomes of data breaches? Identity thefts and such like stuff?

I once was told of how someone had hacked into a banking system and inserted a phrase on the code such that for every 10000 deposited 1/- goes into their accounts.

Is Kenya ready or exposed?
http://www.businessdaily.../-/fdi7i3z/-/index.html

http://www.businessdaily...4/-/i15pfsz/-/index.html
"There are only two emotions in the market, hope & fear. The problem is you hope when you should fear & fear when you should hope: - Jesse Livermore
.
kalenjinherdsboy
#2 Posted : Thursday, January 15, 2015 8:49:35 PM
Rank: New-farer


Joined: 1/3/2015
Posts: 86
Location: Bomet
From my understanding of the story, these fellows were outside consultants hired at the bank. I would speculate that they took advantage of assigned access rights and poor supervision to carry out their mission.

To your second point, data protection laws in Kenya are non-existent although the bank might have failed to meet industry standards. If that can be proven then the industry regulator could raise some issues.
murchr
#3 Posted : Thursday, January 15, 2015 8:54:17 PM
Rank: Elder


Joined: 2/26/2012
Posts: 15,980
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights
"There are only two emotions in the market, hope & fear. The problem is you hope when you should fear & fear when you should hope: - Jesse Livermore
.
kalenjinherdsboy
#4 Posted : Thursday, January 15, 2015 9:02:15 PM
Rank: New-farer


Joined: 1/3/2015
Posts: 86
Location: Bomet
murchr wrote:
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights


Maybe mobile banking? We can't honestly say.

The bank will hide behind reputational risk to prevent disclosing the details of this case.
vky
#5 Posted : Friday, January 16, 2015 1:01:27 AM
Rank: Member


Joined: 6/17/2010
Posts: 572
kalenjinherdsboy wrote:
murchr wrote:
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights


Maybe mobile banking? We can't honestly say.

The bank will hide behind reputational risk to prevent disclosing the details of this case.


if indeed they were retained by the bank then they are information security guys who are hired by institutions to test the vulnerability of institutional IT systems where very few people in the company know that they have been hired, they are hired to look for ways to hack into the company's systems but they do not interfere with anything after gaining access instead they help companies strengthen the holes that gave them access in the first place.
'One headache for famous medieval holy people was that someone might murder you to acquire your body parts for the relics trade'
murchr
#6 Posted : Friday, January 16, 2015 1:43:08 AM
Rank: Elder


Joined: 2/26/2012
Posts: 15,980
vky wrote:
kalenjinherdsboy wrote:
murchr wrote:
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights


Maybe mobile banking? We can't honestly say.

The bank will hide behind reputational risk to prevent disclosing the details of this case.


if indeed they were retained by the bank then they are information security guys who are hired by institutions to test the vulnerability of institutional IT systems where very few people in the company know that they have been hired, they are hired to look for ways to hack into the company's systems but they do not interfere with anything after gaining access instead they help companies strengthen the holes that gave them access in the first place.


It would be great if that was the case, but why is NIC suing them? And what about the payment in bitcoins?
"There are only two emotions in the market, hope & fear. The problem is you hope when you should fear & fear when you should hope: - Jesse Livermore
.
kalenjinherdsboy
#7 Posted : Friday, January 16, 2015 7:43:56 AM
Rank: New-farer


Joined: 1/3/2015
Posts: 86
Location: Bomet
vky wrote:
kalenjinherdsboy wrote:
murchr wrote:
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights


Maybe mobile banking? We can't honestly say.

The bank will hide behind reputational risk to prevent disclosing the details of this case.


if indeed they were retained by the bank then they are information security guys who are hired by institutions to test the vulnerability of institutional IT systems where very few people in the company know that they have been hired, they are hired to look for ways to hack into the company's systems but they do not interfere with anything after gaining access instead they help companies strengthen the holes that gave them access in the first place.


From past experience those reports gather dust after submission. No surprise as many IT departments are overworked and undermanned.
D32
#8 Posted : Friday, January 16, 2015 8:40:49 AM
Rank: Member


Joined: 2/16/2012
Posts: 808
kalenjinherdsboy wrote:
vky wrote:
kalenjinherdsboy wrote:
murchr wrote:
I would like to know what they were hired to do. NIC should fire that DBA with immediate effect. How do you assign rights that could sabotage you to an outsider. Even employees are not assigned all rights


Maybe mobile banking? We can't honestly say.

The bank will hide behind reputational risk to prevent disclosing the details of this case.


if indeed they were retained by the bank then they are information security guys who are hired by institutions to test the vulnerability of institutional IT systems where very few people in the company know that they have been hired, they are hired to look for ways to hack into the company's systems but they do not interfere with anything after gaining access instead they help companies strengthen the holes that gave them access in the first place.


From past experience those reports gather dust after submission. No surprise as many IT departments are overworked and undermanned.


One of the basic security 101's is to encrypt the data, and not to keep the data in the DB in plain text. This will mean that even if an intruder manages to steal the data, the intruder will not be able to decrypt without the encryption key & algorithm, this means that the other thing that will need to be done well is the safe storage of the encryption key & algorithm.
They tried to bury us, they didn't know we were seeds.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Copyright © 2024 Wazua.co.ke. All Rights Reserved.