Thursday, 30 June 2016

Digital Divide: Emerging Economy Cyber Alerts - June 30, 2016


Russian flag and map  
Russia’s Duma passed legislation on Friday, effective in 2019, that will require internet service providers to store copies of all phone calls and text messages for 6 months and all telecommunications metadata for 3 years, to be made available to law enforcement upon request. Not stopping there, the legislation also asks messaging app providers (like SumRando) to create government backdoors into otherwise secure communications.

Zimbabwean flag and map 
Zimbabwe’s Criminal Law Act and Postal and Telecommunication Act have thus far proved insufficient in countering and prosecuting cybercrime, reports the Zimbabwe Women Lawyers Association (ZWLA). In response, the government is working to develop an ICT policy that intends to provide the specific laws, definitions and provisions necessary for enhanced cybersecurity.


Brazilian flag and map 
As the 2016 Summer Olympics approach, Brazil has placed an increased emphasis on cybersecurity—efforts include a government-led task force as well as the presence of intelligence officials from 55 countries—but civil liberties advocates argue that established surveillance practices will continue to unfairly curb legitimate free speech. Currently, the military has the ability to block cellular signals and the armed forces are working to enable information-capturing surveillance tools.

Research and Initiatives

Indonesian flag and map

Indonesia lacks the budget to bring a proposed National Cyber Agency to fruition. Instead, the National Resilience Institute and the Communication and Information Ministry will rework their functions to more directly address cybersecurity.

Kyrgyzstani flag and map

Kyrgyzstan recently hosted Central Asia’s first Internet Government Forum, an opportunity for state authorities, telecommunication experts, internet service providers, researchers and NGOs to discuss cybersecurity and internet access. Stated the OSCE Centre’s Daniele Rumolo, “Governments must ensure that all stakeholders, including civil society, business actors, and internet-users, are consulted and continuously involved in [regulating the internet].”


Kenyan flag and map

Compliance, forensics and cyber expert Patrick Matu recently noted that cyber incidences in emerging economies routinely go unreported, creating the misconception that regions such as East Africa do not suffer from cyberattacks, when in fact, Kenya’s annual loss to cybercrime is an estimated $23 million USD. Despite having a National Computer Incident Response Team Coordination Centre and a national cybersecurity strategy, Kenya's public and private sector organizations still need to better understand policy implications.

All images credit of BOLDG/
Want more emerging economy cyber alerts? Read on!

Have valuable insight to share from your part of the world? Write for us!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday, 29 June 2016

SumTips: 3 Ways Brexit Will Influence Your Cybersecurity

Brexit flag and mobile device
[Image source: Hamdi Bin Zainal/]
As the initial shock in response to Brexit (Great Britain’s vote to exit the European Union) wears off, in its place are legitimate questions about what this change could mean for cybersecurity worldwide. The process of exiting the EU will take a minimum of 2 years, and some argue it could take as long as 6 years or even never come to fruition at all.

If and when Brexit does occur, however, there is little to fear in terms of data protection: it is predicted that Britain would elect to conform to the standards established by the EU’s highly regarded General Data Protection Regulation (GDPR), effective May 2018.

The trouble that Brexit will bring for cybersecurity are the problems that erecting new borders always brings:

1.    Less information sharing and cybercrime collaboration. Brexit would limit the United Kingdom’s access to EU agencies such as Eurojust (judicial cooperation regarding criminal matters) and Europol (law enforcement intelligence) and complicate its ability to extradite foreign suspects. However, in a world where governments often double as cybercriminals, it remains to be seen whether less collaboration would help or harm the average digital citizen.

2.    Less innovation. The United Kingdom’s talent pool will inevitably shrink, leaving the country even less able to compete with the United States’ already-dominant tech industry. Further concerns include the loss of UK government investment in EU cybersecurity startups (currently, the government invests in both EU and UK enterprises) and whether UK-based companies with EU employees will choose to relocate elsewhere.

3.    Greater insecurity in general. Brexit has created more questions than answers, which is a dangerous place to be, cybersecurity-wise. “Security always suffers in times of uncertainty. What’s happened is unprecedented and there is a lot of confusion as to the next steps. This is the kind of chaotic environment in which insecurity thrives,” reported A.N. Ananth, CEO of EventTracker.

We have yet to see what exactly Brexit will bring, but in the meantime it serves as a valid reminder of the fragility of cybersecurity and the need for individuals to continue to protect themselves online.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday, 23 June 2016

Digital Divide: Emerging Economy Cyber Alerts - June 23, 2016


Ethiopian flag and map 

Ethiopia has a new cybercrime law. The government maintains that the “Computer Crime Proclamation” will prevent and control potential cybercriminals; others argue that its criminalization of otherwise legitimate speech such as defamation and spam will only enhance the government’s ability to silence dissent. If you're scared, we are too: 'inciting fear' is one of the law's many reasons for imprisonment.


Iranian flag and map

Iran’s 20 million Telegram messaging app users are at “severe risk” of finding their data compromised, reports the Committee to Protect Journalists. Without end-to-end encryption or the Signal encryption protocol, users of Telegram have little reason to trust their communications are safe in this heavily censored and monitored country.

Research and Initiatives

South Korean map and flagKorea University’s Center for Information Security Technologies (CIST) has launched the Center for Cybersecurity Policy, which aims to establish itself as a premier cybersecurity policy think tank, akin to the United States’ Center for Strategic and International Studies (CSIS). The South Korean Center’s six offices include the cybersecurity research office, the personal information protection research office and the cyber peace and human rights research office.

Indian flag and mapDuring a talk titled “Securitisation of Digital India,” Gulshan Rai, India’s National Cyber Security Coordinator, recognized a need for change both within and beyond India’s borders. Rai called for an increased emphasis on internal skill and capacity building in addition to developing more Indian-made software and hardware, but also acknowledged the importance of creating an international legal framework to protect the multitude of data that is no longer contained by national boundaries.

Israeli flag and map 
Israel hosts its 6th annual International Cybersecurity Conference this week, providing an opportunity for corporations, policy makers, researchers and startups to confront cybersecurity threats and discuss solutions. The conference, also known as Cyber Week 2016, is organized by the Blavatnik Interdisciplinary Cyber Research Center of Tel Aviv University, the Israeli National Cyber Bureau and the Israeli Ministry of Foreign Affairs.


South Africa flag and map

South Africa has experienced its share of Anonymous Africa this week: the websites of the South African Broadcasting Corporation (SABC), the Economic Freedom Fighters (EFF) and Ajay, Atul and Rajesh Gupta’s Oakbay Investments all experienced temporarily debilitating distributed denial of service (DDoS) attacks within a span of days. According to the hacktivist group, “We target corrupt and/or racist individuals, corporations and parties.”

Russian flag and map 
Since 2014, Cyber Caliphate has carried out cyberattacks worldwide, purportedly on behalf of the Islamic State. Recent investigations, however, have led Western actors—including the United States, which engaged in cyberwarfare against ISIS in response—to conclude that Cyber Caliphate is in fact a Russian operation, capitalizing on and hiding behind the name of ISIS to carry out its own initiatives.

Indonesian flag and map

Bank Indonesia’s website recently suffered a distributed denial of service (DDoS) attack. Although no money was lost, the Indonesian central bank responded by preventing 149 regions, including several African nations, from accessing its website in the future.

All images credit of BOLDG/
Want more emerging economy cyber alerts? Read on!

Have valuable insight to share from your part of the world? Write for us!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando! 

Wednesday, 22 June 2016

SumTips: Eight Ways to Protect Your Mobile Device When Traveling

Woman in train station with device
[Image credit:]
Solstice has arrived, which means it’s summer in the north, winter in the south and travel time for individuals everywhere.

Before you board your next flight, however, remember that cybercrime is a problem far from being solved. McAfee recently estimated that the annual global cost of all cybercrime exceeds $400 million and a United Nations study found digital theft to affect between 1 and 17% of the online population (as a comparison, physical crime affects less than 5%). Significantly, these stats are based on reported incidents, yet 80% of cybercrime goes unreported.

Airports and hotels are two of cybercrime’s biggest targets, so when planning your next trip, take a moment to protect your digital security:

  • Disable auto-configuration so your device does not automatically connect to an open network without your approval.

  • Update your device's operating system and security software to the latest versions. Cybercriminals love to exploit old software before it is patched. 

  • Keep your device with you. Don’t leave your device in your hotel room—not even in the safe—and don’t set your phone on a bar or restaurant table. For additional protection, keep a hand on your device while chatting with your barstool neighbor and make sure your device is password protected. One more tip: Use only your device and not public computers. Cybercriminals know to install keylogging software on accessible computers, allowing them to learn your keystrokes and break the strongest of passwords. 

  • Only use password-protected public Wi-Fi. Remember that free access points are routinely established with malicious intent. Even when logged into authentic public Wi-Fi, further protect yourself by refraining from sending sensitive information like banking or financial transactions.   

  • Confirm your hotel’s Wi-Fi network and make sure it is properly secured. Hackers are stealing holidays of their own by creating bogus hotspots with similar or vague names ("Hotel Free Wi-Fi," for example) that show up alongside authentic networks and even installing malware through pop-up windows on hotel networks. 

  • Use secure browsing. If a URL doesn’t have https://, it isn’t encrypted and shouldn’t be used. 

  • Use SumRando VPN. Never use public Wi-Fi without a VPN. Our free 1 GB plan will protect your data throughout your holiday travel, whether you’re on Windows or Android. 

  • Use SumRando messenger to communicate securely with loved ones back home. Our encrypted messenger is free and allows you to chat without worrying about eavesdropping government censors or cybercriminals.

Happy Solstice, Randos!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday, 21 June 2016

SumVoces: Transparencia y protección de datos, las herramientas que Venezuela necesita

Nuestra última entrega de SumVoces contó Rim Hayat Chaif de Argelia, en inglés y árabe. Este mes os traemos abogada venezolana y activista de derechos digitales, Marianne Díaz Hernández, en inglés y español.

Abogada venezolana y activista de derechos digitales, Marianne Díaz HernándezLa omnipresencia de la tecnología está justo en el límite de convertirse en algo que ya no notamos, algo que damos por sentado y en lo cual no pensamos demasiado. A medida que esto sucede, las entidades a cargo de proveer servicios tecnológicos sólo incrementan la cantidad de información que recolectan de nuestras actividades, y tanto compañías como gobiernos utilizan esta información para su provecho, en ocasiones en contra de las leyes de privacidad, pero incluso más aún en lugares donde estas leyes no existen. En Venezuela, no existen leyes en relación con la protección a los datos personales, incluyendo su recolección y su manejo. Al mismo tiempo, el gobierno está recabando enormes cantidades de datos (desde huellas digitales hasta consumo de alimentos) y cerrando esta información tras cercos, haciéndola inaccesible a los ciudadanos y a la sociedad en general.

Mientras por un lado, los datos personales y los metadatos son recabados sin seguir ningún estándar, y las comunicaciones privadas son violadas de manera regular, por otro lado, la información gubernamental es inaccesible o está enterrada profundamente bajo capas interminables de burocracia. El principal argumento contra el alegato de que Venezuela tiene las tasas de inflación y de homicidios más altas del mundo, yace en el hecho de que no hay cifras oficiales para éstos o para un sinnúmero de otros asuntos públicos: enfermedades y epidemias, distribución de alimentos y escasez, hambre y pobreza, así como los indicadores económicos, son publicados sólo a conveniencia del gobierno y no pueden ser solicitados por los ciudadanos. Un par de años atrás, una organización no gubernamental solicitó información con respecto a cuántos sitios web estaban siendo bloqueados por el gobierno (alrededor de 1.500, de acuerdo con investigaciones independientes) y las razones y procedimientos para tales bloqueos. La respuesta del Tribunal Supremo fue declarar que toda la información de telecomunicaciones era “secreto de Estado”, y que esta ONG no tenía derecho a requerir tal información.

La falta de estándares legales en torno al acceso a la información puede ser dañina tanto para la transparencia como para la privacidad. No haber establecido qué datos son considerados públicos (y deben ser liberados) y qué datos son considerados privados (y deben ser protegidos) puede crear un entorno en el cual la información fluye de acuerdo a los intereses particulares de los actores públicos y privados que detentan el poder, en lugar del interés público. Como ciudadanos, la falta de control que tenemos sobre nuestra información privada puede ser usada como herramienta para la opresión, la censura y la presión política. En el caso de Venezuela, por ejemplo, la interconexión de la información biométrica, que es usada en los sistemas electorales así como en los sistemas de distribución alimentaria, es percibida por muchos ciudadanos como si pudiera tener un impacto directo en su capacidad para alimentarse a sí mismos y a sus familias. Como consecuencia, las personas podrían sentir propensión a restringirse de involucrarse en la vida política del país, como una medida de autopreservación.

La Asamblea Nacional venezolana se encuentra debatiendo el proyecto de una ley que, de ser aprobada, se convertiría en la primera en regular el manejo y publicación de información pública. Esta ley podría proporcionar a los ciudadanos las herramientas legales para requerir información pública del gobierno, así como mecanismos de rendición de cuentas, en el caso de que los servidores públicos no cumplan con su obligación de liberar información pública. Aunque esto podría parecer un estándar mínimo para los datos abiertos, para Venezuela significaría un cambio trascendental en la forma en la que las políticas públicas son creadas y aplicadas, y en la manera en la que los ciudadanos podrían involucrarse en la creación de políticas públicas y la rendición de cuentas. Es una gran oportunidad para crear un conjunto de estándares en torno a la información pública, así como a los límites entre lo público y lo privado, junto con mecanismos que permitirían a los ciudadanos tomar medidas para proteger su información personal que yace en manos de actores estatales. Mientras la capacidad de obtener información en torno a procesos y políticas públicas es una poderosa herramienta para la transparencia, la innovación y la lucha contra la corrupción, la capacidad de controlar la forma en que nuestros datos personales son recabados, tratados, almacenados y compartidos podría ser una de las garantías más importantes que podemos ganar para la protección de nuestras libertades en línea.

Marianne Díaz Hernández contribuyó con anterioridad a SumVoces con "Digital Security Starts With Contextual Risk Assessment" ("La Seguridad Comienza digitales con el Análisis de Riesgos contextual"). Ella está involucrada en iniciativas como Creative Commons Venezuela y Acesso Libre y contribuye a Global Voices y el blog de Amnistía Internacional. Seguirla @mariannedh.

¿Quieres más SumVoces? Sigue leyendo!

SumRando Cybersecurity es un proveedor de VPN, Proxy Web y Mensajero Seguro basado en Mauricio. Bajo el Radar y Totalmente Seguro.