Monday 28 September 2015

Mexico’s 43 Disappeared Students: Your News or Ours?

In September 2014, 43 students disappeared from Iguala, Mexico; an ensuing government investigation held a local gang responsible for the students' murder. This September, in light of evidence to the contrary, their parents have asked the government to let an internationally-regulated special unit further investigate. As always, this one event has several stories to tell:


[Source: DN.se]

 While Brazil's El País lent a kind word--if not picture--to Mexico's president:
[Source: El País]

Only to be countered by Reuters’ United States edition:
[Source: Reuters]

 As Mexico’s La Jornada shifted the focus away from parents and president altogether:
[Source: Victor Camacho/La Jornada]

The news you receive depends on where your internet service provider believes your computer is. See for yourself with our nodes in Brazil, Hong Kong, Jordan, New York, Singapore, Sweden and Turkey. Discover what's out there, surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando! 

Thursday 24 September 2015

Rejoice, World: U.S. Government-Mandated Backdoors Are Unlikely

Ask a U.S.-based CEO what he really thinks about government backdoors for encrypted technology and he’ll have little need for nuance.

Paul Kafasis, Rogue Amoeba, United States, government-mandated backdoors
Rogue Amoeba's Kafasis: "Backdoors are a terrible idea."
Rogue Amoeba’s Paul Kafasis recently told us, "Government-mandated backdoors are a terrible idea, and they’re virtually sure to be exploited. Look no further than the TSA locks. The master keys for these locks are widely spread, and recently, a photograph of all the keys was published. Now, the locks are right and truly compromised for everyone, all due to a government-mandated back door.”

It’s a sentiment frequently expressed by members of the United States tech industry and one that has thus far held off mandated backdoors. As a waffling United States government inches closer to making a definitive statement one way or the other, SumRando can’t help but acknowledge the significant implications legislation will have for the world beyond America that is largely dependent on U.S. products and services. As SumRando’s CEO recently pointed out, “It’s an oversimplification to think that one country’s concerns and policies exist in isolation.” 

For all you Randos out there wondering what will come next, we have some good news: a document leaked earlier this month to the Washington Post implies that encryption worldwide just became a little safer.

The document, said to have been written by U.S. National Security Council members, outlines three potential strategic approaches to government policy regarding encryption, none of which are pushing for government-mandated backdoors in the near future :

Option 1: Disavow Legislation and Other Compulsory Actions, self-labeled “the strongest option for cybersecurity, economic competitiveness and civil liberties and human rights,” acknowledges that:               
  • Government backdoors are not a “secure, practical solution” to law enforcement information gathering.
  • Because U.S. technology is used around the globe, mandating vulnerabilities “makes all of us less safe.”
  • “Domestically, many privacy and civil liberties advocates would regard this approach as a significant step in defense of privacy and free expression around the world.  If other nations follow our lead or companies successfully resist country demands, this approach could limit repressive regimes’ willingness to demand access to encrypted information, which likely would help protect dissidents and other communities in danger of human rights violations."

Option 2: Defer on Legislation and Other Compulsory Actions calls for further public discussion before drafting legislation while also acknowledging that the tech industry is unlikely to voluntarily comply with government-requested backdoors.

Option 3: Remain Undecided on Legislation or Other Compulsory Actions would allow competing messages—Obama’s belief that “there is no situation in which you wouldn’t want strong encryption” alongside a general government desire for greater access to communications—to continue to exist, potentially eroding trust in the credibility, accountability and effectiveness of the U.S. government.

We anxiously await which option Washington will launch this fall, but can’t imagine that the public would accept anything less than the “strongest option for cybersecurity, economic competitiveness and civil liberties and human rights.”

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando! 

Tuesday 22 September 2015

SumRando Speaks: 5 Questions with Kaspersky Lab’s Bethwel Opil

Our last installment of SumRando Speaks featured our very own CEO and Founder. This week we bring you an interview with Kaspersky Lab Africa's Bethwel Opil, who shares the influence Kaspersky has had on law enforcement in London and digital development in Gabon; the state of cyber infections in Africa versus the Middle East; Kenya's recent steps towards enhanced cybersecurity; and valuable tips to remain secure both on and offline.

Describe the work you do for Kaspersky Lab and why you do it.
Kaspersky, Bethwel Opil, SumRando Speaks, cybersecurity, Africa, East Africa, Kenya, Gabon, London
I am the Channel Sales Manager of East Africa for Kaspersky Lab. Among my responsibilities are driving the business by developing quality plans within the Partner businesses and working with key C-level executives. I lead channel business development and partner segmentation and selection across the entire Eastern Africa region. I need to ensure the Partners are equipped to compete effectively and to provide the Kaspersky Lab product offering to businesses and consumers in the region. I plan, define, execute and manage Marketing and Sales Programmes in liaison with the Marketing manager, Consumer and Corporate Retail Sales Managers for Sub-Saharan Africa. And of course I need to check the cybercrime situation, market conditions, trends or changes in the industry.

Given the growing interest in cybercrime and as a result the growing hacking and cybercriminal community (globally but which also impacts East Africa), my role at Kaspersky Lab is important - as the brand is not only passionate about raising awareness on security issues among businesses and consumers of cybercrime realities, but also on the necessary protection around this and of course supplying solutions that can offer this much needed protection in this region.

What is Kaspersky Lab's greatest success to date?
With a belief that everyone – from home computer users through to large corporations and governments – should be able to protect what matters to them most, Kaspersky Lab has had many successes to date. We openly share our knowledge and technical findings with the world’s security community and publish our research for the wider public to encourage collaborative security practices and increased international cooperation. We work together with the global IT security community, international organisations, national and regional law enforcement agencies (e.g. INTERPOL, Europol, Microsoft Digital Crimes Unit, The National High Tech Crime Unit (NHTCU) of the Netherlands’ Police Agency and The City of London Police), as well as Computer Emergency Response Teams (CERTs) worldwide. In particular, in 2014 Kaspersky Lab joined forces with the City of London Police - to educate police forces on ways to tackle cybercrime. Cybercrime plays a huge part in fraud offence numbers today, with seven out of ten scams now Internet-related, according to the National Fraud Intelligence Bureau. The complex and alien nature of such crimes, however, means that they are not only difficult to combat, but also to detect and understand. To help tackle the rise in cybercrime, City of London Police enlisted Kaspersky Lab to train its police officers at all levels on these ever-growing threats. This innovative training programme was the first of its kind with UK law enforcement, and aimed to provide the skills and knowledge to identify and resolve these sorts of crimes – from an individual victim encountering fraud during an online shopping-spree to a business losing thousands of pounds from a targeted attack.

Another project I would name is our current work on different aspects of cybersecurity with the National Agency of Digital Infrastructures and Frequencies (ANINF) of Gabon. ANINF is the Gabonese government agency responsible for implementing a digital development strategy in the country, for planning, installation and application of all digital projects, including telecommunications, audio-visual and IT in the country.

From an East African perspective, Kaspersky Lab has shown success in market share, and in East Africa we have been at the fore front of educating the public about cyber security. The brand is also protecting some of the largest businesses in East Africa, which is testament to our expertise and solid product offering.

You are based in Kenya, but Kaspersky Lab operates in nearly every country in the world. From your perspective, are the issues faced in East Africa regarding digital privacy and net neutrality unique or are they similar to those faced elsewhere? 
With the Internet, widely spread all over the world, cyberthreats have global reach, though some countries and regions are attacked more often than others are.
Based on our statistics of Kaspersky Security Network, South Africa, Nigeria and Kenya don’t have that much cyber infections registered as, for example, Egypt, and are way behind a number of the Middle East countries. But it was recently reported that Africa is leading the world in Internet growth – where growth in international Internet capacity connected to Africa outpaces all other regions of the world. And unfortunately growth in Internet development triggers cybercriminal activity across Africa, including Kenya - where online criminals are constantly using the Internet, creating new ways to earn money which include getting their hands on personal important data – that can compromise digital identities.

If cyber criminals get hold of your passwords and personal data, they can take on your ‘digital identity’ – and not only defraud you out of money, but also cause a host of long-term problems. For that reason you need to ensure that your digital identity is protected – no matter where you are or where you live on the globe. East Africa’s situation is not unique – all countries on the globe suffer this reality and need to take cyber security and the security of digital identities very seriously.

What individual, organisation or law would you like to recognise for its work in support of or against digital privacy rights and net neutrality? 
The Ministry of Information of Kenya is doing good work in this regard. In response to the growing cyber threat landscape, and in support of the national priorities and ICT goals defined in Kenya’s Vision 2030 – Kenya’s ICT Ministry developed a National Cybersecurity Strategy (Strategy). In 2013, the Ministry of ICT said that Kenya is committed to enacting the necessary legislation on Cyber Crime.  

I believe that such commitment from the government is a great step forward here and will go a long way in the fight against cybercrime.

What measures do you take to protect your digital privacy and security?
I try to be cautious and use security solutions that protect me both when I’m online and without Internet connection, because even a USB can carry some banking Trojan or ransomware that can block or encrypt files and make them unavailable until the money is paid. Whenever I am going to use the Internet, I am always aware of the following:
  • What device am I using, and more importantly, is this device protected with the right security (like Kaspersky Total Security – multi-device – that offers effective protection across a PC, phone and tablet). If the device is not protected with effective security software, I don’t make any connections that are connected with my identity - I just browse for news, for example, and I don’t go to websites that require entering account credentials.
  • If I am going to access Wi-Fi – I always check that I am going to access a secure Wi-Fi line – one that requires a password – to ensure that I am extra secure.
  • When going online, I always check that the site I am trying to access is legitimate – in that it makes use of a proper IP address.
  • I am aware of all ‘pop ups’ online (be it adverts or a message asking me to click something) that might be malicious – I never click on any pop up, as it may be a virus or scam.

Bethwel Opil joined Kaspersky Lab in March 2012 as Channel Sales Manager for East Africa, Kaspersky Lab Africa. Bethwel has over 10 years of experience in managing distribution channels in IT and telecommunications companies. Bethwel graduated from Jomo Kenyatta University of Agriculture and Technology with a BSc in Mathematics and Computer Science before going on to complete a Management and Organisation course at the Kenya School of Monetary Studies.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 17 September 2015

It’s a Vulnerable World: mid-September 2015

September’s vulnerabilities remind us that nothing—not your web camera, your email, your passwords and certainly not your coffee shop mobile web browsing—is safe anymore. Fortunately, SumRando Cybersecurity is here for you. The first 20 readers to email us at blog@sumrando.com will receive a stash of SumRando camJAMR webcam covers. Share these removable and reusable camera covers with your friends--trust us, they will thank you.

camera hack, camJAMR, Adult Player, baby monitor
Is your camera covered? [Source: camJAMR]
Baby beware: Rapid7 has found a host of vulnerabilities, including those that leave camera streaming and settings exposed, in 9 different baby monitors.

Human error, one of cybersecurity’s greatest threats, was responsible for revealing the names and email addresses of nearly 800 recipients of an email newsletter, all registered at a London provider of HIV and sexual health services.

Adult Player proved that babies aren’t the only victims of camera hacking. The porn app doubled as picture-taking ransomware that demanded $500 in exchange for an unlocked phone.

United States courts required Microsoft to comply with a search warrant request for an email stored on a server in Ireland. Microsoft lawyer Joshua Rosenkranz said it well: “We would go crazy if China did this to us.”

China has taken measures to block Astrill, a VPN service widely used to circumvent the country’s Great Firewall, leaving many to wonder what next? 

Anonymous Africa claimed responsibility for Distributed Denial of Service (DDoS) attacks that shut down the Zimbabwe Herald and Africa Global’s news site. A tweet from Anonymous Africa declared the former an act of retaliation against the Herald’s support of “tyrant and murderer Mugabe.”

An Avast study found that internet users in Asia were more likely to use unprotected Wi-Fi than those in Europe or the United States and that nearly half of web browsing in Asia occurs on unprotected HTTP sites. Users worldwide rely on unsecured HTTP sites for mobile browsing.

KPMG’s Global CEO Outlook 2015 reported that 50% of CEOs surveyed feel their companies are either not prepared or partially prepared for a major cybersecurity event. The study also found that American CEOs are more confident in their capacities to prevent cyberattacks than those in Asia or Europe. 

Google, Mozilla and Microsoft will remove vulnerable RC4 encryption in early 2016, which means users’ messages will remain decryptable for a few more months.

The Ashley Madison debacle just got worse: the amateurs of Cynosure Prime managed to decode 11 million weakly-protected passwords from the site in just 11 days.

Charles Schumer, US Senate, Excellus, data breach, hackers
Senator Schumer believes there is work to be done.
In response to the recently acknowledged Excellus Blue Cross Blue Shield data breach, US Senator Charles Schumer pointed out, “The fact that this data breach was not discovered for 19 months just goes to show how sophisticated online hackers are and how much work we have to do when it comes to protecting our personal information.”

As always, let us know if there are any vulnerabilities we missed in the comments below.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday 16 September 2015

SumVoices: A Behind the Scenes Look at What Iraqi Journalists, Activists and Bloggers Think about Surveillance Online

Our last installment of SumVoices featured Indonesian author and entrepreneur, Ollie. This week we bring you Iraqi photojournalist and social media trainer Bahr Jasim. The two-part report features a version in Arabic, "Protection and Surveillance: Citizens and their Governments in a Race Against Time," following the article below.


For several years now, privacy advocates in the MENA region have grappled with the impact of targeted surveillance technologies on various communities. These tools, sold by some European companies, have been increasingly used to spy on activists, journalists, bloggers, and advocates. In July 2015, around 400GB of stolen internal company files belonging to the Italian surveillance and intrusion software firm Hacking Team were distributed online through its hacked Twitter account. They were hacked by hackers. These leaks showed that the company’s reach is farther than previously imagined; some of these clients are Iraq and the Kurdistan Regional Government (KRG).

To learn what Iraqi activists, journalists and bloggers think about this issue, I interviewed some of them to know their feelings and opinions from the moment they got this information.

Reactions from across the country vary from anger to utter rage. Aso Wahab, blogger and activist from Kalar, Kurdistan in Iraq says that he had already a doubt about the issue, and this leaked information confirmed it for him. (blog link: http://asowahab.blogspot.com)

Moreover, about the reason that the KRG bought such a program, Aso said that however we as activists have doubled protection of more and more of our information online and develop our privacy, the Government of KRG will develop and buy new technical tools to track us.  He added that there are two ways in his opinion to mitigate surveillance: the first is by monitoring and tracking the activities of the activists. The second is to monitor and track the groups exploiting the Internet as a free space and who are open in their support of terrorism, especially since the KRG and Iraq are going through a difficult phase and confronting them on the ground and in cyberspace.

For Aso, the purchase of control spyware by KRG was expected especially since we know the backgrounds of companies that provide mobile phone and Internet service in the region, as though it is true they have official papers as private companies, everyone in the region knows their [political] affiliations. The leaked documents came as confirmation of what we have been saying and what we published about the targeting of activists and journalists‫.

Tahseen Al Zargani, Iraqi journalist and blogger, shares the same opinion as Aso. He said that this leaked information changed the way we communicate online in Iraq and drives us to use encrypted emails and to pay attention when chatting online, especially when dealing with topics requiring confidentiality of information.

As some activists prefer to protect themselves online to not get spied by anyone, Aso said that he always made sure to protect his personal information and his privacy online, even before the leaked information. But after, he has increased the degree of protection by using different technical tools to secure his accounts and encrypt his tools, conversations, messages and contacts, as well as using safe apps and as much as possible. He contributes to spreading awareness about this issue by writing blogs about how to protect yourself online and by publishing on Facebook.

The big question that we have in mind is what to do about surveillance, and if it continues that way, will hacking and surveillance become a way of life. 

Bahr Jasim – Iraq

Bahr Jasim is an Iraqi photojournalist who showcases human rights issues through photography and a social media trainer for journalists specializing in the protection of their rights in cyberspace. You can read his blog at http://www.bahar-iq.com/ and follow him on Twitter at https://twitter.com/baharsea1

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!



لعل معظم مستخدمي الانترنت في العالم العربي و العراق على وجه الخصوص سمعوا عن تسريب الملفات التي تسريب الملفات من قبل شركة  Hacking Team الايطالية التي حدثت في شهر تموز من سنة  ٢٠١٥ والتي تمت قرصنتها ونشر ملفاتها الخاصة المتعلقة بالمحادثات مع الزبائن على فضاء الانترنيت الحر. هذه الملفات تثبت تواطؤ الحكومات من أجل التجسس على مواطنيها وبالأخص الصحفيين والمدونيين والناشطين وكانت حكومة اقليم كوردستان هي واحدة من زبائن الشركة الايطالية التي استعملت برامجها للتجسس وأيضا دفع الاموال الطائلة من خزينة الدولة لشراءها وهذا ما يثير الشك والتساءل عن ما اذا كانت حكومة بغداد قد اشترت مثل هذه البرمجيات وهل تستعملها لنفس الغرض وخاصة هناك شركات عديدة تبيع هذه المنتوجات...

بداية واستناداً على مجموعة من المقابلات والحوارات مع بعض الصحفيين والمدونين والناشطين العراقيين من خلال طرح مجموعة من الأسئلة والتي تتعلق بآرائهم ونظرتهم حول المراقبة والتجسس في العراق وحكومة اقليم كوردستان و حول ان كانوا يشعرون انهم مراقبون من طرف أية جهة قبل أن تظهر هذه الاخبار المسربة من الشركة الايطالية
Hacking Team شهر تموز الماضي ومعرفة كثرة الزبائن من الدول العربية لاقنائهاو استخدامها في التجسس على مواطينها و حكومة اقليم كوردستان هي احد هؤلاء الزبائن عن طريقة وسيط يسمى بـ INTECH CONDOR

كان الامر أشبه بالصدمة لبعض العاملين في هذا المجال وما آلت الى فعله حكوماتهم والبعض الاخر كان الامر متوقعاً بالنسبة اليه واخذ المعلومة بصفة طبيعية.
في سؤالاً للمدون أسو وهاب من مدينة كلارـ اقليم كوردستان العراق, عن ما هي اسباب حكومة الاقليم على شراء هذه البرمجيات؟

 يجيب المدون أسو وهاب " مع تنامي المعرفة بأستخدام التقنيات الجديدة و في مجال الدفاع و حماية المعلومات و التخفي خاصة من قبل النشطاء المستقلين, لابد لحكومة الاقليم ان تطور من ألياتها لرصد ومتابعة نشاطات النشطاء, و الاتجاه الاخر هو رصد ومتابعة ومعالجة الاشخاص والجماعات التي تستخدم فضاء الانترنيت الحر لدعم الارهاب, خاصة وان الاقليم والعراق يمر بمرحلة صعبة وهنالك بجانب المواجعة على الارض مواجهات وحرب اعلامية اسخن منها على الفضاء الاليكتروني"
و عن ردة فعل الناشط المدني أسو وهاب بوقت علمهُ بشراء اقليم كوردستان هذه البرمجيات عن طريق تسريب الملفات.

يقول أسو " كان الموضوع بالنسبة لي أمراً متوقعاً وخاصة اننا نعرف خلفيات الشركات المزودة لخدمة الهاتف المحمول والانترنيت في الاقليم و الجميع يعرف انتمائاتها بأنها تابعة للحزبين الحاكمين, تسريب الوثائق جاء تأكيدا عن ما كنا نقوله و ننشره عن عمليات استهداف النشطاء سواء كانوا سياسيين او مدنيين"

فيما يأكد الصحافي والمدون العراقي تحسين الزركَاني, على نفس المخاوف من التجسس والمراقبة على الانترنت وأرض الواقع ويقول " غيرت في نظام المراسلات و بدأت بتشفير الرسائل التي من الممكن ان تكون مهمة ببرامج التشفير الخاصة مع الجهات التي أرى انها تتطلب سرية المعلومات"

ومن هنا نعود للمدون اسو وهاب وعن الاجراءات الاحترازية التي قام بها بعد موضوع تسريع الوثائق " كما قلت سابقاً كانت تسريق الوثائق تأكيداً على ما كنت أؤمن به, لذلك كنت دائما احرص على تأمين امني الشخصي ومنها خصوصيتي على الانترنيت وما حصل هو أنني زدت من درجة الحماية,من تأمين حساباتي و تشفير محادثاتي و اتصالاتي بأستخدام البرامج الأمنة و على قدر المستطاع احاول التعريف بها على مدونتي الشخصية وحسابي على الفيسبوك للفائدة العامة"

فيبقى السؤال الاكبر في النهاية ما هي الوسيلة للتخلص من كم التجسس والمراقبة من قبل الحكومات على مواطنيها, وهل استخدام البرامج المشفرة والقرصنة ستكون طريقاً اخر يجب ان يسلكه المواطنين للحفاظ على خصوصيتهم على الانترنيت؟

 بحر جاسم محمد ـ العراق