Thursday 28 January 2016

Happy Data Privacy Day, Randos!

Today we celebrate Data Privacy Day in honor of the January 28, 1981 signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. 35 years later, legislation such as this has never been more important.

Convention 108, as the treaty is more commonly known, was the first legally binding international agreement dedicated to the protection of individuals’ personal data. As the National Cyber Security Alliance reminded us in its Data Privacy Day video:

“What you may not realize is that there is probably more of your personal information floating around in cyberspace than you think. Everything from what you post on social media and your browsing habits to the information organizations collect about you online leaves a digital footprint...Information about you such as the games you like to play, what you search online and where you shop and live has value, just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.”

A year ago, we celebrated Data Privacy Day by offering our readers tips to enhance their online safety. Take a look. Although we wish we could report otherwise, these seven recommendations are as necessary today as they were in January 2015.

What we suspect has changed in the last year is the willingness of individuals to actively engage in data protection. In comparing 2014’s celebration with 2015’s, witnessed a nearly 125% increase in web traffic and the number of registered Champions of Data Privacy Day increased approximately 45%. Given that terms such as cybercrime law, data breach, encryption, government backdoor and VPN (and the concern for personal safety that they bring) are far more common than they were in January 2015, we expect this year’s celebration to be bigger than ever before.

January 28 is a day to envision a world that 'Respects Privacy, Safeguards Data and Enables Trust.’ Join us in striving to make this goal a reality.

Tuesday 26 January 2016

Sean Penn’s “Secret Visit” With El Chapo Has Become Everyone’s Business

Sean Penn, El Chapo, Mexico, United States, privacy, surveillance, encryption, VPN, secure messenger
Penn defends his interview on 60 Minutes. [Source: CBS News/60 Minutes via AP]

 On January 9, 2016, Rolling Stone magazine published an interview by American actor Sean Penn titled “El Chapo Speaks: A secret visit with the most wanted man in the world.” A short two weeks later, little about the visit has remained secret.

Joaquin “El Chapo” Guzman, known less casually as the powerful Mexican drug lord behind the infamous Sinaloa Cartel, made headlines last July when he successfully escaped from prison for a second time. His status as a wanted fugitive made Penn’s October interview all the more significant and also meant that numerous security precautions were required to arrange the meeting. In his article, Penn spoke at length of El Chapo’s “unusual trust,” as well as Blackphones, encryption, TracPhones, BBM messages and escorts by car and plane.

According to the Mexican authorities, the trust and security provided was not enough to shield El Chapo’s location from the powers that be. On January 8, Mexican marines apprehended El Chapo; shortly thereafter, Mexico’s attorney general described Penn’s October visit as “essential” to the capture. Penn himself has since denied a connection between his visit and El Chapo’s arrest, but his article’s words seem to imply otherwise: “Since our late-night visit in the Mexican mountains, raids on ranches there have been relentless. A war zone. Navy helicopters waging air assaults and inserting troops. Helos shot down by Sinaloa cartel gunmen. Marines killed. Cartel fighters killed. Campasinos killed or displaced…On Friday, January 8th, 2016, it happened. El Chapo was captured and arrested – alive.”

In jail El Chapo remains, but the fallout from this “secret” visit is far from over. Kate del Castillo, the Mexican actress who has been in communication with El Chapo since 2012 and arranged the meeting via BBM, has argued that the Mexican government is now trying to “destroy” her. Under investigation is del Castillo’s relationship with El Chapo, as well as whether illicit funds from him were used by del Castillo to launch her Honor del Castillo tequila business. The evidence comes in part from secret communications themselves: on January 13, Mexican news source Milenio published a series of encrypted BlackBerry messages between del Castillo and El Chapo leading up to the October visit, proving that what was thought to be secure was anything but.

Of the three, only Sean Penn does not currently find himself in legal trouble, but his 10,000-word account of the visit has left many wanting more. Journalists everywhere, including 60 Minutes’ Charlie Rose, are questioning Penn’s journalistic integrity and ability given his final product was a piece that failed to ask or answer tough questions and received its final approval from its subject. Mexican actor Gael Garcia Bernal was offended Penn would choose to profile El Chapo when there are “others more deserving of the attention.” The UK’s Daily Mail went so far as to publish the headline, “Sean Penn spotted for the first time since speaking about drug lord El Chapo during Charlie Rose interview as he spends time with son Hopper” with a series of invasive pictures. In attempting to share a secret with the world, Penn seems to have lost his rights to a personal opinion or to privacy.

This is one saga that appears to be far from over, but several lessons have already been learned. Most importantly, if you, like Penn, call yourself “the single most technologically illiterate man left standing,” educate yourself. El Chapo may have shown an “unusual trust,” but Penn displayed a blind trust in his “experiential journalism” process and now must face the aftermath, for himself and for others. Ultimately, the user must know how and when and when not to use the technology at his fingertips.

Want more of the latest cybersecurity news from around the world? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday 20 January 2016

Free Speech in Kuwait Was Bad Before, And Now There’s a Cybercrime Law

Kuwait, MENA, Middle East, censorship, free speech, VPN, SumRando Cybersecurity, Secure Messenger, Web ProxyIf you believe everything the Kuwait Times tells you, you may think the country’s new cybercrime law was designed to benefit its people.

A January 14 article titled, “New cybercrime law protects on-line users” described the legislation as “aimed at protecting society from misuse of the internet and e-media by some users,” but offered little additional information in its 118-word blurb.

Sources outside of Kuwait seem to have a different interpretation and a bit more to say:

“This law does not belong to the 21st century. In spirit and indeed, in letter, it is a retrograde piece of legislation that merely draws upon earlier, repressive laws. Kuwaitis deserve better,” argued Amnesty International’s Said Boumedouha.

“This new law comes at a time when Kuwait is prosecuting many opposition politicians and activists, journalists, and other government critics using expansive interpretations of moral imperatives and national security requirements. It appears designed to allow the authorities even wider legal latitude to curtail Kuwaitis’ right to free speech,” opined Sarah Leah Whitson of Human Rights Watch.

In fact, punishable offenses under the cybercrime law, in effect as of January 12, include using the internet to insult religion, the emir (Kuwaiti leader) or the judicial system, to damage Kuwait’s international reputation and to publicize classified information even when in the public’s best interest. It furthermore allows the government to confiscate devices used to carry out such acts and to ban “outlets and locations” responsible for these actions.

A better understanding of the cybercrime law certainly helps to explain the Kuwait Times’ vague-yet-optimistic approach to it, which ultimately only demonstrated the danger of such legislation: a newspaper unable to critique its government is also unable to openly discuss basic facts. Surf secure and stay Rando, Kuwait!

Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 19 January 2016

قانون الجرائم المعلوماتية : جولة بين فصول القانون

Our last installment of SumVoices featured Fahad Desmukh, journalist and digital human rights activist with Bytes for All, Pakistan. This month we bring you an anonymous contributor from Algeria, in Arabic and English (below).

Algeria, SumVoices, cybercrime, SumRando Cybersecurity, VPN, Secure Messenger, Web Proxyفرض التقدم المسجل في مجال تكنولوجيات المعلومات والاتصال في السنوات الأخيرة فضاءا جديدا لتبادل تدفق المعلومات الرقمية والتي تتم عبر الكثير من المعاملات والخدمات الالكترونية. كما أدى التطور الرقمي في معظم دول العالم للرد واتخاذ إجراءات قانونية مناسبة للاستخدامات المختلفة لأجهزة الكمبيوتر وذلك للتصدي ومحاربة جميع أشكال الجريمة الالكترونية وفق تشريعات محددة.

عندما تصبح التكنولوجيا مكانا للجريمة، فإن القانون يجب أن يعتمد على اليات للرقابة توفر الحماية الكاملة لمستخدمي الانترنت. وقد اتخذت الجزائر مبادرة لجعل القانون ينظم ويراقب هذا النوع من الجرائم، وقد اعتمدت في نص القانون على قواعد محددة بشأن حماية ووقاية ومحاربة كل أشكال الجرائم المتعلقة بتكنولوجيات الاعلام الاتصال. وقد قام التجمع الشعبي الوطني ومجلس الأمة بالمصادقة على القانون يوم الخامس من اوت 2009.

تتبادر أسئلة كثيرة الى أذهاننا عندنا نسمع ما يجري حولنا من جرائم الكترونية، كل هذه الجرائم الالكترونية الصغيرة والكبيرة التي نسمع بها كل يوم، ونتساءل عما فعلته الجزائر في هذا المجال باستثناء مواد من قانون الجرائم الالكترونية لا يغطي حتى كافة جوانبها.

تكافح العديد من بلدان العالم بشكل فعال ضد الجرائم الالكترونية، وتعمل لتعزيز الامن الالكتروني لحماية مستعملي الانترنت، هذا أبعد مما تكون عليه الجزائر حيث تكرس الحكومة اهتماما أقل حول تطوير الأمن على شبكة الانترنت.

في هذا الوقت، حيث صارت المشاكل الإقليمية الالكترونية تجري على الانترنت، تتصرف الجزائر وكأن الأمر لا يعنيها، وفقا لإحصائيات موقع وولد ستايت تمثل نسبة دخول الانترنت في الجزائر فقط (27.8٪). كما أن استراتيجية e-Algeria والتي تهدف الى توفير الانترنت في جميع الشركات والمدارس والمنازل لم تكن بحجم التوقعات. حتى أن خدمة الجيل الثالث لم ترق للحجم المطلوب والجيل الرابع ما زال ينتظر.  الكثير من الشركات لا تتوفر على خدمة الانترنت الى الساعة والفواتير، وقسائم الدفع ماوالت على الطريقة القديمة التقليدية حتى الان. لا وجود التجارة الإلكترونية، ونفس الشي بالنسبة الدفع الالكتروني. ولكن هذا لا يمنع من ادراج الجزائر في قائمة أكثر البلدان ضعفا في مجال الأمن السيبراني.

لقد تم نص بعض القوانين المحلية على الصعيد الوطني بخصوص الامن الرقمي في منطقة الشرق الأوسط وشمال افريقيا، ولكن كما نعلم جميعا الإنترنت ليس له حدود. التنظيم والتعاون الدولي أمر أكثر من ضروري للنجاح في التصدي لتهديد جرائم الإنترنت الدولية.

وينص قانون جرائم المعلوماتية الجزائري، والذي يتضمن 19 مادة و 6 فصول، في الفصل 2، إمكانية اللجوء إلى مراقبة الاتصالات الالكترونية لأغراض أمنية، وفقا للقواعد المنصوص عليها في قانون الإجراءات الجنائية وهذا القانون خاضع للأحكام القانونية التي تضمن سرية المراسلات والاتصالات. هذا النص يراه للبعض مثيراً للقلق.

 اذ أنه يسمح للدولة بالتجسس وإختراق للمواقع التي تعتبر خرقا لتعريفها لجرائم الإنترنت بصورة غامضة. فيما أن، المواد 3 و 4 و 7 تعطي السلطة الحق في للتنصت ورقابة الانترنت والتفصيل عندما يكون مطلوبا دون الشرح في اي الحالات يكون هذا الامر مطلوباً. فيما ان المادة 05 تمنح الدولة القدرة على الإختراق عن بعد والتجسس على انظمة الكومبيوتر إذا كان ذلك مطلوبا من قبل القاضي. المادة 10 و 11 تطلب من "مزودي خدمة الإنترنت" لتخزين كافة الاتصالات والمعلومات التعريفية . المادة 13 و 14 استحداث هيئة جديدة لمكافحة الجرائم الإلكترونية، و نص القانون  غير واضح  ولا يشرح لطبيعة هذه الهيئة.
فيما أن المادة (4) تمنع الجرائم الإرهابية  و أعمال تخريبية وجرائم ضد التي تهدد أمن الدولة، وعندما يكون هناك معلومات عن هجوم محتمل لنظام تكنولوجيا المعلومات  للنظام العام أو مؤسسات الدفاع ، أو الاقتصاد الوطني، وفيما يتصل تنفيذ طلبات المساعدة القضائية الدولية.

لا يمكن إجراء هذه العمليات والمراقبة، وفقا لأحكام هذا القانون، إلا على إذن كتابي من السلطة القضائية المختصة. الا في حالة تتعلق بجرائم إرهابية أو تخريبية والجرائم ضد أمن الدولة، يتم إصدار إذن من النيابة العامة لدى محكمة الجزائر العاصمة لضباط الشرطة القضائية  للوقاية ومكافحة الجرائم المتصلة بتكنولوجيا المعلومات والاتصالات (ICT)، لمدة 6 أشهر قابلة للتجديد.

ولذلك، ينبغي ان يكون للمجتمع المدني الجزائري معرفة ودراية بما يحدث و ان يشاركوا و يتعاونو مع المؤسسات الاخرى  لتفادي حصول انتهاك للحرية وحقوق الإنسان تحت ذريعة مكافحة الإرهاب أو الجريمةالإلكترونية.

الآباء والأمهات والأطفال والمراهقين والمؤسسات العامة والخاصة، والمواطن بشكل عام، الجميع يشعر بالقلق إزاء المخاطر الناجمة عن سوء استخدام الإنترنت دون توخي الحذر.

هذا و تتزايد جرائم الانتنرنت في الجزائر بحيث تم تسجيل أكثر من 300 حالة تتعلق بجرائم الإنترنت  سنة 2015 ، كما ان  حالات جرائم الإنترنت التي سجلتها الشرطة والتي تتمثل في التشهير وسرقة الهوية  و انتهاك الخصوصية في تزايد. وعلاوة على ذلك، كما تم تسجيل حالات أخرى بصفة اقل مثل قرصنة المواقع الإلكترونية بما في ذلك مؤسسات الدولة، وحالات الابتزاز. كما تزال عملية دفع شكوى لدى جهاز الامن من قبل ضحايا الجرائم الالكترونية ثقافة جديدة لا يعرف عنها الكل أو الخجل من التشهير عن انفسهم.

اتخاذ خطوات لحماية نفسك على الانترنت . تبدأ من خلال SumRando VPN تحميل .

هل تريد المزيد من SumVoices ؟ واصل القراءة!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumVoices: Cybercrime in Algeria - Phenomenon on the Rise

Our last installment of SumVoices featured Fahad Desmukh, journalist and digital human rights activist with Bytes for All, Pakistan. This month we bring you an anonymous contributor from Algeria, in English and Arabic (above).

Algeria, SumVoices, cybercrime, SumRando Cybersecurity, VPN, Secure Messenger, Web ProxyThe progress recorded in the field of information and communication technology in recent years has imposed a new space for the exchange of digital information in which all types of transactions and electronic services are conducted.

The digital revolution has led most countries of the world to react and to commission regulatory measures pertaining to computer usage. To address cybercrime, specific legislation has been adopted.

When technology enables crime, laws must adopt adequate control mechanisms to protect internet end users. Algeria has taken the initiative to make a law that regulates and supervises this kind of crime. It has adopted a law that addresses specific rules on the protection, prevention and the fight against all forms of offenses related to information and communications technology. The National People’s Assembly and the Council of the Nation implemented this law on 5 August 2009.

Many questions come to mind when we see what is happening around us, the small and large computer crimes we hear about every day. What has been done in Algeria regarding this sector apart from this small piece of legislation that does not cover all aspects of cybercrime?

Many countries often struggle to be effective against cybercrime, strengthen their IT security, and protect internet users. This is also the case in Algeria where government is much less concerned about developing web security.

In this time when territorial conquest battles are currently running on the net, Algeria acts like it is not concerned. In fact, Algeria is not very connected to the net, with only 27.8% of the population having access, according to the Internet World Stats website. The e-Algeria strategy that aims to connect companies, homes, schools, etc. is still in its infancy. 3G has been commissioned and the country still waits to be introduced to 4G. Several Algerian companies are currently disconnected; invoices, pay slips and purchase orders have not dematerialized. Electronic commerce does not exist, same with electronic payments. However, this does not prevent Algeria's inclusion on the list of most vulnerable countries in the field of cybersecurity.

In the MENA region, some regulation has been created nationally; however, as we all know, the internet has no borders. International regulation and cooperation is necessary to successfully tackle the threat and be a serious counter party against international cybercrime.

The Algerian cyber law, which includes 19 articles and 6 chapters, provides in Chapter 2 the possibility of recourse to the surveillance of electronic communications for preventive purposes, in accordance with rules set by the Criminal Procedure Code and this Act subject to legal provisions guaranteeing the confidentiality of correspondence and communications. This text worries some, as it grants unprecedented power to the state. It permits the state to spy and hack websites that it deems in breach of its vague cybercrime definition. In addition, articles 3, 4 and 7 give the power to the state to eavesdrop and censor internet and detail cases when it is required. Article 5 grants the state the power to remotely hack and spy computer systems if required by a judge. Articles 10 and 11 require “internet providers” to store all communication and identifying information for a minimum of a year. Articles 13 and 14 introduce a new body for combating cybercrime, but the text of the law is not clear as to the nature of this body. This whole law is in clear breach of several citizen rights as given in the constitution, including article 36, which explicitly grants freedom of expression, and article 39, which explicitly grants the right to privacy.

These monitoring operations prescribed by Article 4 may be made to prevent such offenses designated terrorist or subversive acts and offenses against state security, and when there is information about a possible attack on an IT system representing a threat to public order, national defense, state institutions, or the national economy, as well as in connection with the execution of requests for international judicial assistance.

These surveillance operations can’t be performed, according to this law, except with written authorization by the competent judicial authority. In the case related to offenses of terrorist or subversive acts and offenses against state security, authorization is issued by the Public Prosecutor at the Court of Algiers to the judicial police officers within the body National prevention and Fight against Crime related to information and communications technology (ICT), for a period of 6 months renewable.

Therefore, Algerian civil society should mobilize and raise its voice to collaborate with the news body to ensure that there are no violations of freedom and human rights under the pretext of the fight against terrorism or cybercrime.

Parents, children and adolescents, public and private institutions, and citizens in general are concerned about the dangers posed by the misuse of the internet without caution.  Algeria is far behind in this area compared to other African or Arab countries.

More than 300 cases related to cybercrime were resolved in 2015, showing that cybercrime is gaining ground in Algeria. The largest percentage of cybercrime cases recorded by the police concerned the use of pictures of children for pornography, defamation, and business identity theft. Other cases that are concerning deal with piracy of electronic sites – including those of state institutions – blackmail cases, and also cases of the violation of privacy. According to these exceedances, victims of cyberattacks are usually public and private administrations, foreign companies, and individuals. The data are unreliable since the culture is hesitant to file complaints as victims of cybercrime because people don’t know about it or they are ashamed they have been defamed.

Take steps to protect yourself online. Start by downloading SumRando VPN.


Want more SumVoices? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Monday 18 January 2016

This MLK Day, Think Before You Tweet

Dr. Martin Luther King Jr., #MLKDay, #BlackLivesMatter, SumRando Cybersecurity, VPN, Secure Messenger, Web Proxy
Dr. Martin Luther King, Jr., arrested in 1958 for "loitering". [Source: AP]
Americans hoping to celebrate today’s Dr. Martin Luther King, Jr. Day with a tweet should be aware of the weight their words could carry: those who tweet #MLKDay will be joining a government-sanctioned national celebration, but those who tweet #BlackLivesMatter may end up as victims of government surveillance.

Since the early 1980s, the United States has celebrated Dr. King’s legacy each January with a day of remembrance, which in more recent years has become recognized as a day of service. Service defined the African-American civil rights leader, whose nonviolent social activism and involvement with the Southern Christian Leadership Conference contributed to the creation of the Civil Rights Act of 1964 and the Voting Rights Act of 1965, significant steps in the fight for racial equality in the United States. In 1964, King’s work was universally acknowledged when he became a Nobel Peace Prize recipient.

Today’s United States government may look favorably on Dr. King, but during the height of his activism, he was the definition of a threat to the status quo. In 1956, the Federal Bureau of Investigation (FBI) launched COINTELPRO, a domestic surveillance program initially designed to monitor and “neutralize” communist activity in the country. As the civil rights movement gained momentum, FBI Director J. Edgar Hoover turned the attention of COINTELPRO to activists such as Dr. King and wiretapped King’s hotel rooms and home and collected photographs and physical observations of his movements. Unable to uncover any punishable wrongdoing, the FBI instead used the discovery of extramarital affairs to attempt to anonymously shame King into abandoning the movement and committing suicide.

Flash forward half a century and it’s not hard to draw parallels between the work of Dr. King and that of today's Black Lives Matter activists. The now-ubiquitous hashtag #BlackLivesMatter originated in 2013 when neighborhood watch patrolman George Zimmerman was acquitted of killing an unarmed 17-year-old African American youth. Today, Black Lives Matter has come to represent a movement in response to continued police violence against Black people, as well as a call to rebuild the Black liberation movement.

And much like with Dr. King, a man who had done little wrong, today’s Black Lives Matters activists find themselves under surveillance. Since at least mid-2014, the U.S. Department of Homeland Security has monitored Black Lives Matter participants via social media and by tracking the movements of individuals at protests, cultural events and even prayer vigils. And given the current state of surveillance in the United States, the government is largely within its rights when it comes to documenting Black Lives Matters activists. Mother Jones explained, “Federal, state, and local law enforcement agencies have the legal authority to monitor people and activities in public places. This includes attending, observing, and taking notes on protest activities. However, collecting and storing personally identifiable information on specific individuals is not allowed, with the exception of people suspected of criminal activity. Monitoring tweets and other social media posts, including geolocation information associated with those posts, is also legal.”

One activist, Maurice Mitchell, sounded a bit Dr. King-like in his response to modern day government monitoring: “Surveillance is a tool of fear. When the police are videotaping you at a protest or pulling you over because you’re a well-known activist—all of these techniques are designed to create a chilling effect on people’s organizing. This is no different. The level of surveillance, however, isn’t going to stop us. After all, we organize because our lives depend on it.”

This MLK Day, we remember a man who lived and died for a cause he believed in, celebrate those who continue to advocate for justice in the face of danger and remind individuals everywhere to consider who might be watching them.

Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 12 January 2016

A Democratic Malaysia Requires “Creative Activism”

Malaysia, Sedition Act, censorship, Bersih 2.0, Mugiyanto Sipin, VPN, SumRando Cybersecurity
When technology and repressive regimes collide, “creative activism” can be a reform movement’s best hope. Just ask Malaysia’s Bersih 2.0.

Malaysia’s Coalition for Clean and Fair Elections, Bersih 2.0, is an electoral reform movement that has held a series of rallies since its inception in 2006. The latest, Yellow Mania, was held January 6 through 10 and took an approach that differed from the usual protests in the street.

Bersih Secretariat Manager Mandeep Singh described Yellow Mania as “relaxing and fun-filled”: “This event is to appreciate the Bersih 4 rally goers and all other supporters, who may have not attended for their own reasons. It is meant to be an educational eye-opener and a leisurely experience at the same time. It is also to appeal to those with interest in creative activism.”

The five-day event had something for everyone: photography, panel discussions, stand-up comedy, films, coloring for children and an activist-in-training bootcamp for young adults. What it almost didn’t have, however, was guest speaker and Indonesian human rights activist Mugiyanto Sipin.

Sipin, an activist with the International NGO Forum on Indonesian Development (INFID), was detained at Kuala Lumpur International Airport and deported back to Indonesia, on grounds of “political interference by a foreigner.” Regardless, modern technology allowed the show to go on: Sipin returned to Indonesia and participated in Yellow Mania via Skype, a Microsoft video calling service.

Such is the wonder that is today’s technology. Governments are able to control the physical presence of individuals, but digital presences have become a bit harder to contain. It would be naïve, however, to think that our unsecured digital presences do not follow us into the tangible world. In fact, a tweet posted about Sipin attending Yellow Mania is what led the Malaysian authorities to intercept him at the airport. Furthermore, Skype, the platform that ultimately brought Sipin to Yellow Mania, is well-known for its security vulnerabilities and tendency to share users’ conversations with governments’ prying eyes. (Communications are encrypted when in transit, but not from Skype itself.)

In a country like Malaysia, exposed communications and security vulnerabilities of all sorts become all the more worrisome. Malaysia’s 1948 Sedition Act was largely a forgotten holdover from colonial days until recent years. Since 2013, the legislation has been used repeatedly to punish dissent, a trend that has only strengthened since reports of embezzlement associated with Prime Minister Najib Razak surfaced in mid-2015. In October 2015, an attempt to challenge the constitutionality of the legislation was rejected by a federal court, meaning that to this day, to speak out against the government, its policies, royalty or Islam is to risk fines, imprisonment or even banishment from “any electronic device” altogether.

Amnesty International has argued that Mugiyanto’s deportation is part of a growing trend in Malaysia to violate the internationally guaranteed rights of freedom of expression, freedom to receive information and freedom to impart information. In response, the human rights organization has called on Malaysia to “respect and protect the right to freedom of expression.” In the meantime, SumRando Cybersecurity urges Malaysians to enact some “creative activism” and secure what they say and do online.

Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 7 January 2016

Gambia’s Regulations on Women: Your News or Ours?

This week, news sources everywhere reported concern for the Gambia’s decision to mandate female government employees to cover their hair at work. Everywhere, that is, but in the Gambia, a country with a Freedom House Freedom of the Press status of ‘Not Free’ and a 15-year jail sentence for “using the internet to spread false news or make derogatory statements, incite dissatisfaction, or instigate violence against the government or public officials”:

The Daily Observer, Gambia’s national newspaper that learned the hard way to take a pro-government stance, has yet to publish a word about Monday’s Executive Directive. In contrast, its recent reports paint a rather pro-woman portrait of President Yahya Jammeh:
Your News or Ours?, VPN, SumRando Cybersecurity, Gambia, Yahya Jammeh, censorship

Step outside the Gambia to Freedom Newspaper, a U.S.-based Gambian online news source, and Jammeh and his wife are presented as anything but presidential:
Your News or Ours?, VPN, SumRando Cybersecurity, Gambia, Yahya Jammeh, censorship

Similarly, U.S.-based VICE News, an international news organization, offered a more neutral headline, but was not shy in sharing the many shortcomings and human rights abuses attributed to Jammeh in its ensuing exposé: 
Your News or Ours?, VPN, SumRando Cybersecurity, Gambia, Yahya Jammeh, censorship

The news you receive depends on where your internet service provider believes your computer is. See for yourself with our nodes in Brasil, Hong Kong, Jordan, New York, Singapore, Sweden and Turkey. Discover what's out there, surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

Tuesday 5 January 2016

Arrests in Ethiopia Remind Citizens to Protect Their Digital Footprints

Ethiopia, SumNews, SumRando Cybersecurity, Zone 9 bloggers, Anti-Terrorism Proclamation No.652/2009, government surveillance, censorship
In the final two weeks of 2015, two journalists were arrested, five freed bloggers threatened with renewed terrorism charges and at least 50 protesters killed. In other words, it was just another fortnight in Ethiopia under Anti-Terrorism Proclamation No.652/2009.

Ethiopia gained international attention in April 2014 when the six Zone 9 bloggers, along with three journalists, were arrested for “terrorism”. Their crimes were publishing information about Ethiopia’s human rights violations, working to prevent censorship and actively promoting constitutional rights, including the right to protest. In July 2015, Zelalem Kiberet, Tesfalem Waldyes, Asmamaw Hailegiorgis, Mahlet Fantahun and Edom Kassaye were released, conveniently preceding a visit to Ethiopia by United States President Barack Obama. In October, those still detained—Atnaf Berhane, Natnael Feleke, Befeqadu Hailu and Abel Wabela—were also released, but the current situation in Ethiopia leaves the country with little to celebrate.

On December 30, five of the freed Zone 9 bloggers were summoned to court in response to an appeal against the dismissed charges. The result of the summons remains to be seen, but the appeal has already made clear the fragility of anyone’s innocence in Ethiopia today.

Meanwhile, on December 19, news anchor Fikadu Mirkana of the state-run Oromia Radio and TV was arrested and on December 25, editor-in-chief Getachew Shiferaw of online newspaper Negere Ethiopia was arrested. Setting the scene are weeks of protests against a government plan to expand capital city Addis Ababa by displacing local farmers, protests which have left dozens dead and hundreds arrested. In short, it is neither safe to express opinions nor to report facts in Ethiopia today.

At the heart of the issue is a piece of legislation known as Anti-Terrorism Proclamation No.652/2009, which has already contributed to the self-imposed exile of 57 Ethiopian journalists and to the country’s ranking as the third highest jailer of journalists in Africa. Several clauses of the Proclamation should cause concern for ordinary citizens as much as for journalists:

To prevent and control a terrorist act, the National Intelligence and Security Service may, upon getting court warrant: a) intercept or conduct surveillance on the telephone, fax, radio, internet, electronic, postal and similar communications of a person suspected of terrorism; b) enter into any premise in secret to enforce the interception; or c) install or remove instruments enabling the interception. Information obtained through interception shall be kept in secret. Any communication service provider shall cooperate when requested by the National Intelligence and Security Service to conduct the interception. The National Intelligence and Security Services or the Police may gather information by surveillance in order to prevent and control acts of terrorism.

The police may arrest without court warrant any person whom he reasonably suspects to have committed or is committing a terrorist act as provided under this Proclamation.

The police may request from any government institution, official, bank or a private organization or an individual to be given information or evidence which he reasonably believes could assist to prevent or investigate terrorism cases. Anyone so requested shall have the duty to give the information or evidence.

The following shall be admissible in court for terrorism cases: intelligence report prepared in relation to terrorism, even if the report does not disclose the source or the method it was gathered; hearsay or indirect evidences; digital or electronic evidences; evidences gathered through interception or surveillance or information obtained through interception conducted by foreign law enforcement bodies; and confession of a suspect of terrorism in writing, voice recording, video cassette or recorded in any mechanical or electronic device.

The House of Peoples' Representatives shall have the power, upon submission by the government, to proscribe and de-proscribe an organization as terrorist organization.

Where any organization is proscribed as terrorist in accordance with sub (1) and (2) of this Article, its legal personality shall cease.

There is much that could be said about the Ethiopian government’s treatment of its journalists and citizens, but to do so would be to risk one’s life. SumRando acknowledges the courage of those who have chosen to make their voices heard in the face of such oppression, as well as of those who operate under the radar, silently and surreptitiously doing what they know is right.

Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Monday 4 January 2016

It’s a Vulnerable World: December 2015

It's a Vulnerable World, Internet insecurity, security vulnerability, SumRando Cybersecurity
[Source: EFF Graphics]

For many, January means a fresh start, but December’s Internet insecurities are far from over. 2015 rounded out with threats to nearly every facet of everyday life, including the basic acts of using a credit card, logging onto a computer and accessing a favorite website. At risk are:
Windows Users: Users who login to Windows 10 via a Microsoft account (i.e. most users) unknowingly upload a copy of their recovery key to Microsoft’s servers, which can be used to access information that would otherwise be protected by encryption. In the words of cryptography professor Matthew Green, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”
Android Devices: Symantec recently discovered Android.Spywaller, malware pretending to be a well-known Chinese antivirus app that actually steals information from infected Android devices.

Outdated Encryption Lacking “Salt”: 3.3 million user accounts were leaked from Hello Kitty-owner Sanrio’s database. Much remains unknown about the data breach, but one thing is clear: the compromised passwords were encrypted with now-deprecated SHA-1 hashing and lacked an extra layer of security known as “salt”.

International Officials: Private data including names, phone numbers, usernames, email addresses and secret questions and answers of over 1,400 officials at the UN’s Paris climate talks were made public by Hacktivist movement Anonymous. The leak was in response to the arrest of approximately 100 protesters on November 29. Weak encryption was found to be at least partially to blame.

German and Turkish Banking: Security researcher Karsten Nohl found flaws that compromise personal identification number (PIN) codes, transactions and funds in German retail payment systems. In Turkey, a two-week attack thought to be carried out by Anonymous repeatedly disrupted credit card transactions and banks in general.

Internet of Things:
A study of 4,000 IoT devices from 70 different manufacturers revealed only 580 unique keys, the result of sharing, leaking and/or stealing code. Motherboard summarized the situation well: “Imagine an apartment building of 4,000 rooms but with only 580 different locks; the odds would be pretty good that your neighbor and you share the same front-door key. It’s a bit unsettling.” These static keys most affect devices in the United States, Mexico and Brazil.

Mobile Apps: Wandera revealed that 16 travel and leisure companies, collectively serving 500,000 users per day, had failed to use the encryption necessary to protect credit card information when submitted via a mobile app or website. To date, only easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus, Air Canada and SISTIC have remedied the issue.

World Wide Web: Malvertising, when hackers buy ad space on otherwise trustworthy websites, became increasingly common in 2015. By taking advantage of computer vulnerabilities, hackers only need users to open a website in order to steal financial information or lock files in exchange for ransom.
As always, let us know if there are any vulnerabilities we missed in the comments below.

Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday 1 January 2016

SumRando Cybersecurity’s Top 10 Highlights of 2015

2015 has been an exciting year for SumRando. In the last 12 months, we are proud to have:

10.  Explained what we do in less than 90 seconds
9.    Featured SumVoices contributors from Indonesia, Iraq, Kenya, Sweden, Algeria and Pakistan

8.    Added support of emojis to our Android secure messenger ;)

7.    Made our New York server VIP (faster!)

6.    Reached over 15,000 likes on our Facebook page

5.    Seen a spike in usership following Bangladesh’s November blockage of Facebook, Viber and WhatsApp

4.    Shared a rare interview with SumRando’s CEO

3.    Launched a more user-friendly website

2.    Expanded our Brazil server’s bandwidth in response to growing popularity

1.    Added our first Middle East server in Amman, Jordan

Thank you, Randos, for making 2015 a great year! We look forward to sharing an even more secure 2016 with all of you. Happy New Year!

SumRando Cybersecurity, VPN, Secure Messenger, Web Proxy

Want to check out the top posts of 2015? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!