Recently, the world witnessed the largest ever cyber heist, where cyber criminals hacked various debit card companies and $45 Million vanished from customers’ accounts. 45 Million dollars, approximately 4 Billion Kenya Shillings! The gang of eight withdrew monies from 26 countries throughout the globe in a coordinated manner. The first instance of the criminal activity happened on December 22, 2012 and the second on February 19-20 this year. After allegedly manipulating the withdrawal limits set by banks, casher gangs worldwide hit the ATMs, conducting some 4,500 transactions worth $5 million across about 20 countries. In the second attack, the group broke into the Bank of Muscat based in Oman. Then in the space of 10 hours, casher cells in 24 countries conducted some 36,000 transactions, withdrawing $40 million from ATMs.
Let’s not forget that on 20 March 2013, three South Korean television stations and a bank where cyber attacked, leaving all workstations frozen such that most of the staff could not work. About 48,000 PCs and servers in the organizations were struck during the incident. The assault shut down computer networks at TV stations KBS, MBC and YTN, and halted operations at three banks - Shinhan, NongHyup and Jeju. Some ATM withdraws and mobile payments could not be transacted. The malware, known as “DarkSeoul” in the computer world, evaded some of South Korea’s most popular antivirus products and to render computers unusable. Globally, a growing trend of cybercrime is through ATM fraud. Cyber criminals can gather ATM credentials from the magnetic strip of ATM cards and create replicas that are used to withdraw customer’s funds without their knowledge.
Another form of cybercrime that’s been growing is Identity theft. This is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. A person’s details illegally obtained could include email addresses and their passwords. Using such details, cyber-criminals can initiate and authorize transactions at the victim’s expense. For Google Mail users, an easy way to avoid this is by using the two-step authentication method to access your inbox. Two-step verification adds an extra layer of security to your users' Google Apps accounts by requiring them to enter a verification code in addition to their username and password, when signing in to their account. It helps protect a user's account from unauthorized access should someone manage to obtain their password. Even if a password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's verification codes, which only the user can obtain via their own mobile phone.
Coming closer home, for the last few years, there has been a rising number of ATM fraud cases. According to PricewaterCoopers (PwC) Global Economic crime survey, some regions including Kenya, South Africa and UK reported an increase of 40 per cent in fraud cases in 2011. Last year, Deloitte Kenya reported that commercial banks in Kenya are losing more than Sh3 billion a year, with Automated Teller Machine (ATM) fraud. This has been compounded by the rising number of carjacking incidents, which result into forced ATM withdrawals. Despite the rise in ATM fraud, the banking sector maintained a low profile on the matter. Shouldn’t they publicize the incidents to create awareness for their customers to be weary of this form of cybercrime? Statistically, there were more than 10.7 million ATMs, credit and debit cards in circulation by end of 2012, representing a 6 per cent increase over the previous year in Kenya. This is in tandem with the growth in the purchasing power of the population but so has the risk of ATM fraud, a larger target for the cyber criminals. To curb future ATM fraud, banks are now migrating from the magnetic strip ATM cards to the chip-based ones.
One of the effective ways of preventing cybercrime is by use of public key infrastructure, which allocates virtual identities to internet and digital services users. A PKI-public key infrastructure- enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Last year, Kenya was said to planning to adopt PKI through the Kenya ICT Board. Has there been any progress?
