of a group of cyber criminals who seem to be
having a field day on the Internet.
Investigation showed that the group known as
the Nigerian Cyber Army, compromised the
official recruitment website of the Nigeria
Army, www.narecruitment.org , a few days
ago.
Although it is not clear if the hackers gained
access to the recruitment portal through
phishing, weak passwords or software
vulnerabilities, the home page of the website
was defaced.
The message on the defaced homepage of the
electronic application portal, stated, "Yes,
your website got stamped by Nigerian leets
(sic)" and ended with a message warning that
the notorious hackers are back.
Even as checks on the website showed that it
is now fully restored, it could not be
determined if the group was able to gain
access into any of the Army's databases or
not.
The hacking group is notorious for a long run
of cyber attacks, including the defacement of
a website belonging to the National
Examinations Council in 2012 and that of the
Economic and Financial Crimes Commission.
However, online security experts have warned
small scale business owners, corporate
organisations and government establishments
to double their efforts towards protecting
their digital assets. According to them,
hackers are motivated by one or a
combination of factors that are usually
complex and varied.
Bypassing known security protocols, they
argue, could be fuelled by the malicious
intent of corporate espionage, vengeance and
cyber-terrorism, including boasting rights.
In an interview with iPUNCH , the head of
operations, GNT Nigeria – an Information
Technology training institute – Olorunfemi
Lawore, notes that organisations could not
afford to be complacent in the increasingly
complex digital world.
He warns that business and government
agencies stand to lose a lot when they fail to
provide security strategies for their digital
assets.
The computer security expert says the
consequences of computer hacking include
loss of credibility and goodwill, loss of
proprietary and customer information, loss of
trade secrets, reputation crisis,
embarrassment due to law suits and financial
loses.
He advises organisations to place some
warning banners on their home pages that
will inform hackers that they will be
prosecuted if caught in the act.
Such warning banners, he says, may go a long
way in preventing unauthorised access to a
website or computer network.
He says, "Choosing a good website hosting
company and employing the services of a
good web programmer, who does not use
templates by default (as this is what the
hacker expects) but engages in secure coding
practices — such as setting the right access
permissions on the website — is quite
imperative.
"Also, regular assessments and test for
vulnerabilities would help. Before designing a
website with a language or tool, a firm's IT
personnel should endeavour to understand
the vulnerabilities to guard against them from
the start. Above all sensitive information such
as usernames and passwords should not be
left on web servers (if you must, please
encrypt)."
To reduce the effect of data hacking and in
view of the ever changing hacking tactics,
Lawore emphasises the need for organisations
to employ the services of ethical hackers as
an important security measure.
"An ethical hacker helps you to detect the
loopholes and the impact of an attack before
the bad guy comes to hack you. By doing a
vulnerability test, the ethical hacker discovers
and shows you the vulnerabilities you are
exposed to and suggests defences against
them," he stated.
Minimising the possibilities of suffering
hacking, he adds, also lies in the hands of
website administrators. The webmaster,
according to him, should always make use of
secure internet connections to gain access to
the portals.
Doing so, he explains, will help to prevent
"session hijacking and sniffing" that may lead
to interception of electronic communication
and subsequent data theft.
Also, Lawore says just as files are backed up in
external drives, the same holds true for
websites.
He urges corporate organisations to engage
the services of website hosting companies that
provide backups to websites.
"Please keep a backup of your website
regularly so you can bounce back in case of
an eventual hack. Then, your company must
always backup the website after making any
changes. If you are unsure if your website has
a backup, contact the person who designed
your website and ask them to do it for you. It
saves you the burden of starting the website
from the scratch in the event of a major
cyber attack," he says.
No comments:
Post a Comment