Tag Archives: cybersecurity

A Doctor, without touching blood.

The Pinkie and the Brain, taking over the world

The road to a PhD – No white coats, no scalpels, just a whole lot of brainpower.

As is the case with me, I did not choose the path that is easily trodden. I have launched into the ocean to explore the lands beyond. My training is as an Accountant, and my work experience is in project management, but my newfound pursuit is at the crossroads where cybersecurity and automation meet – the uncharted waters of Autonomous Vehicles (AVs). My PhD research is titled “An Ontological Approach to Digital Forensic Investigations of Autonomous Vehicles.”

Quite a mouthful? I know. But I will break it down into simpler terms that could be understood. Self-driving vehicles are no longer a dream; they are here. Okay, may be not yet where you live but they are already in service in the cities of San Francisco, Los Angeles, and Las Vegas. While this is great news, as they stand to change our cities and lives as we know it for the better, they are also bad news. Bad news in the sense that they are fertile ground for threat actors to cause havoc. You don’t believe me?

A Waymo Driverless Car in San Fransisco

Let’s imagine that you have used a Uber-like app to order an AV to take you from Maroko to Makoko. The AV shows up, the doors open, and you jump with excitement into the plush, comfy seats, engrossed, as usual, with your other life happenings. Multi-tasking has become a way of life for us all. Suddenly, you notice the AV picking up speed, and as the surroundings rush by, your eyes are immediately drawn to the AV’s dashboard. You could see the speed needle touching 70kmp and become alarmed. Then fright took over. It didn’t stop there and kept going up, approaching 100kph. You screamed, calling on God to save you. From Yeshua, you moved to calling the names of your dead ancestors as panic gripped you. You tried forcing the doors open, but they are locked firmly. You looked for the brake pedal of the AV but could find none.

Adrenaline started rushing unbridled, and you remember a YouTube video you had watched that advised you to look for the handbrake in circumstances like this and pull hard. You frantically looked for one, but unfortunately, none exists. Death was imminent in the next millisecond; you closed your eyes, expecting the crash that would send you to your creator. Suddenly, everything became still. Just as suddenly as the AV picked up speed, it came to a halt. It was the calm before the storm as, within seconds, there were multiple collisions at the back of the car, the force of which would have propelled you forward, except that the seat belt tightly restrained you. The airbags had deployed in multiple areas, and you were fully covered with the white powder that had escaped from the airbags. You are still in this state of confusion when a voice comes up on the speakers, “We are the Pinkie and the Brain and are just messing with you. Hope you are all right?”

Now that I have your imagination running wild, calm down. While my research will not directly prevent such an event from happening, it will aid in delivering timely and comprehensive investigation of such events were they to occur. By so doing, the outcome of the research aims to increase the chances of bad actors being caught and hence act as a deterrence in a way.

So, you’re asking, this should be a walk in the park? It is not. AVs generate a humongous amount of data, some of which it keeps and others that it overwrites. To examine these, one needs to know what to look for and where to look for it – the finding the needle in a haystack problem. It is a challenging topic, but I am standing on the shoulders of giants. I have my thesis committee’s support and experience guarding me along the way.

To give you an insight, here is my first research paper titled “Towards an Ontological Digital Forensic Investigation Framework for Autonomous Vehicles, to be delivered in Colombo, Sri Lanka at the 6th International Conference on Advancement in Computing (ICAC2024). I hope you can follow along.

Join the conversation and send me some love.

Kila’s Nightmare

In our circle of friends, Kila is known for his exaggerations, always making a mountain out of a molehill. But the Kila sitting opposite me today is a far cry from the bubbly and positive Kila I grew up with. Weeping uncontrollably and refusing any comfort, this Kila is the total opposite.

Earlier, Kila had called, his voice trembling, saying he was on his way to my house. The knocks on the door were so loud and scary that I shouted out, “Who is that?”

“It’s me, Kila,” he replied.

I let him in, but his demeanour was that of a completely shattered man.

After much persuasion, I managed to get the story out of him. He had been defrauded, all stemming from a compromised email account. Someone had gained unauthorised access to his email. From the email exchanges, the intruder learned of Kila’s land holdings in a prime estate and had impersonated him in an email to the estate’s admin office, authorising the transfer of the plot to one Mr Hyacinth Akeremi. While this happened about a year ago, Kila only became aware of it yesterday during a casual visit to the estate. It was then that he learned of the sale he supposedly authorised and that the buyer, Mr. Hyacinth, had subsequently sold the plot to a third party.

It gets worse. Whoever compromised the email had also been able to access Kila’s eBay account. Using the stolen information, over the course of six months, they ordered various goods – from exotic perfumes and wristwatches to iPhones – all delivered to different addresses while being charged to Kila’s PayPal account. Kila estimates that over $75,000 had been charged to his PayPal account through this scheme. Asked whether he wasn’t getting notifications of the charges, he explained that the culprit had changed the email addresses associated with both his eBay and PayPal accounts, effectively blocking any notifications.

In total, he estimates he has lost about $215,000 and sought my advice on recovering his lost money.

Well, this could be anyone’s story if you fail to embrace multi-factor authentication (MFA). All of Kila’s woes could have been prevented if he had locked down his email with MFA. With the rise of AI and coding-as-a-service, cybercriminals are constantly on the prowl, intent on stealing information to compromise identities and wreak havoc. There’s the story of an Australian man whose house was sold without his authorisation in a similar cybercrime event. Ransomware is a growing threat where the ransom you pay in bitcoins becomes very difficult to track. And then there’s the risk of blackmail arising from sensitive information in your email inbox being exposed… don’t tell me there aren’t any! These are just some few ways you can be harmed.

Moringa Cyber, conducted an analysis of attacks on a client’s email address spanning June 1st, 2024, to June 16th, 2024, and discovered some alarming information:

  • There were 528 failed attempts to compromise the email account.
  • The top five countries from which the attempts originated were the United States (129 attempts), Germany (67 attempts), Croatia (45 attempts), Russia (35 attempts), and Canada (33 attempts).
  • The US, by far, accounted for 129 of the attacks, representing 25% of the observed 528 attempts.
  • Europe, as a continent, harboured the majority of the criminals responsible for these attacks, with 292 attempts emanating from the continent. Other continents’ results were North America (165), South America (32), Asia (26), Africa (9), and Australia (4).

They did a similar evaluation for a file server protected by a basic router firewall and discovered 118 attempts with the following breakdown:

  • The top three countries were Russia (34), Monaco (32), and the USA (17), followed by Panama (15) and Romania (8).
  • Again, Europe dominated with 85 of the 118 noted attempts.
  • Other countries included the UK (8), Germany (3), and Azerbaijan (1).
  • Noticeably absent were countries from South America, Australia, and Africa.

The good news is that there are many countermeasures you can take to defend yourself, starting with cyber education. To secure your email, consider using strong passwords that align with NIST password standards (you can read more about this here). Obviously, avoid clicking on any link or opening any email that you are neither expecting nor know the source of.

The team at Moringa Cyber is at the forefront of vaccinating African cyberspace, building resilience against those who wish to do us harm. They offer their expertise, tools, and resources to safeguard you, your people, businesses, and the environment from cyber threats. Give them a call now, and you will be glad you did.