Takeaways From Dr. Bright Mawudor's Cyber Security WorkshopIn the digital age, cyber security is becoming a critical issue. Recently Equifax, a major consumer credit reporting agency, was the victim of a major cyber attack that affected 145 million Americans. If anything, the attack has served as a reminder that now, more than ever, cyber security is an issue to pay attention to.
Prospect Magazine in their recent report The New World of Security wrote, “As early as 2010, the UK National Security Strategy rated cyber-attacks as a Tier 1 threat—the most serious.”
On Saturday October 14th, Dr. Bright Gameli Mawudor visited the MEST Accra Incubator to give a workshop on Cyber Security to help prepare our entrepreneurs and their companies against potential cyber threats in the future. Dr. Mawudor is the former Head of Information Security and Risk at Cellulant in Nairobi, Kenya, and currently works as a Cyber Security Specialist at Internet Solutions Kenya.
He also cofounded AfricaHackon, the first technical computer security collective. In addition to consulting on information security across the continent, the collective also runs an annual cyber security conference where members demonstrate the latest developments in the sector.
The workshop focused on the Cyber Security Kill Chain, one of the ways hackers intrude into a computer network and subsequently gain access to confidential/personal data. Dr. Mawudor demonstrated how easy it is to hack into a wifi network, harvest confidential info, like passwords, by sending benign looking pop-ups like fake Facebook log-in pages to unsuspecting targets, and gain access to people's phones using a reverse-engineered mobile application. He also illustrated how social engineering is at the centre of most hacks.
Here are a few of MEST Entrepreneur in Training Stephanie Omolu’s top takeaways from the talk:
- Google is the number one highway for hackers. The more information they can glean from the search engine, the easier it is for a target to fall victim.
- The strongest passwords are not ones filled with an amalgamation of symbols, case combinations, and numbers, but ones filled with spaces. In addition, he encouraged adding the two-step verification and backup code when logging into a personal email account.
- The more information hackers are able to accumulate from Google on an individual, the easier it is to become a statistic. Once identified, there are a number of tools that can be used to trace a target. These include:
- Theharvester, which, as its name implies, is used for harvesting information
- Nmap, used for network scanning
- Raven, a publicly available hacking tool
- Mara, a mobile framework for reverse engineering
- DataSploit, a data visualizer
- Maltego, a reconnaissance tool
- Xerosploit, used for sniffing networks and ssl stripping
- BeEF, a browser exploitation framework
- Shodan, a search engine for hackers who want to access internet connected devices
- and finally, a few of the most spoken-about devices and web apps of the afternoon: The Bash Bunny, Rubber Ducky, Wifi Pineapple and Google Dorks.
- The Bash Bunny, Rubber Ducky and Wifi Pineapple are all physical access tools. The Bash Bunny and Rubber Ducky are memory stick look-alikes that call a script which replicates and copies information contained in a Windows computer in a matter of seconds.The Rubber Ducky acts and runs as a human interface device which injects keystrokes into the targets computer device. Then, the Wifi Pineapple, a wifi auditing platform, scans wifi networks in order to gather information that can be used for fraudulent purposes.
Make sure to follow Dr. Mawudor here on Twitter for more news on cyber security!
Stephanie Omolu is an Entrepreneur In Training at The Meltwater Entrepreneurial School of Technology, where she has been training in Technology, Business and Communications for the past two months. Stephanie's favorite things to do are writing, eating, traveling, playing badminton, graphic design and coding. After graduation, she aspires to assume a role in the Product department for her startup.
Sign up for our newsletter
Be in the know! Sign up to receive the latest updates from MEST, our partners and the African tech ecosystem.
Due to COVID-19, MEST postpones training program to next year and doubles down on growing portfolio companies
At MEST, we continue to be deeply concerned about COVID-19 and have been closely monitoring developments locally and globally. Our number one priority remains the health and safety of our community and we will continue to follow local authority and health official guidelines.
Due to the ongoing nature of the pandemic and the uncertainty that the future of travel holds, we have been unable to conduct in-person interviews and host recruitment around Africa for our next cohort. For this reason, we have taken the decision to postpone the Training Program to next year.
While these circumstances are indeed unfortunate, we see this as an exciting opportunity at MEST to double down on providing support and mentorship to our existing portfolio companies and the African ecosystem.
Congratulations MEST Class of 2019: Graduation Weekend Recap
A recap of the MEST Africa Class of 2019's Graduation weekend