MS Risk Blog

MENA Security Update (13 February 2013)

Posted on in MENA title_rule

Algeria Update:

AlgeriaOn 8 February, the Algerian army arrested two AQIM would-be suicide bombers in Tinzouatine. The individuals, a Malian and an Algerian, carried explosive belts and automatic weapons. They were arrested in the Tamanrasset province near the Mali border.

This arrest follows an attempt in the previous week by an armed terrorist group to break into military barracks in Jebel Boudoukhane, in the southern province of Khenchela. The incident unfolded as terrorists, dressed in military uniforms, set up a false checkpoint near the target, and intercepted trucks that supplied the military barracks with food. The rebels took the driver hostage and drove to the barracks, carrying machine guns and RPGs. One terrorist was killed and several soldiers were injured; the remaining attackers were hunted down by military reinforcements.

Algerian forces are raising their levels of vigilance, as analysts believe that Algerian and Tunisian radical groups are sharing experiences and will increase attempts to conduct both terrorist activities and smuggling of weapons and drugs.

Libya Update:

Libya will close its borders with Tunisia and Egypt for five days, asLibya a precaution on the two-year anniversary of the removal of Muammar Gaddafi. Prime Minister Ali Zeidan stated, “As of midnight on February 14th until the 18th, no one will be allowed to cross the Libyan borders between Egypt or Tunis as a security precaution.” The government has ruled out official celebrations for the 15th.

Many Libyans, particularly in the east, are likely to take to the streets to protest the government’s inability to provide reforms, including security measures to disarm militias, or the completion of a new constitution.

Lufthansa and Austrian airlines have suspended services until after 17 February, citing “tensions on the ground”. International organizations, including the UN and Western embassies, will also be on lockdown beginning 14 February. Many foreign nationals have left the country in advance of the anniversary.

Security in Tripoli and Benghazi has been tightened, including an increase in checkpoints. The UK FCO has not changed travel advice, but urges against all travel to the country, particularly in light of anticipated demonstrations between 15 and 17 February.

Tunisia Update:

TunisiaTunisia has experienced a deepening political crisis since last week’s killing of Shokri Belaid, a leftist lawyer and outspoken opposition leader. The murder in broad daylight, which has not been seen since Tunisian colonial times, highlighted concerns over a largely unreformed police force and justice system.

Prime Minister Jebali delivered an emergency proposal to completely dissolve government and replace politicians with a non-political caretaker government in order to calm the unrest. The caretaker government would remain in place until elections could be held. The proposal sparked tensions within his own Ennahda party. Jebali has scaled back his proposals, which will be announced this week. If rejected, Jebali intends to resign.

One of the two secular parties in the coalition, Congress for the republic (CPR), is also opposed to Jebali’s proposal, fearing it will allow the return of figures from the former regime. Tunisian President Marzouki, who had also threatened to resign, has decided his CPR will remain involved in the transitional, Islamist-led government for an additional week. This announcement is a reversal on his threats to quit if two Islamist ministers were not replaced. CPR Secretary-General Mohamed Abbou stated, “The party has decided to freeze the resignations of its ministers for a week for more discussions on a coalition government.”

On Friday, tens of thousands of Tunisians took to the street for Belaid’s funeral, accusing the ruling Ennahda party of lax security measures in the face of increasing violence. The next day, thousands attended a pro-government rally in support of the current coalition.

UK FCO has issued no travel advice warnings.

Egypt Update:

In a rare move, hundreds of police officers held a protest onEgypt Tuesday, demanding that they not be used as a political tool of oppression by the reigning Muslim Brotherhood Party. Officers in at least 10 Egyptian provinces rallied around security officers, some carrying signs saying “we are innocent of the blood of martyrs.”

This uncommon protest by the police comes on the heels of increased police brutality during the second anniversary of the Egyptian revolution, which saw “old regime” tactics being used against protesters. On Monday, the second anniversary of the overthrow of Mubarak, police clashed with demonstrators in front of Ettihadiya Palace in Cairo, using water cannons and teargas to repel the protesters. The clashes have been smaller and less violent than in previous weeks.

Many protesters feel that President Muhammed Morsi is reverting to the tactics of force used by the Mubarak regime. Protesters also feel that the ruling party is using religious means to increase their control over the nation.

To underscore this, an Egyptian court banned YouTube in Egypt for one month due to the site’s continued hosting of an Anti-Islamic film which caused deadly protests throughout the Muslim world last September. Because the ban is both delayed and disproportional to the amount of unrest it caused in Egypt, human rights activists perceive it as a religious pretext for imposing restrictions and preventing free expression.

In addition, the nation was stirred last week by religious fatwas issued by hard-line Muslim clerics urging the assassination of opposition members. The ruling party has condemned these actions; Egyptian Interior Minister has issued an order for police to deploy additional security to the homes of opposition members. However, extreme actions such as the decree of a fatwa are unusual in Egypt, and are perceived to be in direct connection with the ruling party. The opposition party has since demanded that Morsi be put on trial over the deaths of 60 anti-government demonstrators in the past weeks; the public prosecutor claims there is no evidence to link Morsi with the deaths.

Password Security In A Corporate Environment

Posted on in Cyber title_rule

Many companies use passwords to allow employees access to sensitive material, yet to many cyber security experts, passwords are a relic of the past, stemming from a time when individuals used passwords to access email and the rare e-commerce site. Today, the internet has caused computers to be hyper-connected: many sites require password authentication, and more information belonging to individuals and corporations is stored in “The Cloud”.  The constant use of passwords is a double-edged sword. First, it causes individuals make critical mistakes in creating passwords, either through over-simplification or through creating over-complex and forgettable passwords which cost company time in retrieval and/or resetting. Second, many corporations have been lulled into a false sense of security by allowing one-factor access to secure information.  To a malicious hacker or a corporate espionage actor, these vulnerabilities make it easy to access critical information. 

How Hackers Hack

Hackers access corporate information in a number of ways. The first, and simplest, is guesswork. Individuals who use passwords to access many sites tend to become lazy in creating passwords. In 2012, the number one password used around the world was “password”, followed by “123456”. Hackers can often guess simpler passwords, or use “password dumps”— web pages dedicated to passwords uncovered by other hackers. In addition, automated password cracking programs simplify the process of cracking common passwords, even incorporating common numeric substitutions (i.e. pa55w0rd). In addition, many people tend to reuse passwords for multiple access points, so it is common that a user will create a password in their personal life, and then use it in their corporate environment as well. If a malicious user gains access to an individual’s private password, the likelihood increases that they can use the same password to gain access into a corporate environment.

Hackers also gain access to passwords through “phishing” by which they create websites or emails which look almost identical to existing companies, such as banks or email sites, and ask users to submit login information. Regardless of how complex a password is, the strength of that password is useless when it is freely given through these methods. If a hacker has access to a personal site, they may “lurk”, that is, look at the emails people receive to identify their banks and banking habits, place of business, social connections, and even “electronic mannerisms” such as how a person “speaks” online. By watching email transactions, a hacker can easily emulate the person to gain access into other parts of their life, such as sending messages to an accountant or a client, asking them to redirect funds or use the “new” email address, so as to go unnoticed.

In addition, hackers can gain passwords using malware: undetected viruses which are stored on one computer and send data to another, such as monitoring key strokes or activating a web camera. A report from 2011 indicated that malware was responsible for almost 70% of data breaches. Malware is particularly vicious because it targets large groups or corporations, gaining access to entire systems rather than single individuals.

Finally, an emerging trend that hackers can take advantage of is called “socialing”. Because most individuals use one or two email accounts to access banking, ecommerce, social networks and other sites, gaining access to one can easily allow a hacker to gain access to the other. For example, if a hacker has an e-mail username and password, they may attempt to use it on an e-commerce site, such as Amazon, which stores credit card information. If the password doesn’t work, they can click “Forgot Password?” and answer a few personal questions, often which are accessible through a Google Search or looking through the hacked email account. The password gets sent, and the hacker deletes the email and immediately logs onto the e-commerce site and changes the email address to direct it to him. Now, the hacker has access to banking information and home address.  The hacker then uses this information to gain access to other data, including tax and benefits numbers, and can infringe upon a person’s work and private life.

Increasing corporate password security

Because passwords are still the most common and critical entry point into most businesses, steps should be taken to increase security wherever possible.

Strong Passwords: First, and most critical, encourage staff to come up with strong passwords, with a minimum of eight characters, and check them through a password strength estimator, which measures the accessibility of the password, and can be found using a simple Google search.  Using the tool, one can see that a password such as “12345678” has a strength of 4%.

To generate a strong password, it is beneficial to think of a favourite saying or line from a book, and use the letters from each word, then to replace certain letters with capital letters or numbers. For example: “It was the best of times, it was the worst of times”

First becomes:                    iwtbotiwtwot (3% strength)

Then becomes:                   Iwtb0t1wtw0t (93% strength)

Another option is to create random phrases with mixed characters where possible, such as “nine-happy_dolphins_ate?” (85% strength).

Most importantly, discourage use of passwords which individuals use in other parts of their lives, and discourage password re-use as passwords expire. Many companies are opting for longer periods between password expiration to prevent people from changing only one portion of their password (For example, from “password1” to “password2”). Stronger passwords and longer user periods can minimize the risk of password apathy.

Malware and Phishing Awareness: Again, a password is meaningless when it is given freely. Corporations are increasingly educating employees on how to identify and authenticate legitimate e-mails and websites, encouraging staff to contact the company in question if the information looks suspicious. Organizations should invest in anti-virus programs which update regularly as new viruses are introduced into the cyber-world, and check digital certificates (the fingerprints of an incoming piece of data) to see if they are associated with existing malware.

Multi-factor IDs: Earlier this week, social media site Twitter announced a new two-factor identification system following a system-wide hack which compromised the information of over 250,000 users. Increasingly, corporations use multi-factor identification to allow employees access to protected information. Users supply their chosen password, and then either receive a SMS message to their phone which provides the secondary password, or enter a password from a physical token (some of which also require a code for authentication—creating a three factor ID). The multi-factor method adds an additional layer of security, and alerts true owners of attempts to intrude upon an account.

Biometrics: Biometrics, such as fingerprint, or voice scans, seem like the best possible protection for corporate integrity. However the technique has not yet been perfected, and is considerably pricey. If biometrics are used as a one-factor system, they are easily replicated: fingerprints can be lifted, or a voices can be recorded, particularly if one is speaking into such a system in a public location, such as a library or coffee-shop. In the future, biometrics may become one component of a multi-factor verification system, but at present, they are not feasible to many organizations.

White-Hat Hackers: In cyber-slang, a white-hat hacker is one of the “good guys”. Often, companies will hire white-hat hackers to expose weaknesses in cyber security systems, and suggest or provide remedies before those weaknesses are exploited by black-hat hackers, who use the weaknesses for malicious purpose.

Monitor Abnormalities: The best protection is vigilance, specifically, identifying access attempts that are outside of normal business processes. For example, Internet Service Providers identify the location from which a user attempts to access a secure sight. Be wary if a user, known to be in London, is logging in from Boston or Singapore. In addition, if a user is given a company phone or computer, identify whether that user is attempting to log in from a non-registered device.

As hackers become increasingly efficient, individuals and corporations struggle to find the balance between convenience and privacy. While multi-factor systems are on the rise, it is important to avoid making them cumbersome or inaccessible. Cyber experts are constantly working to deliver a system that covers the new areas of cyberspace that corporations venture into. Cyber-awareness and education ensures that your company is abreast of the latest technology in online security.

Security Situation in Mali (8 February 2013)

Posted on in Mali, Region Specific Guidance title_rule

In line with MS Risk’s recent advisories indicating that the security situation throughout Mali remains uncertain, a suicide bomber blew himself up on Friday in the northern town of Gao, sparking the first such incident to occur since France launched its military intervention in January of this year.  This attack signifies that the Islamist rebels have resorted to guerrilla warfare as a means of demonstrating that despite being ousted from their stronghold in northern Mali, they are still able to carry out hit and run attacks.  MS Risk therefore advises that it is highly likely that such guerrilla attacks may continue in the coming months, especially in those towns and cities that were recently recaptured by French-led forces.  This recent incident also proves that the war is far from being won.  The current security situation may result in an increased military presence and checkpoints in towns throughout the country.  Meanwhile in Bamako, fighting has erupted between Malian government soldiers and paratroopers who are stationed in the capital city.  MS Risk advises any expats in the Bamako to get to safety immediately.  It is highly recommended that you stay off the streets and keep away from any military bases as further fighting amongst the military divisions may occur.  Military base, especially those occupied by French troops, may also be targeted by rebel Islamist groups.  It is also recommended to be wary if driving over any of the three bridges across the Niger river which cuts the city in two.

Fridays’ suicide attack occurred when the attacker, who was on a motorbike at the time, approached a checkpoint located on the outskirts of Gao at about 6:30GMT.  The bomber, who is believed to be a young Tuareg, then detonated an explosive belt.  Reports have also indicated that he was carrying a larger bomb which failed to detonate.  The attack left one soldier injured.  Gao is one of the most populous cities in northern Mali and it is one of the towns that was recaptured by French-led troops.

This incident is the first known suicide attack to have occurred in Mali since France sent 4,000 troops into the northern region of the country on 11 January in order to oust the militants.  Although there are checkpoints, which are run by troops from France, Mali and Niger, throughout the country, there is currently an increased military presence in Gao as there are rising fears that mines may have been strategically placed throughout the city as a means of carrying out further attacks.  The suicide attack comes just one day after one of the Islamist groups, the Movement for Oneness and Jihad in West Africa (MUJAO), stated that they had “created a new combat zone” by organizing suicide bombings, attacking military convoys and placing landmines.

Over the past week, French-led forces have increasingly come under attack in the reclaimed territories.  A landmine blast which occurred on Wednesday between the northern towns of Douentza and Gao, killed four civilians who were returning from a market.  A similar incident in the same area, which occurred on January 31, resulted in the death of two Malian soldiers.  All of this is occurring at a time when French-led forces have been split into two units, with some remaining in the recaptured towns in order to enforce security, while others, along with 1,000 Chadian soldiers, moving into the mountains near the Algerian border where a large number of Islamist rebels are believed to have fled after French forces began bombarding their strongholds.  On Thursday, French and Chadian troops arrived in Aguelhok, which is located 160 km (100 miles) north of Kidal.  By Friday, the French-led forces moved into Tessalit, which is the gateway into the country’s northern mountainous region.  Over the past few days, air strikes have targeted both towns, aimed at removing Islamist bases.  The air strikes are also in preparation for ground forces which are set to enter the mountainous regions in order to drive the remaining Islamist groups out of the country.

Meanwhile in Bamako, reports have surfaced that Malian government soldiers have fought mutinous paratroops in the capital city.  Fighting erupted as soldiers attacked a camp of elite paratroopers who are loyal to ex-President Amadou Toumani Toure, who was ousted in the March 2012 coup.  It is believed that the incident broke out after the paratroopers refused to be absorbed into the other units in order to go to the northern frontline.  The violence comes on the same day that the first EU military trainers were expected to arrive in Bamako in order to begin further training of the Malian army.

Understanding Algerian Non-Interference

Posted on in Algeria title_rule

The hostage crisis at Ain Amenas gas complex in January placed a spotlight on Algerian foreign policy and security measures. Although unilateral Algerian security tactics frustrated international governments, authorities in many nations still believe Algerian support is necessary for security in North Africa. Yet President Bouteflika and the Algerian government are unlikely to provide extensive cooperation beyond their borders; Algerian policy is isolationist at the core.

The Algerian government has long held a “non-interference” foreign policy strategy.  Historically, President Bouteflika has been a vocal opponent of foreign intervention, believing in particular that Western foreign military spending in North Africa allows too much leverage and insight into domestic militaries. The January attacks highlighted the extent to which Algeria is ready to act unilaterally. When Islamic militants took several hostages, including 48 foreign nationals, the Algerian military acted quickly to end the siege. This decision, made without the advice or support of other nations, aggravated world leaders who commonly cooperate in such situations. However, to the Algerians, these dialogs appear time-consuming and intrusive.

Algerian reluctance to invite coalition cooperation within its borders is equally matched by an unwillingness to interfere beyond its borders, as evidenced during the2011 Libyan Revolution. Though the Algerian government did not support the Gaddafi regime, they were reluctant to become involved in NATO-supported operations to remove the dictator. Rather, the Algerian government focused on the potential volatility in Libya, fearing that instability would create pockets of opportunity for increased weapons trafficking and radicalised groups to take hold. The Algerian government fortified its borders, shutting down crossings between the two nations. Foreign Minister Mourad Medelci stated, “We can only say that the relationship between us will improve with the return of stability to Libya.” Further, the Algerian government believes that those who aided in the overthrow of Gaddafi, particularly NATO, are responsible not only for the resulting instability, but are beholden to guide Libya’s new government through course-correction as it makes its way into democratic polity.

The nature of this “fortress-like” philosophy dates back to Algerian independence from France in 1962, when the Algerian government became determined to become a pillar of sovereignty. Decades later, in 1992, Algeria suffered a coup d’etat which led to a decade long civil war between the Algerian military and two Islamic parties; the Islamic Salvation Front, and the considerably more radical Armed Islamic Group (GIA).  The GIA carried out a series of massacres, and Algeria found itself alone in struggling with militant Islamic insurgencies, relatively unaided by Western forces. By the end of the war, insurgencies cost the lives of almost 200,000 people, yet the terrorist threat in the Middle East was not fully acknowledged by Western forces until the attacks in the US on September 11, 2001. As a result, Algeria’s experiences have reinforced the government’s conviction to remain solidly independent in dealing with domestic security issues, and non-intrusive in events beyond its borders.

Complicating matters for Algeria, however, are contentious neighbours along those borders. Algeria is the largest country in Africa (five times the size of France) and has a 2,500 mile land border. Six hundred of those miles are shared with a still-unstable Libya, and a further nine hundred of those miles are shared with Mali, where Islamist militants have taken over the northern region of the country, threatening to impact security along Algerian borders. Still more troublesome, a large section of the nation borders fall deep within the Sahara. In that vast, secluded space, many militant groups have taken residence in the areas bordering Algeria, particularly in northern Mali.

In April 2012, an offshoot group of Al Qaeda in the Islamic Maghreb (AQIM) kidnapped seven people from an Algerian consulate in northern Mali. The militants executed one hostage and released three in the summer. The three remaining are reportedly still in captivity.  Despite these affronts, the Algerian government has been loath to cooperate in actions against militants in Mali, acutely aware of their direct impact on security within Algerian borders.  Algerian officials fear that military involvement might push the radicals further north into domestic territory. Further still, Algerian actions may cause radicalisation of the nomadic Taureg Bedouins, whose territory resides on the borders of Algeria, Mali, and Niger.

While the Algerian government is adamant that they will not send troops to Mali, it has granted permission for French fighters to use Algerian airspace, and has reinforced military presence along the Malian border. The attackers at Ain Amenas gas complex claimed that the siege was a direct result of Algerian cooperation. Attacking Algeria’s gas complex is a significant step for militant Islamists; the assault was more sophisticated than bombings in public places, and sources confirm that the attack has been planned for some time, with the help of individuals working inside the complex.  AQIM and other radicalised groups have historically profited from ransoming hostages, and a complex with foreign nationals would possibly provide income to spend on achieving goals in northern Mali.  In addition, the attack sends a message. Sonatrach, Algeria’s nationalized oil and gas company, is the tenth largest in the world. The hydrocarbon industry provides the bulk of the nation’s wealth.  An attack within such an infrastructure signals an attempt to cripple the Algerian economy.

However, a large percentage of Algerian revenue supports its defence spending. Algeria has the 16th largest defence budget in the world (primarily purchasing weaponry from Russia), and a highly proficient military, adept after years of experience, at securing its borders and ensuring safety to its hydrocarbon profit sectors. Algeria will continue to secure and reinforce its borders from within, but are unlikely to provide more than airspace permissions in affairs beyond its borders.

Security Situation in Mali (7 February 2013)

Posted on in Mali title_rule

Over the past forty-eight hours, Chadian soldiers have continued to secure the town of Kidal in Mali while France has urged the United Nations to send peacekeepers into Mali as French troops prepare to withdrawal from the mission by March 2013.  The security situation throughout the country remains to be volatile as counter attacks by Islamist rebels have indicated that while all of the cities in the northern region have been retaken, the rebels continue to have the capabilities of regrouping and staging hit and run attacks.  It is highly likely that such attacks and clashes will continue to occur during the transitional period as the rebels will attempt to use this moment to regain their access.

On Tuesday, an estimated 1,800 Chadian troops entered the northern town of Kidal in  order to continue securing the last major Islamist rebel stronghold.  Meanwhile reports have indicated that there are rising tensions in Mali as the French-led forces have been attacked by Islamist rebels in retaken territories, raising fears that a prolonged insurgency may occur.  French Defence Minister Jean-Yves Le Drian confirmed on Tuesday that rebels had hit back at troops with rocket fire in Gao, which is the largest northern city.

Meanwhile after announcing plans to start withdrawing its 4,000 troops from Mali in March, France has called on the United Nations to begin deploying its peacekeeping force in order to take over the mission.  Speaking to the media in Paris, Foreign Minister Laurent Fabius indicated that a peacekeeping force could be in place by April and that it would incorporate troops being deployed under the banner of the West African intervention force.   France wants the UN force to help stabilize Mali and to seek an end to the long-standing conflict between the ethnic Tuaregs and Arabs and the rest of the population.

So far, France has sustained one fatality, a helicopter pilot who was killed at the beginning of the mission.  The Malian army has indicated that eleven of its troops have been killed while another sixty have been wounded.  France’s Defence Minister has indicated that the monthlong French offensive has killed hundreds of Islamist fighters in Mali.