Opinions Tue, 26 Dec 2006

Who will be attacked next?

As we enter a brand new 2007 year, I wish to send seasonal greetings to my fellow compatriots, especially, those who have sent me positive comments and suggestions by private mail on my 32 Featured Articles commencing August 9, 2005 to date, that have been published on the News page of Ghana web. Whereas, the Ghanaweb Opinion page, popularly dubbed SAY IT LOUD (SIL) records IP Addresses on postings, there is no such provision made for the News page where Featured Articles and News are published. Accordingly, unscrupulous elements have recently usurped my name Ebby Koney, pretending to be me posting scandalous comments using bad language to bring opprobrium to my name. One precious thing that is mine which no one can take away is my character, not to be confused with reputation. Character has distinctive qualities as well as positive qualities. The distinctive aspects of character are the set of qualities that make somebody or something distinctive, especially somebody’s qualities of mind and feeling. The positive qualities of character are those aspects that make somebody or something interesting or attractive. It is not possible therefore for one to divest me of my character. So the futile efforts of my cyber-attackers can never destroy my character The definition of reputation is the general opinions about something or somebody, something that somebody is known for. The sages have said, it is useless to worry about reputation. “Be more concerned with your character than your reputation, because your character is what you really are, while your reputation is merely what others think you are”. John Wooden, the legendary basketball coach said the above perhaps as a complement to Abraham Lincoln’s immortal words “Character is like a tree and reputation like a shadow. The shadow is what we think of it; the tree is the real thing.”

Analyzing the contents of these illegal impersonations, it is clear that vision-less political hacks from within my own political circle are the main culprits. Apart from them, another distinct group, with their own agenda, print libel wrongfully targeting me in their safe knowledge that their IP Addresses would not show on the News page. I have complained to the webmaster with the hope that a solution would be found. So I devote this end of year piece to not so much of a glossy subject of which I have done some little research on my own and with the caveat that I am not proficient in web security administration and ask that any technical misusage found here be not taken seriously but should be corrected to enhance our general collective knowledge. I call on those who know better to rise to the occasion and offer advice.

What exactly, am I talking about? I am talking about illegal impersonation, which is a form of identity theft on Cyber-Space. What categorization is illegal Impersonation? First, it must be stated that it is a criminal act. There are several forms of illegal impersonation but for the purposes of this piece I will focus on cyber- identity theft, which is usually where the criminal is trying to assume the identity of another in order to commit fraud, in this case, robbing me of proprietary interest in the use of my own name by me alone and no one else. If one pretends to be someone he is not and posts words purporting to come from an innocent party, a legal liability is established. However, till the identity of the fraudster is uncovered, there is little one can do. On a broader scale which would veer outside the scope of this piece, there is what is also known as Social Engineering, defined as a collection of techniques used to manipulate people into performing actions or divulging confidential information (various forms like “phishing, pretexting” etc not discussed here). While similar to a confidence trick or simple fraud, the term generally applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim. Such as my case, where the attacker using my name Ebby Koney does not come face to face with me to offer me opportunity to exact justice. The person using my name Ebby Koney does so through anonymity provided by the Internet and is brazen in such conduct. Is the person not a coward by hiding and throwing dirt, political darts and poisoned words?

The failure of conventional firewalls to recognize such fraudulent attacks and their derogatory impact certainly must be of great concern not only to people in my circumstance but to Ghana web’s Web Security Administrators as well. Savvy internet users know there are common flaws in web application design that facilitate cyber-impersonation attacks and some have tested countermeasures to protect against them. It may therefore be necessary for Ghana web’s Webmaster to find adequate measures to check cyber-impersonation attacks on the News Page. They offer protection for contributors on Say it Loud Opinion Page. Though I possess limited knowledge on Web Security administration as stated above, I clearly understood Countermeasures for this problem as discussed by Rohyt Belani who has focused on the design and implementation of changes that would mitigate these cyber-impersonation attacks.

Rohyt Belani offers the following solutions:

Increasing the length of the value of the cookie or session id

Increased randomness in the value of the session token

Protecting the integrity of the session tokens

Obfuscating the cookies

Use of server-supplied session id.

Protecting the confidentiality of the session tokens

He provides further solutions as follows: “Forcing the expiration of sessions after a preset period of time.” Belani says: “This ensures that an attacker does not gain unlimited unauthorized access to an application even if he manages to successfully guess brute-force or sniff a valid session token”. It would appear from my layman’s access to Web Security Administration that this would not work under the circumstances described in my case where the attacker logs in for a brief moment at a time to do his/her dirty work. Experts, please correct me if I am wrong!

So I trust experts in this field can help evaluate the following other points raised by Belani. “Performing rigorous server-side input validation of every form of client input to prevent cross-site scripting attacks that may allow an attacker to steal valid session tokens. Deploying application-level proxies to further enhance the security posture of the application and its underlying infrastructure.”

Ghana web is now in the big leagues and the prime source for news and information on Ghana and therefore significant countermeasures that make cyber-impersonation much more difficult should be found and implemented. Even though the NPP government lambastes Ghana web and has called for its demise, it is the one place the government and Ghana’s Embassies post news and pictures of presidential activities outside of Ghana. It is also believed that foreign governments check on Ghana web news. Indeed, NDC functionaries rush to have press conferences and pictures published on Ghana Web. So does Chuck Kofi Wayo! Without regard to any accusatory charge, I say emphatically that should I ever be in position to recommend a true patriot for a national award, it would be Mr. Francis Akoto, a man whose visionary innovation is so much admirable!

I hope I have avoided dense technical references in order not to side-step dangerously out of bounds and also to avoid getting into the cross hairs of those with better cyber knowledge. In order to assure the integrity of information flow from the News page, Ghana web Security administrators must solve this glaring loophole discussed here. Today, it is my name Ebby Koney under attack. Who will be the next to be cyber-attacked? Could it be you, Dear Reader?

In conclusion, and in the spirit of the Season, let’s ponder the following quote from "Othello", Act 3 scene 3, written by William Shakespeare:

“Good name in man and woman, dear my lord,

Is the immediate jewel of their souls:

Who steals my purse steals trash; 'tis something, nothing;

'Twas mine, 'tis his, and has been slave to thousands;

But he that filches from me my good name

Robs me of that which not enriches him

And makes me poor indeed.”

Season’s Greetings to all. May the coming New Year usher goodwill in people’s hearts and minds. May we cherish each other’s good name.

Views expressed by the author(s) do not necessarily reflect those of GhanaHomePage.

Columnist: Koney, Ebby