If you’re familiar with mafia movies then you’re familiar with extortion – the practice of obtaining something, especially money, through force or threats. Extortion has been around for centuries – well before “The Godfather” or “Goodfellas.
” Even cyber extortion, which extends this criminal activity into the digital world, isn’t new. What is new, however, is the wide variety of methods that are used by the bad guys to get their money.
Three main tactics are behind cyber extortion: the threat of distributed denial of service (DDoS), the threat of data compromise and ransomware. DDoS attacks are one of the most popular means to facilitate extortion. These types of attacks typically target business-critical websites in order to increase the likelihood of payment, usually via Bitcoin (BTC), and can have crippling effects on organizations. In certain cases, such as when targeting hosting providers, the threat actor may add more pressure to pay by using the negative publicity associated with service downtime as a threat.
A second method of extortion involves the potential release of compromised data. This method is dependent on the fact that the target’s data has already been compromised. The threat of its release to the public domain is used as blackmail in order to extort money from the affected entity.
A third type of extortion, and the one most often in the news as of late, is ransomware – malicious software (malware) that restricts access to the computer system it has infected. The malware demands that a ransom be paid before restoring access to affected resources. Ransomware can prevent access to many features of a victim’s machine, including files, applications and the operating system itself. Because ransomware is an ever-evolving threat that can be more challenging to address than other cyber extortion tactics, let’s take a closer look at how it works and how to prevent and mitigate it.
At a high-level, the ransomware process is fairly standard. Files are encrypted and the attackers, who hold the decryption key, will only allow the target to decrypt the files after the required BTC ransom is paid. Specific details of the attack, however, will depend on the variant.
Until recently ransomware has been delivered most commonly via drive-by-downloads from exploit kits, or through spam emails that either contain malicious attachments or encourage recipients to visit websites hosting malicious content. But we see that starting to change with threat actors using more targeted methods to achieve their objective, such as spear-phishing emails purporting to be from a job applicant or including the name, job title and job-relevant information of the recipient. The disclosure that some organizations are paying the fee to unencrypt data likely provides further motivation for these types of attacks. In fact, when the actor estimates there’s a high likelihood of payment of the ransom fee they invest in more reconnaissance which can further increase the likelihood of infection.
As ransomware becomes big business, research on the dark web reveals a number of services being advertised to make it easy for beginners with low technical understanding to execute ransomware attacks with success. Everything they need is available on a USB stick for $1,200 or they can take advantage of a hosted service in return for 5 percent commission on the ransom payments received.
So how can you combat cyber extortion? Cyber situational awareness can give you greater insights into the tools and processes used by actors that employ DDoS-based extortion and compromised data release extortion. Advanced knowledge of the typical demands of a threat actor and their capabilities can help you make difficult decisions if presented with such a scenario and help you prevent future attacks.
Mitigating ransomware threats is more complex. It requires a combination of technical and process controls and company-wide engagement – from employees, to executives, to IT security teams. Cyber situational awareness can help you understand the infection vectors of the malware and apply the appropriate security controls to mitigate the risk of infection.
This includes insights you can use to raise staff awareness of how ransomware attacks occur and help you devise technical and procedural controls to prevent infection and to develop ransomware response procedures in the case of infection. Of course ensuring that backups are maintained and are separate from the network can increase resilience to such attacks. In addition, several decryption tools have been released but, in the cat and mouse game between ransomware and such tools, their effectiveness tends to be short-lived; ransomware developers are continuously developing encryption methods to evade them.
As defenders, staying up-to-date with the latest trends and innovation can be hard, but it is essential in order to effectively prevent and mitigate the effects of extortion on your business. With cyber situational awareness you can learn about the actors involved in extortion and their tactics, tools and motivations. With this knowledge you can more effectively align your defenses and make better decisions in the face of an attack.
By Alastair Paterson, CEO and Co-Founder of Digital Shadows
In January 1983 Robert Mugabe’s government launched a massive security clampdown in Matabeleland. It was led by a North Korean-trained, almost exclusively chiShona-speaking army unit known as the Fifth Brigade. They committed thousands of atrocities, including murders, gang rapes and mass torture.
Mugabe’s government called the operation Gukurahundi. This is chiShona for “the rain that washes away the chaff (from the last harvest), before the spring rains”.
It is estimated that between 10 000 and 20 000 unarmed civilians died at the hands of Fifth Brigade.
An analysis by the author of official British and US government communications relevant to the Matabeleland Massacres has shed new light on the British Government’s wilful blindness to Operation Gukurahundi, including its diplomatic and military team on the ground in Zimbabwe during the atrocities. The information was obtained via Freedom of Information Act requests to various British government ministries and offices and to the US Department of State.
The unique dataset provides minutes of meetings and other relevant communications between the British High Commission in Harare, Prime Minister Margaret Thatcher’s office, the British Foreign and Commonwealth Office, the Cabinet Office and the Ministry of Defence in London, as well as the US Department of State and the US Embassy in Harare.
The attacks’ ramifications continue to be felt by survivors and their families. The children born of rape at the hands of the Fifth Brigade face ongoing discrimination and generally find themselves in hopeless situations.
The catalogue of brutalities committed by the Fifth Brigade include:
One man learned that his child was abducted from school by the Fifth Brigade and forced to catch poisonous black scorpions with his bare hands. He was stung and died before being buried in a shallow grave (interview with survivor TH, 2017). His only “crime” was to be Ndebele.
Entire families were herded into grass-roofed huts, which were then set alight (interview with survivor AN, 2017).
In Mkhonyeni a pregnant woman “was bayoneted open to kill the baby”. Also, “pregnant girls were bayoneted to death by 5th Brigade in Tsholotsho”, killing the unborn babies.
Young Ndebele men between the ages of 16-40 were particularly vulnerable. They were frequently targeted and killed or forced to perform demeaning public sex acts.
The data provides a unique insight into the British government’s role in Gukurahundi. It also establishes what information was available to the British government about the persistent and relentless atrocities; what the British diplomatic approach was in response to this knowledge; and what the British government’s rationale was for such policies.
The data evidences, for example, that the British Foreign and Commonwealth offices were aware that:
there was much talk – and evidence – of widespread brutality by the Fifth Brigade towards [Ndeble] villagers.
In a cable forwarded to the US embassy in Maputo and Dar es Salaam, then-US Secretary of State George Shultz stated:
what we are addressing is not simply a bad policy choice by the GOZ [Government of Zimbabwe] to deal with a difficult security situation in a section of their country. What is involved is the very fundamental issue of relations between the two parties, between the Ndebele and the Shona.
The West German ambassador to Zimbabwe, Richard Ellerkmann, thought it “ominous” that “Mugabe, in his latest speech in Manicaland, had used the Shona equivalent of ‘wipe out’ with reference to the Ndebele people, not just ZAPU people, if they didn’t stop supporting the dissidents”.
However, “most poignant for Ellerkmann was the remark of a German Jewish refugee in Bulawayo who said the situation reminded him of how the Nazis treated Jews in the 1930s”. (Cable American Embassy, Harare to Secretary of State Washington DC, 11 Mar. 1983).
There could be no doubt in the minds of the British that Gukurahundi was Zimbabwean government policy. On 7 March 1983 Roland “Tiny” Rowland, a British businessman and chief executive of the Lonrho conglomerate with heavy economic commitments in Zimbabwe, met Mugabe. The documents indicate he subsequently reported to the American ambassador in Harare that he was convinced Mugabe was:
fully aware of what is happening in Matabeleland and it is Government policy. Mnangagwa (Zimbabwean Minister of State Security) is fully aware and he was in the meeting when they discussed the situation in detail.
The author’s analysis provides clear evidence that the British diplomatic and military teams in Harare during Gukurahundi were consistent in their efforts to minimise the magnitude of Fifth Brigade’s atrocities.
It is indisputable that this is the general theme of the available cables that were forwarded from the British High Commission in Harare to London during the period analysed.
The analysis also clearly proves that, even when in receipt of solid intelligence, the UK government’s response was to wilfully turn a “blind eye” to the victims of these gross abuses. Instead, the British government’s approach appears to be have been influenced solely by consideration for the white people who were in the affected regions but were not affected by the violence.
Rationale for realpolitik
The rationale for such naked realpolitik is multi-layered. It is expressed clearly in numerous communications between Harare and London. One cables notes that:
Zimbabwe is important to us primarily because of major British and western economic and strategic interests in southern Africa, and Zimbabwe’s pivotal position there. Other important interests are investment (£800 million) and trade (£120 million exports in 1982), Lancaster House prestige, and the need to avoid a mass white exodus. Zimbabwe offers scope to influence the outcome of the agonising South Africa problem; and is a bulwark against Soviet inroads… Zimbabwe’s scale facilitates effective external influence on the outcome of the Zimbabwe experiment, despite occasional Zimbabwean perversity.
One can but assume that “occasional Zimbabwean perversity” refers to Gukurahundi.
In a more general sense it is quite clear that, apart from the immediate perpetrators, external bystanders also have to be held accountable at least to some extent for the unbridled atrocities that took place in Zimbabwe.
With the end of Mugabe’s long reign drawing ever closer, it is imperative that the international community help develop strategies to help Zimbabweans address the prevailing impunity and lack of accountability for the crimes of Gukurahundi. That is critical for the establishment of truth, justice, and accountability for the victims, survivors and their families.
State owned enterprises are vital to many economies, but are particularly vital to those seeking economic development.
This is true in South Africa too. Which makes it odd that the South African government – and much of the policy debate – never sees any value in trying to work out what role they should play in growth and development.
Finance Minister Malusi Gigaba’s interest in selling off government shares in telecommunications group Telkom, to bail out South African Airways is the latest example of a trend in which state owned enterprises are seen as useful pawns in government plans but not as national assets whose use should be thought through carefully.
The importance of South African state owned enterprises was spelled out in a 2015 Organisation for Economic Cooperation and Development policy brief. It estimated that their revenues correspond to 8.7% of the country’s gross domestic product. They also, it found, play a vital role in providing services:
The population’s access to water, electricity, sanitation and transportation is almost entirely dependent on the state, operating through corporate vehicles. They are concentrated in strategic sectors – infrastructure, transport, energy and water – and are “among the main sources of employment” in cities.
The Organisation for Economic Cooperation and Development might also have mentioned that State owned enterprises are also a key source of racial change. According to the 2016/17 report of the Commission for Employment Equity, black people occupy just under 75% of top management jobs in state owned enterprises – black Africans 57%. In the private sector, the figure is 24.5 % - only 10.8% are black African.
Given this, one might expect that the government would make it a priority to work out what the most appropriate role for parastatals is in the economy’s development. But it isn’t a priority – nor has it ever been.
Rule of short termism
State owned enterprises have been seen as a route to private investment, enrichment for the connected or a site for political battles but never as a key element in the development mix.
In fairness, private interests have shown no great interest in debating the role of state owned enterprises either. They have preferred taking sweeping positions for or against privatisation. But, given state owned enterprise’s role in governance, government should take the lead in thinking through what State owned enterprises should do.
The reality is different. Gigaba’s interest in selling off government holdings in state owned enterprises has much more to do with pressures for patronage than placing privatisation back on the agenda some 15 years after president Thabo Mbeki was forced to ditch it. It would be a strange turn if appeasing demands for public money revives a market friendly option which Mbeki had to abandon. And it certainly would not suggest a government committed to finding a development role for state owned enterprises.
It seems that the Mbeki government wanted to sell off shares in state owned enterprises not because it had a considered view that this would achieve the goals parastatals were designed to serve. The motive, rather, seemed to be to enhance private investor confidence and state revenues. Many might support these goals. But neither has to do with a long-term view on the contribution these enterprises could make to the economy.
A balancing act
Nor has Gigaba revived privatisation because he and his advisors have thought through the role for state owned enterprises which his predecessors ignored. He is, rather, trying to balance the two pressures he has faced since he became minister earlier this year.
On the one hand, he does not want to become the latest finance minister to face pressure for not giving a state owned enterprise what it needs. On the other, he does not want to preside over a second round of rating downgrades because he spent money the government did not have. The only way to square the circle is to sell off shares in one state owned enterprise (Telkom) to pay for the bailout in another, South African Airways. The government’s stake in Telkom is over 39%.
It’s hard to see how this strategy is sustainable. The South African Airways bailout request will not be the last. And it’s clearly not workable to keep on selling off national assets whenever state owned enterprises want cash injections. Nor is this likely to protect the minister from political flak. There is sure to be principled opposition to the strategy and patronage politicians will also notice that the prospective piggy bank is being sold off and will rebel.
But even if Gigaba does manage to bring off the trick, it’s obvious that this move has everything to do with balancing political pressures and nothing to do with a development strategy.
Between Mbeki’s strategic retreat and Gigaba’s strategic balancing act, state owned enterprises have not been quiet backwaters. They have been, and still are, key battlegrounds in the war between the ruling party factions as officials and politicians in its patronage group try to turn them into vehicles for making deals and accumulating goodies while their opponents try to stop them.
Lately, this battle has been played out in parliament – first over the South African Broadcasting Corporation, now over state owned power utility Eskom. South African Airways has been a battleground throughout and other state owned enterprises have been quieter sites of conflict.
Economy pays the price
This trench warfare, in which both factions seeking control of the ANC make gains after pitched battles but neither ever wins the war, may shape the future of the ANC and government’s role in the economy. But again, the issue here is a political fight for power, not considered positions on the role of state owned enterprises.
The economy pays an obvious price for this failure to care about their development role – missed opportunities for growth and the exclusion of many who go without wages and salaries. But, given the factionalised nature of politics, which is likely to continue, it is unrealistic to expect serious thinking from the politicians on the role that state owned enterprises can play in growth and inclusion.
This makes it urgent that private interests take this issue much more seriously, replacing the stereotyped debate with considered proposals for change. State owned enterprises are too important to be relegated to pieces on a chessboard. But nothing is likely to change until everyone with an interest in the economy’s future develops ideas on how state owned enterprises fit in and presses politicians to take notice.