Bait and Switch Attack
Imagine someone has taken over your account, what would happen to you and the people who contact you on WhatsApp?
Just as it is easy to fresh install of WhatsApp for your new phone is also how easy an attacker would gain access to your WhatsApp and possibly start a conversation with your friends claiming it is you.
Most times, the direct risk is not to you if you’re attacked, but to your contacts. They can expect to receive requests for data or even emergency funds. This is social engineering at its best. We would trust an end-to-end encrypted platform, a message from a trusted friend and so are coded to have our guards down and rather feel pity in these circumstances.
The repercussions of this happening are beyond imagination. This can even further spread to more of your contacts having there WhatsApp accounts taken over.
With the account taken over, the attackers could then message contacts in the groups you are in as if from the account holder (you), as well as any other contacts whose WhatsApp messages were received after the take over. No legacy data is compromised. The target device remains untouched. WhatsApp has simply been ghosted onto an illegitimate device.
It is surprising how many people have not yet enabled the Two-step verification PIN in WhatsApp—almost everyone we have asked has yet to set it up. If you’re the same, then please take that minute and set it up now.
The Question now is, How do we prevent this from happening to you for the first time or again?
WhatsApp introduced a feature where you can set a PIN of your own choice and even an email address just in case you forget your PIN. The PIN is your own verification to confirm that it is you even after inputting the SMS verification so you do not otherwise have to share your PIN with anyone.
You can find this feature in your WhatsApp setting > Account > Two-step verification: There you will be prompted to enable your PIN and confirm it, then you will also be asked to type in an email address to use to recover your account in case you forget your PIN
The Uganda communications commission (UCC) acquired equipment to set up the central equipment identity register (CEIR) a database that contains a list of IMEIs of mobile terminals which are active in the mobile network, according to The New Vision newspaper. IMEI is an abbreviation of International Mobile Equipment Identity, a unique number used to identify mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone, but can also be displayed on-screen on most phones by entering *#06# on the dial pad, or alongside other system information in the settings menu on smart phone operating systems.
A member of a self-appointed group of citizens who undertake law enforcement in their community without legal authority, typically because the legal agencies are thought to be inadequate.
The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. Defenders Protection Initiative has organised a digital security webinar that is designed to engage and educate public and CSO partners to raise awareness about the importance of cybersecurity, to share experiences and solutions to trending cyber insecurity.
Defenders protection initiative is committed to re-enforcing the resilience of Human Rights Defenders against digital/cyber attacks. Following a survey to assess the digital security posture of civil society organisations in Uganda, DPI organised #DigiSecCon17; The Digital Security Conference 2017, themed, “Why should Civil Society in Uganda Worry” that was held in Kampala at the Serena Conference Centre, on the 8th of September 2017.
“This new Petya ransomware variant is like WannaCry without the kill switch, spreading automatically from computer to computer by itself and locking files,” Steve Malone, the director of security product management at Mimecast
After Uganda’s 2016 Presidential election, one of the former presidential candidates, Mr John Patrick Amama Mbabazi, made preparations to challenge the election results in the Supreme Court. The offices of his lawyers were however broken into in the night leading to the 9th of March 2016. Evidence for the petition was taken in documents and computer equipment. This incident obviously negatively affected the petition. There are conflicting opinions on the motive for the burglary and who the perpetrators of the burglary were.
On Friday 27th June 2014, Defenders Protection Initiative organized a breakfast meeting that was under the theme “Exploring the emerging security and safety challenges faced by civil society in Uganda”