Of BTL and Cyber Security in Belize

Published by BBN Staff at December 9, 2020

Tags

Posted: Wednesday, December 9, 2020. 9:33 am CST.

The views expressed in this article are those of the writer and not necessarily those of Breaking Belize News.

Greetings and Salutations, Mr. Editor

Kindly allow me some space in your prestige platform to discuss and perhaps inform on couple tech issues, I heard on Belize’s local news today. There were several issues which recurs in my (Cyber Security) psyche after listening to Belize local news on Both Channel 5 & 7.

First, BTL – It’s new Board of Directors’ hope/plan – in moving forward. I heard the new President of the Board of Directors (BoD) speak of “BTL has lost this major competitive advantage…We lack content and we lack a competitive advantage…”. To that I would like to ask, is Cloud Computing an idea that this new board has considered? Have BTL thought of providing Cloud computing service which could be used both locally and regionally?

As Information, Communication and Technology (ICT) Director at the University of Belize (2013-2016), I met with several Software providers who had outstanding software products to provide Belize’s Business and Government efficient services ranging from Payroll Software to Enterprise Resource Planning (ERP’s) and many other software needed to maximize efficiency to Belize Private and Public Sector.

However, as a Stand alone these products were outside the affordability for individual companies to implement. Thus if BTL could create a relationship with these product developers and provide Software As A Service (SAAS) to the Belizean and regional businesses, could be another income generating source for both BTL and the local IT companies. Perhaps they can even provide Infrastructure As a Service (IAAS), to companies who are struggling to afford IT hardware and personnel to service them.

My second and more important thought, is that of the “WhatsApp” scam that is happening in Belize. To paraphrase Jules Vasquez of Channel Seven news, “One must be extremely naive or stupid to be caught up in this scam”. Jules is partially right with that statement. As I travel and speak on Cyber Security, I cannot emphasize enough, to my audience, humans are the weakest link to any Cyber security posture. As Technicians/Engineers/Architect, we can configure all the necessary Security measure to protect our environment but all it takes, is one simple “click” to compromise our security.

Computers works by Binary, all they understand is 1 and 0’s. It’s either off or on, Yes or No, those are the only two states computer understands, at least for now until Quantum computing becomes main stream (but that’s another story on which I have written extensively). So when Jules states, he thought the WhatsApp End-to-End encryption would protect his identity, that is either “naive or stupid”.

What End-To-End encryption means, is that while your data (sent from the app) will be encrypted during transmission, that by no means, tells that your Identity/Login saved on your device is encrypted. Stored password in your Keychain or other password storage systems on your device has nothing to do with WhatsApp or other Apps encryption protocols. What I would suggest that you do if you get a request for a “code” on your phone, change your password IMMEDIATELY and DO NOT respond to such message.

Multi-Authentication works in two or more phases. First they have had to be able to enter your right login credentials (i.e. username and password). Then if such login request is coming from an unregistered device, they will need to verify that it is indeed you, who is trying to login. Much as suggested by Ronald Reagan: “Trust but verify”. In the instance as explained in the news tells, a cyber security specialist can easily surmise, the person/hacker must have harvested one’s login credentials through other means, and now the authentication is going to its second phase which is verifying with a code, because the device they are logging in from is unregistered to the account.

Of interest, here this second phase only occurs if you are signing in on an unregistered device (the hacker’s device). Thus, the code will be sent your registered device for confirmation and the hacker then employs “Social Engineering” to convince you that such code was sent to you by error from him or her, which is totally false. In fact such code was sent to you by WhatsApp to verify that it is truly you. Once provided to the hacker then he can confirm what the authentication server/system is expecting.

In reality, WhatsApp or any other App/Service has done it’s part in trying to verify that you/they (the hacker) are who you/they say they are. Without that code, the app would and could not authentication and grant access to one’s account. Thus it is imperative that the Hacker exploit one’s naivete or ignorance and request the code.

One may ask, how did the hacker get my credentials? There are many way how that could have happened but I’m almost certain that it was not from WhatsApp authentication servers – or in the least if WhatsApp Authentication servers were hacked, by law, they would have informed you. So one way they could have gotten your password is that you have some sort of Credential harvesting spyware on your device. This would also suggest that it’s not only your WhatsApp credentials have been compromised, but all other account credential stored on the device.

In closing, I would like to say Kudos to M(r)s. Haylock, Mr. Sharp and all other member of the Security team who completed Belize’s Cyber Security National Policy. This has been a great feat and long overdue. I am excited to see what was just a concept when we worked on it during my time at UB, has now become a real document and policy. I am uber excited to see that Cyber Security is coming to the fore in Belize’s technology space, we’ve still got a long way to go, but every step counts towards the journey.

Regards,

Greg Dominguez

PhD. (ABD) – Information Security and Assurance.

[email protected]

Mr. Dominguez possess a Bsc. in Computer Forensics, Msc. and PhD. (ABD) in Information Security and Assurance. He currently works as a Cloud and Cyber Security Consultant based out of Dallas Tx. And Los Angeles California.

References

http://www.7newsbelize.com/index.php#story3

http://www.7newsbelize.com/index.php#story15

Advertise with the mоѕt vіѕіtеd nеwѕ ѕіtе іn Belize ~ We offer fully customizable and flexible digital marketing packages. Your content is delivered instantly to thousands of users in Belize and abroad! Contact us at mаrkеtіng@brеаkіngbеlіzеnеwѕ.соm or call us at 501-612-0315.