Nairobi — Unless the truth of what really happened to the websites of ODM's presidential aspirants Kalonzo Musyoka and Raila Odinga is plainly told, a number of people may fear using the Internet. They might believe it is unsafe and may never put their money and time in the technology.
Increasingly, websites are becoming great tools for communication and business. Never before has man operated a facility to work with that is global and with 24 hours, seven days a week presence. The Web is certainly the technology that will determine the winners and losers in almost every human aspect of the 21st Century.
The truth about the ODM case (if you already don't know it) is that there was no hacking. If anything, it was some hijacking by pranksters who registered some domains - that portion of a name that identifies with an individual or a company, and made it to point at other websites like the office of the Government Spokesman's site.
The official sites, www.kalonzomusyokafoundation.org and www.odmk.org are intact. There was no shop-breaking or defacing here.
These malicious people exploit users' inability to get it right the first time. Naturally, Internet users would be guessing on domains closer to the existing ones, www.kalonzo.org or www.kalonzofoundation.com and so on. For each guess the crooks put content that is not associated with Kalonzo, the MP.
This is a form of online identity theft and there are varied ways of ensuring that your domain name is safe from such exploits. Domain names should be easy to remember. They are used to translate the unique Internet Protocol (IP) address numbers issued to each computer.
I understand in the Western world where people are crazy about insurance, they have a cover for "identity theft". So if some folk stalks the Internet, masquerading as you, causing some embarrassment to your otherwise good character, you get paid for it.
It is critical to maintain the organisations brand online by ensuring the selected domain name reflects the organisation's recognised or well-known name. In the case above, www.odm-kenya.org and www.kalonzofoundation.org were better and more reflective of the organisation's domain names rather than www.odmk.org and www.kalonzomusyokafoundation.org . In some instances organisations register all possible names around and about their primary domain name.
Occasionally, Cyber Squatters register domain names with the intention of making money. Around 2001, another joker registered www.rais.go .ke with the hope of cajoling government officials to part with cash in the name of redeeming their brand name. He got nowhere with his schemes and the government has since got smarter. You cannot now register a .go.ke domain without the approval of the Government of Kenya.
The reigning competition amongst the generic top-level domains (gTLDs) like .com, .net and .org has led to rather lax checks and controls by registrars with regards to domain name owner information.
In comparison, domain name registrations at the country code level for instance the .ke registry, registrars are obligated to validate the information, therefore eliminating falsified data and further ensure that the name registered does not infringe on a third party's rights and or the laws of Kenya.
Domain registrations at the gTLD levels are not subject to laws of any country hence their generic nature unlike common perception of being global. This has often posed a challenge to legal authorities lacking the appropriate jurisdiction to prosecute locally.
A search in Whois directory ( www.whois.com ) shows that Kalonzo and Raila registered their sites outside the country.
Of course it is possible for websites to be hacked or defaced. This is common especially where there is monetary gain for the hacker. The perpetrators often target banks where they redirect traffic to their websites in order to acquire account details like passwords and credit card numbers.
Internet forums went ballistic with this saga. From Kictanet, (Kenya ICT network) someone blamed it on lack of policy. Another one from www.mambogani.com suspected it was the "latest government project".
But all is not lost. Implementation of security solutions like Secure Socket Layers (SSL) to secure website transactions and frequently upgrading systems to patch against application security flaws ensure web safety.
Mr Michuki Mwangi, the manager of KENIC (Kenya Network Information Centre), which oversees the management dot ke domain names has some worthwhile advice.
"Considering the existent threats to online information, the Computer Incident Security Response Team ( www.csirt.or .ke) has been set up to provide the local Internet community with information related to emergent vulnerabilities and security bulletins. Where applicable CSIRT will assist and allocate resources to address or mitigate online attacks."
Mr Limo is a journalist working in the ICT industry