It never rains but it pours for Chakwera’s regime which is pregnant with scandals and controversies.
If it is not about corruption scandals among senior Government officials then there are reports about Chakwera not honouring the Chakwera-Chilima secret electoral alliance pact.
As if such scandals are not enough, Malawi has recently become a playground for cybercriminals under the clueless leadership of President Chakwera.
One recent scandal borders on the hacking of the immigration computerised system in which sensitive data including passport details were encrypted by a ransomware called mallox.
By way of a definition, a ransomware is a malicious software that limits or even blocks users from accessing the system till a certain amount of money known as ransom is paid.
The mallox ransomware potentially encrypts a file making it unreadable till it is decrypted by a special password called a key. It is this key that is given by the hacker after paying a ransom. A hacker is simply an intruder who maliciously accesses the system without permission.
Historically, mallox hit the cybermarket in 2021 and it is surprising that systems administrators of Malawi Immigration department did not install the latest anti-virus and anti-ransomware. Was this out of negligence or it was a deliberate concerted effort to sabotage the immigration computerised system? For sure, someone must be held accountable for such a fracas.
Unfortunately the Malawi Government is not open enough to explain the circumstances that led to the alleged loss of data in the immigration system which the same Immigration department claims to have recovered within a short time of President Chakwera’s directive.
Another version of the saga points to the insider-jobs attack in which legitimate employees became the source of hacking for personal gains.
It has been allegedly transpired that system administrators bypassed the system after learning that its licence had expired. If that is the case, then the supplier of the system could be another suspect of sabotage.
On the other hand, many Malawians have been left wondering why President Chakwera now seems to be concerned with the authenticity of the immigration computerised system when he personally pardoned a corruption convict, Uladi Mussa, who was once convicted of dubiously giving Malawi passports to foreign nationals. For sure, Chakwera’s hypocrisy is real.
What is still astounding is that this is not the first time Malawi Government has been duped during this information age.
Truth must be told, the Chakwera government is embroiled in one scandal after another.
In 2022, it is on record that the Malawi Government paid US$727,000 (K750 million) to a meat company for the procurement of fertilizer meant for the Affordable Inputs Programme (AIP).
As if these financial scandals are not enough, in 2023, the same Malawi government, through the Ministry of Agriculture, offered a Romanian company called East Bridge Estate to supply 600,000 metric tonnes (MT) of fertilizer worth $124.5 million (about K129 billion). Ironically, East Bridge Estate largely specializes in importing medical equipment. Oh my God!!
It is no secret now that these dubious communications between Malawi government officials and scammers involve the use of computers and the internet. For sure, cybercriminality is indeed real in Malawi.
What is worrisome again is that such neglected and unaddressed cybercrime activities are affecting innocent Malawians.
For instance, in 2022, Rest of World reported that Malawians have more mobile wallets than bank accounts, resulting in identity theft and other prevalent fraudulent activities.
In fact, the Malawi Communications Regulatory Authority (MACRA) asserted that scammers steal $117,000 using mobile money transfers every month, largely due to high illiteracy levels, which are rampant in Malawi.
However, at this juncture we can ask ourselves this question, what measures can be put in place to mitigate the prevalence of cybercrime in Malawi?
Firstly, it is imperative that the National Assembly enact cybercrime laws which will endeavor to criminalize cybercrime in Malawi.
Furthermore, law enforcement and investigation agencies will also be empowered to investigate cybercrime. Moreso, individuals and organizations will be obligated to report incidences of cybercriminal activities.
Secondly, just as personal hygiene is necessary to stay healthy, regularly following cyber hygiene practices helps organizations and individuals to maintain the health and security of users, devices, networks, and data.
It must be a shared responsibility for all departments and users to maintain cyber hygiene at all times.
Thirdly, there is a need to enhance the public and private sector partnership in the fight against cybercrime.
For sure, the Malawi government cannot fight cybercapture on its own. Most of the present cyber experts are in the private sector. In addition, cyberattacks hit both private and public sectors without fear or discrimination.
Thirdly, international coordination and cooperation must be enhanced. This is important when a cybercriminal in one country commits a crime in another.
Fourthly, it is essential that computer users be educated about the risks that cyberattacks pose. This includes developing training and awareness programs about how to prevent and detect such attacks. These initiatives could range from placing relevant information on financial institutions’ websites to generating media awareness through newspapers, magazines, radio, and TV.
Lastly but not least, Malawi Government is urged to invest in specialized cybercrime skills for its citizens.
Currently, Mzuzu University is offering a master’s degree program in information theory, coding, and cryptography. In addition, DMI-ST John the Baptist University has a degree program in Computer Security. More programs in cybercrime are needed in our public universities.
At the governance level, Malawi needs a National Cybersecurity Director or a similar position to play an oversight role. This office may act as a single point of contact for all cyber-related matters in the country.
It is also important that a well trained and qualified computer security officer be recruited to man every Government computerised system.