..Malawians to pay K1 billion to mount temporary system
..OPC others want a cut in passport printing
..Techno Brain ‘hacked’ system on January 17- Immigration
..CDEDI says criminal negligence, threatens demos
Suppose President Lazarus Chakwera, his Immigration Minister Ken Zikhale Ng’oma and Director General Charles Kalumo’s immigration hackers song is to be believed. In that case, Malawi is facing a severe security breach that warrants immediate arrest and suspension of all involved, as security details of the President, former President, Heads of Military, Police, Intelligence, and even Parliament are in the hands of hackers, a senior security official has warned.
Ken Zikhale Ng’oma added to the already murky story of hackers and ransom pegged at K2 billion, but together with Kalumo, did not tell Malawians that they needed K1 billion to replace what they had tried to bypass and encrypted by Techno Brain.
By afternoon on Tuesday, Techno Brain released a carefully worded statement- essentially blaming the Department of Immigration for the mess, saying it handed over everything and was only called when needed.
The data exposed to hackers, if at all are hackers
A Technology guru who has worked on state security said it was unbelievable that the criminal holding of the nation’s private data was being treated as a simple matter and being trumped up without evidence.
“In simple words, the passport number, age, national ID, village address, including marital status, which we include on the passport for the whole country, has been accessed by hackers. This is a serious national security breach; heads should roll, and a proper forensic audit of the system should be ordered. The fact that the President and everyone in Government seemed casual about it shows they know they are not peddling the truth,” said the expert.
A legal and security mind said Kalumo should have been fired instantly as he presided over the leak, which he says has officially compromised national security.
“The President, the First Lady, The Speaker, the Chief Justice, the MDF Commander, the Inspector General of Police, all the Parliamentarians, all senior Government officials and even a street vendor with a passport- it means their personal data is compromised. It means their private details are in the hands of hackers. But surprisingly, the matter is not being treated as a national security emergency; it’s left to Immigration, the source of problems, to address it. They should be sent home, do a network audit, and bring new people to assess the extent of the damage they have caused,” charged the legal expert.
The IT expert said a network audit said what happened at Immigration was not accidental but a well-planned and executed network, data breach, and criminal activity.
“What happened to Network Intrusion Detection Systems? Who left open network ports for the systems on Immigration Servers to be prone to external attacks? What happened to the offside data backup system? It runs online in real-time with offsite data backup in case the primary system collapses.
“When the alleged attack was initiated, and files were being encrypted, the best any IT novice would do is to go offline and save the rest of the information and system. Did people sit idle and watch?” asked the expert.
Kalumo had System Source Code from Techno Brain.
A senior Immigration official told The Investigator Magazine that the System Source Code to Brigadier General Kalumo (Rtd) gave it to former OPC digital lead Anthony Bendulo, who studied it and attempted the bypass that caused the current mess.
“The passport issuing system was handed over to Immigration, but the printing licence still belongs to Techo Brain, the system’s developers, as it happens in the sector. They provide servicing of the system and passport materials in an ad-hoc arrangement. There was no hacking,” said another source aware of the contract.
Kalumo on Tuesday claimed it had recovered 90 per cent of data without saying how it was done since an internal contracting report claimed it was encrypted by the license holder GIT, which is suspected to be the associate of Techno Brain, as they share a Dubai address.
“Kalumo should tell Malawians the truth. He had the access code. He engaged an outsider to see how they could print passports using the system, and they messed up. He cannot change his tune and pretend it is hackers,” said an Immigration Officer, who said Zikhale Ng’oma should name the hackers and how they communicate with the Malawi Government.
However, an insider close to Kalumo charged that Techno Brain was not sincere as they should have said “what they were doing in the system on the night of January 17 2024.”
In a battle to get a contract for passport printing, 7 companies were interviewed orally.
The Investigator Magazine had to withdraw its initial story after it came to light that the leaked proposal for E Tech was made to sabotage the procurement after companies related to people in the Office of the President and Cabinet and others were dropped.
“E Tech proposal is not yet a contract, though it has passed all stages. The issue is that those who leaked it are bitter; their companies failed to make it. The battle is intense; remember, this is a K100 billion contract at most,” said a procurement official.
In bizarre recruitment of temporary passport solution, the Immigration Department invited seven companies to bid. Still, most of them failed, leaving E Tech, which had sometimes worked as a subcontractor for Techno Brain, to pass.
The selection of the E Tech opened a pandora, with one of the senior government officials demanding a share of the contract or “to work with the contract.”
“The SPC Colleen Zamba had her preferred company, and Bendulo, who had been working with Kalumo on the failed project. Their companies failed to win the bid and wanted to work with E Tech. There are allegations that the state security apparatus has been monitoring E Tech to see who is involved in the deal. People are desperate to get into the deal,” said a source close to the procurement process.
K2 billion vs K1 billion, in Zikhale words
Homeland Security Minister Ken Zikhale Ng’oma, hours after civic groups had called for his sacking, joined the hacking story and put a figure of K2 billion as a demand from the faceless hackers, a severe claim that the Government would need to produce evidence.
The claim came hours after The Investigator Magazine published contents of a proposal that at least K1 billion will be required for the Immigration Department to be able to start printing passports after the botched self-inflicted attempts to bypass the system.
E Tech claimed in its proposal that the Department of Immigration had compromised the personal data of millions of passport holders, and it is now allegedly run by ransomware called Mallox.
The e-Tech proposal shows that they claim to be able to set up the new system in three weeks, the same period President Lazarus Chakwera told Malawians as his deadline to have passports restored.
From the K1 billion charge, K760 million will be charged for setting up a new temporary e-passport system listed as a data capturing module, payment module, audit module, printing module, QA module, User Training, and support and support for six months.
The company, about to start work this week, suggests a temporary rapid solution by procuring new printers at K59 million each, costing at least K236 million for four printers identified as Maltica e-Passport Printers with consumables.
A quick check online shows that e-passport printers, including those from reputable international brands like Toshiba and HP, cost between US$2,000 and US$12,000. E-Tech costs US$29500 for one printer, almost double the market prices.
“New printers can print approximately 80 passports daily to replace the outdated and non-functional ones. These printers should be selected based on compatibility with the ePassport issuance system and availability of necessary support and drivers,” states the proposal.
The proposal reveals that some of the data recovered by the Department of Immigration will be used by the new system, contradicting the Mallox improbableness to be rescued, which raises questions about whether the system was hacked.
“This system should be capable of securely processing passport applications, generating electronic passports, and storing applicant data in compliance with international standards and data protection regulations. The new system will use the data recovered by the Department of Immigration from the compromised system,” reads part of the self-contradicting report.
The other work includes setting up network and security and training users to ensure the efficient operation of the temporary ePassport issuance and support for six months. Continuous technical support and maintenance services will be provided throughout the six-month period to address any issues, perform system updates, and ensure optimal performance of the temporary passport issuance system.
E-Tech claims Mallox has finished the Techno Brain system
The company entrusted to restore passport printing services says at the Department of Immigration, Mallox targeted unsecured Microsoft SQL servers as entry points, exploiting known vulnerabilities in the systems.
“MS SQL Server Vulnerabilities –Mallox ransomware has been exploiting at least two remote code execution vulnerabilities identified by NIST in SQL, namely CVE-2020-0618 and CVE-2019-1068. CVE-2020-0618: A remote code execution vulnerability exists in Microsoft SQL Server.
“Reporting Services when it incorrectly handles page requests, aka ‘Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability’.( https://nvd.nist.gov/vuln/detail/cve2020-0618). CVE-2019-1068: A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles the processing of internal functions, aka ‘Microsoft SQL Server Remote Code Execution Vulnerability’. (https://nvd.nist.gov/vuln/detail/CVE-2019-1068),” reads the proposal.
E Tech says once inside the target system, Mallox swiftly encrypts critical files and databases related to passport issuance, effectively crippling the system’s functionality.
“This encryption process utilises strong cryptographic algorithms, making it virtually impossible to decrypt the data without the unique encryption key held by the attackers”, it adds. However, it does not identify the attackers.
The deadline Chakwera imposed won’t be met.
It is unlikely that President Lazarus Chakwera’s deadline will be missed. Like all other proclamations before, nothing will happen; a new excuse will be created, and the suffering of those missing education, health or business appointments will continue.
“E Tech is the safest bet, but the infighting within the system to get the contract will delay getting essentials such as specialised printers for security purposes. I don’t think three weeks was realistic, whether the President or the Minister,” said an ICT guru.
CDEDI says it will go on the street to force the Government to speak the truth and sort out the mess.
CDEDI threatens demonstrations this week
A civic group, The Centre for Democracy and Economic Development Initiatives (CDEDI), has warned the Government that it will hold protests on Friday, March 1, if there is no reduction of passport fees and restart of issuance.
“The passport crisis at the Department of Immigration and Citizen Services is tantamount to criminal negligence as some Malawians have lost their loved ones, failed to carry out important businesses, and even lost lifetime jobs and study opportunities because they could not obtain a passport,” says CDEDI boss Sylvester Namiwa.
The organisation says the Government has failed to update Malawians on the vital process, save for President Lazarus Chakwera, while answering questions in Parliament on February 21, 2024, who told the world that the PIS had been hacked and the hackers demanded a ransom.
“But we all now know that the system was not hacked. The truth is that the PIS shut down while being tampered with by some Malawi Congress Party (MCP) self-exclaimed IT experts,” charges Namiwa. He says the department issued a lying statement about maintenance.
He said the month had lapsed, and the contracts with Techno Brain ended in 2021 as the passport cost was supposed to come down, as Attorney General Thabo Chakaka Nyirenda alluded.
“Malawians should demand an immediate reduction of passport fees, following the termination of the March 22, 2019, Government and Techno Brain Build, Operate and Transfer (BOT) three-year e-Passport project. Thus far, CDEDI has written Attorney General Thabo Chakaka-Nyirenda, demanding justification for the exorbitant passport fees, almost three years after the termination of the $60.8 million (about K108.8 billion) contract on December 7, 2021.
“The Government said one of the reasons for cancelling the contract was to reduce the cost of acquiring the passport. The AG was quoted as saying: “So, I expect that the Department of 2 Immigration and Citizenship Services will be reducing the charges for the passports. I am unsure whether they can reduce it by K20,000, but that is the expectation,” he adds.
He says the Government paid $27 million (about K46 billion) as contract settlement fees for the project, whose cost was pegged at $76 (about K90,000 then) per passport, including 14 other deliverables, ranging from digitalisation of the Immigration Department registry, via networking of all the embassies, to the purchase of protective gear for printing rooms.
“President Chakwera’s campaign promise that passport fees would be K14,000. To prove that this Tonse Alliance administration is milking unsuspecting Malawians, CDEDI conducted an online survey that revealed that passport books are fetching around $2.01 in Singapore and $4.19 in Hungary, which translates to K3,000 and K7,000 per booklet, respectively, meaning that the K14,000 per passport cost was feasible,” calls out Namiwa.
He further demands a forensic audit of passport fees collected.
