President Chakwera told Parliament that the system was hacked
* Techno Brain has no connection to the cyberattack on the system
* We have deep empathy for the Malawian citizens and it was in that spirit that it engaged the government to offer solutions
By Duncan Mlanjira
Techno Brain has distanced itself from any connection to the alleged cyberattack on the Malawi e-passport system, saying it transferred and completely handed over the operations and administration system to the Department of Immigration & Citizenship Services in June 2023.
And when it was announced by President Lazarus Chakwera in Parliament that the system was hacked and that a huge ransom was being demanded from government, Techno Brain conducted an assessment of the situation and submitted practical suggestions to the Government on the way forward but Malawi has not responded on to-date.
“Techno Brain categorically refutes recent press articles which have falsely linked us to the current shutdown of the passport issuance system in the country,” says the statement. “Techno Brain has no connection to the cyberattack on the system and, on the contrary, swiftly responded to an urgent request for assistance from the Government of Malawi to resolve the issue in January 2024.”
The United Arab Emirates (UAE)-based information technology (IT) company maintains that it has deep empathy for the Malawian citizens and it was in that spirit that it engaged the government to offer solutions.
“Techno Brain transferred and completely handed over the operations and administration of the Malawi ePassport system to the Department of Immigration and Citizenship Services (DICS) in June 2023.
“This was done in accordance with a settlement reached by Techno Brain and the Government of Malawi following the premature termination of Techno Brain’s ePassport contract in October 2022.
“The handover was extensive and in full accordance with the agreement with the Government of Malawi, including training of the DICS officers, handover of all credentials and security protocols, and all customized source code.
The parties’ intention was that DICS would manage the Malawi ePassport system on their own. Since this handover, the Malawi ePassport system has been maintained and administered exclusively by the DICS.
“Since June 2023, the DICS has reached out to Techno Brain to request technical assistance with the ePassport system. Each time, Techno Brain has recommended that the DICS engage and work with the original equipment manufacturer.
“However, in the spirit of cooperation, Techno Brain has agreed on three occasions, at the request of the Government of Malawi and pursuant to discrete arrangements separate from the terminated ePassport contract, to provide its technical services to the DICS.
“We hope that the Government of Malawi can resolve these issues quickly,” said the statement.
This week, spokesperson of the Ministry of Justice Frank Namangale also dismissed the reports that the passport issuance crisis has nothing to do with contractual disagreements between Malawi and Techno Brain.
He stressed that Techno Brain handed over the system to the Department of Immigration, including the source code and that work is ongoing to bring the system back.
Meanwhile, social issues commentator, Onjezani Kenani observes that the most likely scenario was that the Immigration Department attempted an unauthorized backdoor access to the Techno Brain system to try and crack the system using “pirated software”.
“The crack, obviously, failed. But what it did is to open the Techno Brain system to vulnerabilities. Hence the attack by a ransomware called Mallox.
“Now, Mallox, my friends, is like a death sentence to one’s data. Once attacked by it, forget about recovery. It’s like a worm that spreads to all parts of your network at the speed of light. A file that was once onjezani.doc becomes onjezani.mallox.
“If any tech company out there is claiming that it will recover all the biometric data we have lost, they are lying. They just want to pocket that US$498,000 they are charging. We should just forget the lost data and start afresh.”
This follows an offer by Information, Communication & Technology Association of Malawi (ICTAM) if its experts can be allowed to help with their technical expertise in the recovery of the passport printing system.
ICTAM president Clarence Gama told the media that some players in the IT industry have faced cyberattacks before, saying: “When hackers rock you out of a system in a process called ransomware, the only way to recover the system is to pay the ransom or recover from your backups.
“If we are not paying the ransom, then let us hope that we have the disaster recovery backup. However, the issue could be how long that can take.”
He added that while the third option on the issue is for the Immigration Department to negotiate with the hackers, it is unlikely to yield the desired results.
“If this is a cyberattack, we have cybersecurity experts who can assess the nature of the attack. Is it ransomware and what are the hackers looking for?
“If Immigration has backup, we could find skills from our membership that can help them with restoration. What we have written them is that if there is need for technical support, we have a broad membership who may be able to help,” he said.
Gama also urged public entities to always seek support from local experts whenever they face challenges in their operations.