Zim government to speed up Computer Crime and Cyber Crime Bill in response to ransomware cyber-attack

L.S.M Kabweza Avatar

Zimbabwe ICT Minister Supa Mandiwanzira said yesterday that in the face of the recent global ransomware cyber-attack, the government is speeding up the approval of the Computer Crime and Cyber Crime Bill.

The minister was speaking at an occasion to mark the successful acquisition of Telecel Zimbabwe by the government yesterday.

Mandiwanzira said the government is taking the recent WannaCry cyber-attack seriously:

Government will not sit back and watch this crisis as it unfolds.  There is need to bring all capabilities to bear on this issue and work side-by-side with partners in the Private Sector, including International Partners.

We will also continue raising more awareness among users.  In the mean-time, the Ministry of Information Communication Technology, Postal and Courier Services, in a legal response to this crisis, will speed up the approval and gazetting of the Computer Crime and Cyber Crime Bill, whose window of public consultations will soon be closed to make way for the final approval processes.

The bill was introduced last year and can be downloaded here on Techzim. If you haven’t yet contributed your views to the bill, which is still in consultation, you may want to do that now. We don’t have the date when consultations will close, so the sooner the better.

Outside the upcoming law, it’s not clear what capabilities to fight cyber-attacks the government of Zimbabwe has. Our guess is that they too, like most governments around the world, are panicked and concerned by the new realities of what’s possible with cyber-attacks.

We’re skeptic however of government’s infrastructure, both soft and hard, to handle malicious software of this kind. It is normal for example for government ministers in Zimbabwe to use gmail addresses as their official work addresses. We doubt much strategic consideration was made in basic matters as these.

The WannaCry ransomware claimed more than 250,000 victims in more than 150 countries. The ransomware is said to use tools developed by the US government’s National Security Agency to exploit vulnerabilities in the Microsoft Windows operating system.

12 comments

  1. Smart Donkey

    Respectfully Honorable Minister this bill will not help against the attack such as that witnessed last week at all. You need to be able to identify the culprits first which your useless police force will be hard pressed to do given they struggle catching burglars. Even the FBI and Europol don’t know who hit them. It is hard to find evidence that will stand up to scrutiny in a competent court.
    This bill is about muzzling bloggers just like your friends in Turkey, Ethopia, Kenya and other places are doing.

    1. Imi Vanhu Musadaro

      Very true! If the bill was already in place, would it have stopped the ransomware attack? No!!

  2. Criminal Import Export

    I totally glazed over when I tried to read the draft. Does it make any provisions for extradition agreements for the more likely foreign attacker scenario?

  3. Sagitarr

    Given what the same govt is (or is not) doing regarding an even more important and super-ordinate issue of the govt machinery, finance, I doubt that anything will actually be done except to issue statements such as these. All talk and very little progressive action are the hallmarks of this govt. 37 years experience of the same!!

  4. Anonymous

    That is the problem with our government. Always providing the wrong solutions. What will a bill do to prevent a cyber attack. Nobody cares about your useless ‘Bill”…..and i am sure more devices in Zimbabwe are going to be victims since a larger population use cracked software which doesn’t get updated because the GOVERNMENT does not allow us to afford software licenses….I WISH THE ATTACK BE CRAFTED FOR LINUX ALSO…

    1. Smart Donkey

      That would probably not work. We have local repos for both Fedora and Ubuntu and updates are free. Besides people who usually run and operate Linux are much more tech savy. Also there is really no Desktop email client for Linux. Most Linux machines have a firewall and the SMB protocol is not standard Desktop issue.

      1. not too smart donkey

        what about thunderbird email client for linux? and many others too

      2. Imi Vanhu Musadaro

        You have made all the wrong assumptions about ransomware. Firstly, each one is written to target a specific operating system, in as much as WannaCry wouldn’t affect linux it doesn’t mean a variant targeting Linux cannot be written. It’s the developers choice. Ransomware targeting Linux and MacOS has been written before. Secondly, having a repo with free updates is one thing, actually updating your operating system is another. Proprietary and open source operating sytems both have free updates, it’s when the user opts to defer or avoid updates that leads to unpatched systems. Thirdly, WannaCry exploited 0-day exploits, these exist for most major operating systems. By their nature, they are unknown to the vendor, so they can’t fix something that they don’t know is broken. Fourth point is that ransomware holds the users files at ransom, regardless of the operating system you use, your files still hold value. Attacks on Windows have got nothing to do with the freeness of Linux, it’s more profitable to write ransomware for Windows as they are more users, more tools to create with and more vulnerabilities. Finally, firewalls are software, as such they are also prone to bugs and vulnerability. As well, firewalls can only prevent certain types of attacks, further to that, they only prevent the subset they are configured to block. If the software sitting behind authorised ports is vulnerable, attacks can still be executed. @Anonymous, if you installed cracked software it’s your own lack of diligence, the government has no role to play there. Don’t weep about licences, there are plently of open source and free solutions that work as good as any paid software out there.

    2. webmaster

      ransomware is business is does not target people who can’t even afford to buy software

    3. Macd Chip

      Its not that people dont try, its because linux is built with security in mind and makes it harder for someone to spend time trying to get into if you are after profit. Time is money!!

      The other thing is that linux get patched within few minutes of security problem identified so virus makers dont want their babies killed before they get them huge returns

  5. Macd Chip

    So says a minister who is overseeing a ministry running shelf companies ie Zanet. You need to put your house in order first to be able to stand up with grown-up and make such claims.

    You Mr Mandiwanzira, Theresa May can make a claim about cyber crime because she jave GCHQ which now hav a specialist cyber decision.

    Donald Trump can make the claim because US created the tools in the first place.

    China have a military of cyber soldiers

    What does Zimbabwe have besides big mouth?

  6. Tookie

    Well, the draft looks like a cut and paste job, and not a very good one. Pardon my ignorance, but if someone was caught now, doing some bad stuff, do we have any existing laws in place to prosecute?
    Further, the hardest hit country was Russia, you know, the origin source of most cracked software. Even stranger, the Russian state schools, city authorities and some departments of defense all migrated to Linux/Unix 2009-2011. So they must have a whack of Windows machines still out there.
    So, even with a bill in place, it would not protect the users in Zimbabwe.
    About the only thing this proposed bill does not tell us is how much access the Zimbabwe Government will eventually want with our electronic activities.
    I have to disagree with some of these comments on this article. Firstly, we may live in a third world country with a very dead economy, but all software is easily available in South Africa. You know, the same place where we get our groceries and luxury items. There should be a law targeting the unscrupulous vendors of “cracked” software, that actually charge you to install, then make excuses when something goes wrong. And the fact that they do not even inform you the software is pirated. Absolutely disgusting.
    Lastly, insert some hate speech here, to the moron who posted… I WISH THE ATTACK BE CRAFTED FOR LINUX ALSO…
    Why? Don’t make statements like that with no supporting argument, otherwise you come across as a Troll. Just some friendly advice.
    Linux has gotten more stable over the last few years, and the Linux Mint 17.3 & 18.1 are currently very stable. And no, you do not need to be a computer guru to operate a Linux machine.
    @Imi Vanhu Musadaro, very well said.

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.