No matter how virtual e-commerce is, it hinges on one basic principle: exchanging money for a product. It’s this same element that brings the aspect of security at the centre of the e-commerce discussion.
4 days ago, tengai.co.zw, a new Zimbabwean e-commerce platform which had been launched at the start of the week, became the subject of this same talk on e-commerce security. The platform, which is an online classifieds site, was hacked by a person/group identified as Anonymous Zimbabwe.
Apparently, the hack was motivated by the grey area on net-neutrality which Tengai had landed on with its working relationship with mobile operator Econet Wireless. This relationship has allowed Tengai to offer zero-rated access to its platform to all Econet subscribers. Econet’s founder, Strive Masiyiwa, has a stake in Tengai.
While the security of e-commerce has nothing to do with the net neutrality issue, it has become something Tengai also has to deal with because of the attack to its platform.
So why is Tengai still down? Why is it taking so long to respond to this attack?
We haven’t heard back from Tengai on what sort of progress is being made on getting the platform back online, but the silence is likely meant to be a sign that the platform is being fortified from further attacks. How this is being done will only be clear when the site is back.
It’s also not clear is what the hacker(s) exploited. While it’s been pointed out by some people that Tengai was built using an over the shelf solution from ocPortal (we actually thought that it was from Osclass) which could have made it more susceptible to threats, there is the likelihood that Tengai is migrating from one over the shelf solution to another.
The other suspicion for most people was how the Tengai hack was a DDoS attack. This was reinforced by the name Anonymous Zimbabwe, which might (or might not) be linked to Anonymous Africa, a hackers’ outfit that uses DDoS attacks extensively.
If this is the case, then Tengai is probably faced with decisions of finding a more reliable hosting service with a better handle on infrastructure management or exploring the option of amping up its server security.
In any case, the resolution of the Tengai hack is taking longer than most of us expected. The consolation is that this might just mean that it won’t happen again.