Laura Tich and her friends were catching up at a hip, uptown restaurant one lazy afternoon. Some diners banged away on their laptops as others were cooped up in their corners, sipping their cappuccinos with their eyes on their phones.
Tich, a cybersecurity expert, was certain that a majority of the people in the restaurant were connected to the free WiFi. She and her friends, all in the cybersecurity field, decided to perform a wild experiment – hack into the restaurant’s WiFi.
It did not take them long to hack into the system. They could see everyone’s online activity. A lady sending a work email. A man casually browsing through his bank account statements. Another one trying to log onto their Twitter account.
“You just create an evil twin,” says Tich. “You set up a fake WiFi network with a name similar to a legitimate WiFi access point.” Unsuspecting internet users will connect to the illegitimate WiFi network, enabling the hacker to steal credentials and manipulate the content on one’s devices.
By the time Tich uses the term ‘evil twin’ for the third time, I am alarmed enough to never use public WiFi. A rogue WiFi network gives cybercriminals and identity thieves easy access to monitor your online moves, steal personal information and passwords. Further, hackers can use unsecured WiFi to distribute malware to surrounding devices which can disrupt business operations.
For Tich and her buddies, this was simply a test on public Wifi’s vulnerabilities. They had no malicious intent.
Tich’s interest in cybersecurity was sparked in her teenage years by watching the American thriller TV show Nikita, which aired over 10 years ago.
Nikita tells the story of a spy who emerges from hiding to seek revenge on a clandestine government agency that betrayed her after rescuing her as a teen and training her to be an assassin.
Tich was fascinated. Granted, Nikita wasn’t a show primarily about cybersecurity, but this was a recurring theme. “Breaking into systems must be fun,” she thought while browsing through detective and sci-fi documentaries. That her peers binged on soap operas and romcoms did not bother Tich.
Tich joined Daystar University to study computer science. It was during her time in university that she realised that there were much fewer women in the cybersecurity industry. Stereotypes such as “women cannot be as technical as men” and “women are scared to venture into uncharted waters” were not uncommon. This is the case to date.
These myths have affected women-led tech startups which are often dismissed by donors. The 2020 Africa Tech Venture Capital Report indicates that only 14 percent of the total funding went to female-founded startups. Tich created a safe space for girls like her to beat these stereotypes.
In August 2016, Tich founded SheHacks, a community of women who are keen on bridging the skills and gender gap in information security in Kenya alongside her friend Evelyn Kilel. What started as a WhatsApp group providing a platform for women in the industry to interact and build each other has now grown into an association with 350 active members from different regions in Kenya, with a chapter in Zimbabwe.
Tich’s day-to-day life might not play like a movie, but her ethical hacking opportunities come close. These are instances where companies seek out their services to hack into their systems and identify any vulnerabilities, then offer solutions.
“Banks are obviously the biggest clients,” says Tich, cautious not to spill the beans on confidential information. As she giggles, I can only imagine what glaring vulnerabilities they have encountered in my bank’s systems.
Tich has now invested her time in conducting open source intelligence training and image forensics, which is a research field that aims at validating the authenticity of images by recovering information about their history.
There’s nothing Tich would love more than watching other African girls experience her world fearlessly. Research shows that science, technology, engineering and mathematics courses at higher education level have a low intake of female students, which translates to a lower uptake of women in their respective careers.
So far, SheHacks has built the largest community of female hackers in Africa. That only 9 percent of women occupy the cybersecurity space in Africa pushes them to work even harder.
In 2019, SheHacks organised Hackfest, an event that brought together 500 information security practitioners and enthusiasts to show off their skills, more so women.
The COVID-19 pandemic has prevented SheHacks from holding boot camps in colleges and high schools across the country to encourage girls to venture into the tech industry.
Moreover, women in marginalised areas who face daily challenges accessing the internet and electricity are unable to join SheHacks’ weekly cybersecurity webinars.
More than five years later in the cybersecurity field, Tich has never lost her taste for great thriller films and television shows. It took years of immersing herself in the craft for her to realise that half of what she saw on Nikita was fictional.
“What’s the best cybersecurity film or TV show, in your opinion?” I ask. “Mr Robot, hands down,” she says, gushing about how this film showed a true depiction of the cybersecurity world. Mr Robot follows the story of a young, anti-social computer programmer who is a cybersecurity engineer by day and a vigilante hacker by night.
In a world where people could still meet, Tich and the SheHacks team would perhaps be at a training in Pwani University, playing eager students an episode of Mr Robot over lunch.