Guyana Internet Users Blacklisted Over Cyber-Security Concerns*
By Dennis Adonis
Residents of Guyana who rely on the internet to handle online banking and online payment processing with a number of US banks and payment gateways, may soon be unable to do so after several US-based payment processors have decided to blacklist a number of internet protocol (IP) ranges that are being used by Guyanese to handle online transactions and general internet usage.
The Guyana Guardian was reliably informed that the IP blocking is occurring because several of the IP addresses that are owned by local telecommunications company GTT were discovered to be (possibly inadvertently) involved in large-scale spamming and other internet security incidents that can compromise the security of a company’s online systems.
As such, several U.S. companies including PayPal, Bank of America and Google Pay have already implemented an outright ban on several GTT-owned IP ranges, thus making it almost impossible for persons to access any online payment system that is operated by those American companies.
Several other U.S., Canadian and U.K. companies are also expected to automatically add the blacklisted Guyana IP ranges to their cyber-security watch lists.
While the banning of the Guyanese IP ranges will have a negative impact on hundreds of Guyanese households and businesses whose internet connections are tied to the blacklisted IP ranges, Michael Denny, a former cyber security expert at Microsoft, told the Guyana Guardian that the actions taken by the U.S. companies such as PayPal are generally automatic and are often reversed once certain security elements in relation to the affected IP ranges are addressed and reported.
He noted that internet users in Guyana are probably being bundled into one set of IP ranges because the internet service provider (GTT) might be experiencing a possible IP address exhaustion crisis.
This option can, however, be problematic once one computer on the shared IP address is infected by a spambot, a hacker or a virus, which can then compromise the security and safety of other computers on the network.
And though this is nothing new, he explained that it is often disadvantageous for consumers and companies who might be relying on ecommerce for their personal and corporate use, since even a single network security breach can potentially harm an entire network.
Outside of the international financial services sector, the internet search giant, Google, has also implemented an automatic spam security check whenever a search query is made during peak periods from any local computer or phone that is tied to the blacklisted IP address range.
This security feature by Google would now require Guyanese web searchers to enter a specific spam check code or go through an image select security process aimed at verifying that the search entry was not from a spambot that might be present on the same IP range.
And once the correct security response is entered, only then would Google’s systems process the search or usage request.
However, several local individuals and businesses that are familiar with virtual private network (VPN) tunneling have been retaining the technology from various U.S. service providers, so as to ensure that their online transactions are not caught up in the IP blacklisting debacle.
Efforts to solicit a comment or an explanation from Guyana’s GTT about the issue proved to be futile.
On the other hand, communications staff from PayPal told the Guyana Guardian that a public statement on such an issue is not a necessity since its online payment systems would generally blacklists and whitelists of IP ranges from various countries automatically every day.
And since the IP blacklisting scenario with Guyana is not a unique occurrence, a public statement is not a necessity.
Guyana, like practically most Caribbean countries, does not enjoy the presence of cyber security engineers, and is also suffering from a severe lack of real professional IT expertise to address issues such as IP blacklisting.