An Indonesian hacker, who calls himself Direxer, has hacked 103 Kenyan government Web sites in an incident that has exposed a glaring gap in the security of the government's data.
The hacker is part of an online Indonesian forum, known as Forum Code Security, and claims he successfully hacked the Web sites following tutorials alone, according to a discussion on Kictanet, Kenya's online tech forum.
The hacking was exposed on the Indonesian forum site, on 17January, when the hacker announced he had entered the Kenyan government's server and brought down all 103 sites.
The government hosts more than 100 of its Web sites on a single server, located at the treasury, and it was this server that the hacker targeted. Most of the government's Web sites were built using the Joomla content management system, which is the world's dominant Web site platform, but which can also be vulnerable to attacks through added components and other backend weaknesses.
The government has confirmed the hacking, and is reported to have moved rapidly to bring in the Cyber Incidence Response Team (CIRT), based at the Communications Commission of Kenya, to take the affected Web sites offline.
CIRT was formed to handle such situations and ensure Kenya's security in cyber space.
Vincent Ngundi, who heads CIRT, told Kenya's Security Forum, where the news first broke: "We're on it. Thanks for the heads-up and comments."
Direxer posted the list of the Web sites he hacked on the Indonesian forum, which included the sites of the administration police, treasury, government press, prisons, immigration, education, public works, dozens of town councils, and several other ministries.
The Kenyan government has been digitising most of its services in recent years, with many applications by citizens now submitted online. But the incident has raised serious questions about the safety and integrity of the data.
Some of the Web sites had still not been restored a day-and-a-half later, and the government has yet to report to what degree its data had been compromised.
Share