[kictanet] Has Kenya Police Website been Hacked?

McTim dogwallah at gmail.com
Thu Jan 6 17:31:29 EAT 2011 

On Thu, Jan 6, 2011 at 12:00 PM, Odhiambo Washington <odhiambo at gmail.com> wrote:
>
>
> On Thu, Jan 6, 2011 at 11:23 AM, Muchiri Nyaggah <muchiri at semacraft.com>
> wrote:
>>
>> The nameservers were simply an entertaining detour.

and puck has provided free secondary service for a long time as well,
nothing sinister there.


Deathstar.org is a
>> very old domain and like someone pointed out, in the 90's coming up with
>> creative eyebrow-raising names was cool. Now we read anything in everything
>> :)
>> Is there overlap between what the ICT board does and the GITS department
>> at Treasury where public sector ICT policy is concerned? Who would
>> ultimately be responsible for responding to breaches of this nature on
>> government IT infrastructure?

I've no idea.

>>
>
> Wait a moment! Was the server where www.kenyapolice.go.ke was hosted on govt
> IT infrastructure?
>
> gw# dig www.kenyapolice.go.ke +short
> 62.24.109.6
> gw# dig -x 62.24.109.6 +short
> g-3-3-0-core-as12455.telkom.co.ke.
>
> So, the IP is obtained from Telkom. A whois lookup shows the block in which
> it belongs as not delegated so I can't tell whether the website is hosted on
> Telkom's equipment or govt equipment.

Of course, it should be listed as assigned to a customer, UNLESS, it's
counted as part of Telkom hosting infrastructure, which is quite
possible from this dig:

$dig 109.24.62.in-addr.arpa

; <<>> DiG 9.3.2 <<>> 109.24.62.in-addr.arpa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1141
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;109.24.62.in-addr.arpa.                IN      A

;; AUTHORITY SECTION:
109.24.62.in-addr.arpa. 10800   IN      SOA     dns1.jambonet.co.ke.
hostmaster.jambonet.co.ke. 2008082827 10800 3600 1209600 172800

;; Query time: 156 msec
;; SERVER: 196.200.16.2#53(196.200.16.2)
;; WHEN: Thu Jan 06 17:23:36 2011
;; MSG SIZE  rcvd: 106




> It would be nice to know who has custody of the server that was compromised,
> in order to answer the question posed by Muchiri on
> "Who would ultimately be responsible for responding to breaches of this
> nature on government IT infrastructure?"

Call it Telkom IMHO.


-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel

More information about the KICTANet mailing list