[kictanet] Has Kenya Police Website been Hacked?

Edwin Onchari eonchari at lynxbits.com
Thu Jan 6 21:58:45 EAT 2011 

Just wondering, has anyone from the Kenya Police come out and made a
statement around this? It's scary that the Kenya Police ( a day later) had
no clue that their site had been hacked!

Edwin

-----Original Message-----
From: kictanet-bounces+eonchari=lynxbits.com at lists.kictanet.or.ke
[mailto:kictanet-bounces+eonchari=lynxbits.com at lists.kictanet.or.ke] On
Behalf Of McTim
Sent: Thursday, January 06, 2011 5:31 PM
To: Edwin
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] Has Kenya Police Website been Hacked?

On Thu, Jan 6, 2011 at 12:00 PM, Odhiambo Washington <odhiambo at gmail.com>
wrote:
>
>
> On Thu, Jan 6, 2011 at 11:23 AM, Muchiri Nyaggah <muchiri at semacraft.com>
> wrote:
>>
>> The nameservers were simply an entertaining detour.

and puck has provided free secondary service for a long time as well,
nothing sinister there.


Deathstar.org is a
>> very old domain and like someone pointed out, in the 90's coming up with
>> creative eyebrow-raising names was cool. Now we read anything in
everything
>> :)
>> Is there overlap between what the ICT board does and the GITS department
>> at Treasury where public sector ICT policy is concerned? Who would
>> ultimately be responsible for responding to breaches of this nature on
>> government IT infrastructure?

I've no idea.

>>
>
> Wait a moment! Was the server where www.kenyapolice.go.ke was hosted on
govt
> IT infrastructure?
>
> gw# dig www.kenyapolice.go.ke +short
> 62.24.109.6
> gw# dig -x 62.24.109.6 +short
> g-3-3-0-core-as12455.telkom.co.ke.
>
> So, the IP is obtained from Telkom. A whois lookup shows the block in
which
> it belongs as not delegated so I can't tell whether the website is hosted
on
> Telkom's equipment or govt equipment.

Of course, it should be listed as assigned to a customer, UNLESS, it's
counted as part of Telkom hosting infrastructure, which is quite
possible from this dig:

$dig 109.24.62.in-addr.arpa

; <<>> DiG 9.3.2 <<>> 109.24.62.in-addr.arpa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1141
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;109.24.62.in-addr.arpa.                IN      A

;; AUTHORITY SECTION:
109.24.62.in-addr.arpa. 10800   IN      SOA     dns1.jambonet.co.ke.
hostmaster.jambonet.co.ke. 2008082827 10800 3600 1209600 172800

;; Query time: 156 msec
;; SERVER: 196.200.16.2#53(196.200.16.2)
;; WHEN: Thu Jan 06 17:23:36 2011
;; MSG SIZE  rcvd: 106




> It would be nice to know who has custody of the server that was
compromised,
> in order to answer the question posed by Muchiri on
> "Who would ultimately be responsible for responding to breaches of this
> nature on government IT infrastructure?"

Call it Telkom IMHO.


-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: eonchari at lynxbits.com
Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/eonchari%40lynxbits.com

More information about the KICTANet mailing list