[kictanet] 103 Government of Kenya websites hacked overnight
McTim
dogwallah at gmail.com
Tue Jan 17 18:16:55 EAT 2012
ummm, a CIRT is a Computer Emergency RESPONSE Team.
They respond in emergencies (like this), so yes, their mandate is
essentially "reactive".
--
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
On 1/17/12, Odhiambo Washington <odhiambo at gmail.com> wrote:
> Is it Dr. Ndemo the one responsible for the govt websites, or being the PS
> makes him overall in-charge? Sorry, folks, I simply don't understand this.
> Now that you have introduced this thing called CIRT (I am hearing about it
> for the first time!), I have looked up what their mandate is and honestly,
> I don't see how it comes to this, unless their mandate is "reactive"
> response.
> From
> http://www.cck.go.ke/industry/information_security/certification_service_providers.html,
> I can see this:
>
> *Vision*
> To make the Internet secure, to develop a world-class security and
> information base and to become a publicly accessible forum for Internet and
> computer security.
>
> *Mission*
> To assist in the development of the Kenya information Society by making the
> use of computers and the Internet safer.
>
> *Stakeholders*
> In executing its mandate, the KE-CIRT works with various local stakeholders
> including various government agencies, the private sector, academia and
> civil society. The current KE-CIRT stakeholders are as follows:
> • The various law enforcement agencies;
> • The Directorate of E-Government;
> • The Kenya ICT Board;
> • The Kenya Network Information Centre;
> • The Telecommunication Service Providers Association of Kenya;
> • The Kenya Education Network;
> • The Central Bank of Kenya.
>
> And my conclusion is that the KE-CIRT is a waste of public funds unless I
> can be given some proof of the work that they have been doing to achieve
> their "Vision". Their "Mission" is simply a decoration on the wall.
>
> Actually, I don't see what CIRT has got to do with the defacing of the
> websites. If they have a mandate to audit the development and the hosting
> environment of these websites, then it simply needs to be disbanded, like
> yesterday because it is obvious they do not have the capacity.
>
>
>
> On Tue, Jan 17, 2012 at 17:50, James Richu <james at jimcomptech.com> wrote:
>
>> Dear Dr Ndemo,
>>
>> Can you kindly explain this.........
>>
>> An Indonesion hacker known as *direxer* has taken down 103 government of
>> Kenya websites overnight. The hacker is part of an online Indonesian
>> security forum known as *Forum Code Security* and says he took down the
>> websites following tutorials from the forum. Such tutorials usually
>> exploit
>> programming errors in code, known as bugs, which have not been fixed.
>>
>> The hacker appears to have a website at http://www.direxer.com/ though
>> this has not been updated to reflect the hacking. In a message in the
>> forum, the hacker says
>>
>>
>>
>> *show off by me...*
>>
>> *thanks for tutorial in www.code-security.com all...*
>>
>> *i have exploit from cs web, and i attacking to server Goverment
>> Kenya,,,, and then,,, success full... this is deface in this night...*
>>
>> The government has moved fast to take the affected websites offline
>> through a Cyber Incidence Response Team(CIRT) based at the Communications
>> Commission of Kenya. The CIRT was formed to handle such situations and
>> ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has
>> responded with the following comment "*We're on it. Thanks for the
>> heads-up and comments*" in Kenya's *Security Forum* where the news first
>> broke.
>>
>> The government normally hosts several websites in one server at The
>> Treasury thus compromising the server may expose several websites to a
>> hacker. The Administration Police website has been hacked several times in
>> the recent past. At the same time, most of the websites hacked appear to
>> have been running the Joomla Content Management system,
>>
>> 1. http://www.administrationpolice.go.ke/index.html
>> 2. http://www.aideffectiveness.go.ke/index.html
>> 3. http://www.bungomacounty.go.ke/index.html
>> 4. http://www.businesslicense.go.ke/index.html
>> 5. http://www.cak.go.ke/index.html
>> 6. http://www.commstaskforce.go.ke/index.html
>> 7. http://www.cooperative.go.ke/index.html
>> 8. http://www.crd.go.ke/index.html
>> 9. http://www.crisisrcentre.go.ke/index.html
>> 10. http://www.ditkenya.go.ke/index.html
>> 11. http://www.doshs.go.ke/index.html
>> 12. http://www.economicstimulus.go.ke/index.html
>> 13. http://www.eldoretmunicipal.go.ke/index.html
>> 14. http://www.emu.go.ke/index.html
>> 15. http://www.education.go.ke/index.html
>> 16. http://www.environment.go.ke/index.html
>> 17. http://www.filmservices.go.ke/index.html
>> 18. http://www.fisheries.go.ke/index.html
>> 19. http://www.forestryandwildlife.go.ke/index.html
>> 20. http://www.gender.go.ke/index.html
>> 21. http://www.governmentpress.go.ke/index.html
>> 22. http://www.greenenergy.go.ke/index.html
>> 23. http://www.housing.go.ke/index.html
>> 24. http://www.ifmis.go.ke/index.html
>> 25. http://www.immigration.go.ke/index.html
>> 26. http://www.industrialization.go.ke/index.html
>> 27. http://www.isc.go.ke/index.html
>> 28. http://www.iprs.go.ke/index.html
>> 29. http://www.itentambachtowncouncil.go.ke/index.html
>> 30. http://www.itmis.go.ke/index.html
>> 31. http://www.kenao.go.ke/index.html
>> 32. http://www.kapsabetmunicipal.go.ke/index.html
>> 33. http://www.kenyayearbook.go.ke/index.html
>> 34. http://www.kerugoyakutusmunicipal.go.ke/index.html
>> 35. http://www.kesi.go.ke/index.html
>> 36. http://www.kipi.go.ke/index.html
>> 37. http://www.kisumucountycouncil.go.ke/index.html
>> 38. http://www.kirinyagacountycouncil.go.ke/index.html
>> 39. http://www.kitalemunicipal.go.ke/index.html
>> 40. http://www.kituimunicipal.go.ke/index.html
>> 41. http://www.kkv.go.ke/index.html
>> 42. http://www.knfparms.go.ke/index.html
>> 43. http://www.knsdi.go.ke/index.html
>> 44. http://www.kntc.go.ke/index.html
>> 45. http://www.laikipiacountycouncil.go.ke/index.html
>> 46. http://www.lands.go.ke/index.html
>> 47. http://www.leatherdevelopmentcouncil.go.ke/index.html
>> 48. http://www.limurumunicipal.go.ke/index.html
>> 49. http://www.livestock.go.ke/index.html
>> 50. http://www.lodwarmunicipal.go.ke/index.html
>> 51. http://www.maraguacountycouncil.go.ke/index.html
>> 52. http://www.mariakanitown.go.ke/index.html
>> 53. http://www.maurestoration.go.ke/index.html
>> 54. http://www.migoricountycouncil.go.ke/index.html
>> 55. http://www.minesgeology.go.ke/index.html
>> 56. http://www.mirp.go.ke/index.html
>> 57. http://www.monitoring.go.ke/index.html
>> 58. http://www.moyalecountycouncil.go.ke/index.html
>> 59. http://www.murangacounty.go.ke/index.html
>> 60. http://www.murangamunicipal.go.ke/index.html
>> 61. http://www.nairobicity.go.ke/index.html
>> 62. http://www.naivashamunicipal.go.ke/index.html
>> 63. http://www.nakurucounty.go.ke/index.html
>> 64. http://www.nationaldisaster.go.ke/index.html
>> 65. http://www.nationalheritage.go.ke/index.html
>> 66. http://www.nccs.go.ke/index.html
>> 67. http://www.nec.go.ke/index.html
>> 68. http://www.northernkenya.go.ke/index.html
>> 69. http://www.nyandaruacountycouncil.go.ke/index.html
>> 70. http://www.othayatowncouncil.go.ke/index.html
>> 71. http://www.pec.go.ke/index.html
>> 72. http://www.pfmr.go.ke/index.html
>> 73. http://www.pghnyeri.go.ke/index.html
>> 74. http://www.pharmacy.go.ke/index.html
>> 75. http://www.prisons.go.ke/index.html
>> 76. http://www.psrpc.go.ke/index.html
>> 77. http://www.publichealth.go.ke/index.html
>> 78. http://www.publicservice.go.ke/index.html
>> 79. http://www.publicworks.go.ke/index.html
>> 80. http://www.reformskenya.go.ke/index.html
>> 81. http://www.refugees.go.ke/index.html
>> 82. http://www.regional-dev.go.ke/index.html
>> 83. http://www.roads.go.ke/index.html
>> 84. http://www.rprlgsp.go.ke/index.html
>> 85. http://www.scat.go.ke/index.html
>> 86. http://www.scienceandtechnology.go.ke/index.html
>> 87. http://www.singlewindow.go.ke/index.html
>> 88. http://www.sprogrammes.go.ke/index.html
>> 89. http://www.tabakatown.go.ke/index.html
>> 90. http://www.tanathi.go.ke/index.html
>> 91. http://www.tfdg.go.ke/index.html
>> 92. http://www.technologycentre.ac.ke/index.html
>> 93. http://www.theenergytribunal.go.ke/index.html
>> 94. http://www.thekenyawewant.go.ke/index.html
>> 95. http://www.thikamunicipal.go.ke/index.html
>> 96. http://www.transformingkenya.go.ke/index.html
>> 97. http://www.treasury.go.ke/index.html
>> 98. http://www.ugunjatown.go.ke/index.html
>> 99. http://www.ukwalatown.go.ke/index.html
>> 100. http://www.westernkenya.go.ke/index.html
>> 101. http://www.vihigamunicipal.go.ke/index.html
>> 102. http://www.works.go.ke/index.html
>> 103. http://www.youthaffairs.go.ke/index.html
>>
>>
>> On Tue, Jan 17, 2012 at 12:00 PM,
>> <kictanet-request at lists.kictanet.or.ke>wrote:
>>
>>> Send kictanet mailing list submissions to
>>> kictanet at lists.kictanet.or.ke
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> or, via email, send a message with subject or body 'help' to
>>> kictanet-request at lists.kictanet.or.ke
>>>
>>> You can reach the person managing the list at
>>> kictanet-owner at lists.kictanet.or.ke
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of kictanet digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Re: Reality-on Media (bitange at jambo.co.ke)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Tue, 17 Jan 2012 07:28:07 +0000
>>> From: bitange at jambo.co.ke
>>> To: "Pamela" <pamela at cardiacimplants.com>,
>>> kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.ke
>>> Cc: 'KICTAnet ICT Policy Discussions' <kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>> Message-ID:
>>>
>>>
>>> <1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638- at b27.c2.bise7.blackberry
>>> >
>>>
>>> Content-Type: text/plain; charset="Windows-1252"
>>>
>>> In my view, you can tell if an economy is a middle income or not by
>>> checking the availability of toilet paper in the bathroons especially
>>> public toilets.
>>>
>>> There is a very high correlation of income and such essentials. In
>>> developing countries you hardly get toilet at it is stolen by the have
>>> nots. Kenya flip flops between low income and lower middle income
>>> status.
>>> That is why sometimes you get the toilet paper.
>>> The World Bank definition is too complex for ordinary people to
>>> understand. Take your own sample when you travel and for sure my model
>>> works.
>>>
>>> Ndemo.
>>>
>>>
>>> Sent from my BlackBerry?
>>>
>>> -----Original Message-----
>>> From: "Pamela" <pamela at cardiacimplants.com>
>>> Sender: kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.keDate:
>>> Mon, 16 Jan 2012 16:07:51
>>> To: <bitange at jambo.co.ke>
>>> Cc: 'KICTAnet ICT Policy Discussions'<kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Unsubscribe or change your options at
>>> http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and
>>> development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and
>>> bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>>
>>> End of kictanet Digest, Vol 56, Issue 53
>>> ****************************************
>>>
>>
>>
>>
>> --
>> *
>> *
>> *
>>
>> ------------------------
>> Jim Comptech Consultants ltd.
>> Tel: 254 20 2503637, 254 716 852202, 254 735 195969
>> Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200,
>> Nairobi, Kenya.**
>> http://www.jimcomptech.com*
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> I can't hear you -- I'm using the scrambler.
> Please consider the environment before printing this email.
>
More information about the KICTANet
mailing list