[kictanet] 103 Government of Kenya websites hacked overnight
Harry Delano
harry at comtelsys.co.ke
Tue Jan 17 18:58:43 EAT 2012
A tall order indeed for the CIRT, if you’d ask me. Cyber Security is indeed multifaceted..
I therefore suppose a team that convened just the other day is pretty much still at a nascent stage. So to expect them to throw a
security cordon around 200+ Govt. websites that are already online, some with very sensitive content is a bit too overarching…
I suggest Cyber Security (Proactive, Monitoring, Audit & Response) be outsourced to real infosec experts. And we have plenty
of them in this country..
It still baffles me that almost all those sites point to a single server/IP address..
Again, is Directorate represented on this list..?
Harry
From: kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke] On Behalf Of Odhiambo Washington
Sent: Tuesday, January 17, 2012 6:10 PM
To: harry at comtelsys.co.ke
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight
Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response.
>From http://www.cck.go.ke/industry/information_security/certification_service_providers.html, I can see this:
Vision
To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security.
Mission
To assist in the development of the Kenya information Society by making the use of computers and the Internet safer.
Stakeholders
In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows:
• The various law enforcement agencies;
• The Directorate of E-Government;
• The Kenya ICT Board;
• The Kenya Network Information Centre;
• The Telecommunication Service Providers Association of Kenya;
• The Kenya Education Network;
• The Central Bank of Kenya.
And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.
Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.
On Tue, Jan 17, 2012 at 17:50, James Richu <james at jimcomptech.com> wrote:
Dear Dr Ndemo,
Can you kindly explain this.........
An Indonesion hacker known as direxer has taken down 103 government of Kenya websites overnight. The hacker is part of an online Indonesian security forum known as Forum Code Security and says he took down the websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.
The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says
show off by me...
thanks for tutorial in www.code-security.com all...
i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...
The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has responded with the following comment "We're on it. Thanks for the heads-up and comments" in Kenya's Security Forum where the news first broke.
The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system,
1. http://www.administrationpolice.go.ke/index.html
2. http://www.aideffectiveness.go.ke/index.html
3. http://www.bungomacounty.go.ke/index.html
4. http://www.businesslicense.go.ke/index.html
5. http://www.cak.go.ke/index.html
6. http://www.commstaskforce.go.ke/index.html
7. http://www.cooperative.go.ke/index.html
8. http://www.crd.go.ke/index.html
9. http://www.crisisrcentre.go.ke/index.html
10. http://www.ditkenya.go.ke/index.html
11. http://www.doshs.go.ke/index.html
12. http://www.economicstimulus.go.ke/index.html
13. http://www.eldoretmunicipal.go.ke/index.html
14. http://www.emu.go.ke/index.html
15. http://www.education.go.ke/index.html
16. http://www.environment.go.ke/index.html
17. http://www.filmservices.go.ke/index.html
18. http://www.fisheries.go.ke/index.html
19. http://www.forestryandwildlife.go.ke/index.html
20. http://www.gender.go.ke/index.html
21. http://www.governmentpress.go.ke/index.html
22. http://www.greenenergy.go.ke/index.html
23. http://www.housing.go.ke/index.html
24. http://www.ifmis.go.ke/index.html
25. http://www.immigration.go.ke/index.html
26. http://www.industrialization.go.ke/index.html
27. http://www.isc.go.ke/index.html
28. http://www.iprs.go.ke/index.html
29. http://www.itentambachtowncouncil.go.ke/index.html
30. http://www.itmis.go.ke/index.html
31. http://www.kenao.go.ke/index.html
32. http://www.kapsabetmunicipal.go.ke/index.html
33. http://www.kenyayearbook.go.ke/index.html
34. http://www.kerugoyakutusmunicipal.go.ke/index.html
35. http://www.kesi.go.ke/index.html
36. http://www.kipi.go.ke/index.html
37. http://www.kisumucountycouncil.go.ke/index.html
38. http://www.kirinyagacountycouncil.go.ke/index.html
39. http://www.kitalemunicipal.go.ke/index.html
40. http://www.kituimunicipal.go.ke/index.html
41. http://www.kkv.go.ke/index.html
42. http://www.knfparms.go.ke/index.html
43. http://www.knsdi.go.ke/index.html
44. http://www.kntc.go.ke/index.html
45. http://www.laikipiacountycouncil.go.ke/index.html
46. http://www.lands.go.ke/index.html
47. http://www.leatherdevelopmentcouncil.go.ke/index.html
48. http://www.limurumunicipal.go.ke/index.html
49. http://www.livestock.go.ke/index.html
50. http://www.lodwarmunicipal.go.ke/index.html
51. http://www.maraguacountycouncil.go.ke/index.html
52. http://www.mariakanitown.go.ke/index.html
53. http://www.maurestoration.go.ke/index.html
54. http://www.migoricountycouncil.go.ke/index.html
55. http://www.minesgeology.go.ke/index.html
56. http://www.mirp.go.ke/index.html
57. http://www.monitoring.go.ke/index.html
58. http://www.moyalecountycouncil.go.ke/index.html
59. http://www.murangacounty.go.ke/index.html
60. http://www.murangamunicipal.go.ke/index.html
61. http://www.nairobicity.go.ke/index.html
62. http://www.naivashamunicipal.go.ke/index.html
63. http://www.nakurucounty.go.ke/index.html
64. http://www.nationaldisaster.go.ke/index.html
65. http://www.nationalheritage.go.ke/index.html
66. http://www.nccs.go.ke/index.html
67. http://www.nec.go.ke/index.html
68. http://www.northernkenya.go.ke/index.html
69. http://www.nyandaruacountycouncil.go.ke/index.html
70. http://www.othayatowncouncil.go.ke/index.html
71. http://www.pec.go.ke/index.html
72. http://www.pfmr.go.ke/index.html
73. http://www.pghnyeri.go.ke/index.html
74. http://www.pharmacy.go.ke/index.html
75. http://www.prisons.go.ke/index.html
76. http://www.psrpc.go.ke/index.html
77. http://www.publichealth.go.ke/index.html
78. http://www.publicservice.go.ke/index.html
79. http://www.publicworks.go.ke/index.html
80. http://www.reformskenya.go.ke/index.html
81. http://www.refugees.go.ke/index.html
82. http://www.regional-dev.go.ke/index.html
83. http://www.roads.go.ke/index.html
84. http://www.rprlgsp.go.ke/index.html
85. http://www.scat.go.ke/index.html
86. http://www.scienceandtechnology.go.ke/index.html
87. http://www.singlewindow.go.ke/index.html
88. http://www.sprogrammes.go.ke/index.html
89. http://www.tabakatown.go.ke/index.html
90. http://www.tanathi.go.ke/index.html
91. http://www.tfdg.go.ke/index.html
92. http://www.technologycentre.ac.ke/index.html
93. http://www.theenergytribunal.go.ke/index.html
94. http://www.thekenyawewant.go.ke/index.html
95. http://www.thikamunicipal.go.ke/index.html
96. http://www.transformingkenya.go.ke/index.html
97. http://www.treasury.go.ke/index.html
98. http://www.ugunjatown.go.ke/index.html
99. http://www.ukwalatown.go.ke/index.html
100.http://www.westernkenya.go.ke/index.html
101.http://www.vihigamunicipal.go.ke/index.html
102.http://www.works.go.ke/index.html
103.http://www.youthaffairs.go.ke/index.html
On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request at lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to
kictanet at lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
or, via email, send a message with subject or body 'help' to
kictanet-request at lists.kictanet.or.ke
You can reach the person managing the list at
kictanet-owner at lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific
than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: Reality-on Media (bitange at jambo.co.ke)
----------------------------------------------------------------------
Message: 1
Date: Tue, 17 Jan 2012 07:28:07 +0000
From: bitange at jambo.co.ke
To: "Pamela" <pamela at cardiacimplants.com>,
kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.ke
Cc: 'KICTAnet ICT Policy Discussions' <kictanet at lists.kictanet.or.ke>
Subject: Re: [kictanet] Reality-on Media
Message-ID:
<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638- at b27.c2.bise7.blackberry>
Content-Type: text/plain; charset="Windows-1252"
In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.
There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper.
The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.
Ndemo.
Sent from my BlackBerry?
-----Original Message-----
From: "Pamela" <pamela at cardiacimplants.com>
Sender: kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51
To: <bitange at jambo.co.ke>
Cc: 'KICTAnet ICT Policy Discussions'<kictanet at lists.kictanet.or.ke>
Subject: Re: [kictanet] Reality-on Media
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
------------------------------
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
End of kictanet Digest, Vol 56, Issue 53
****************************************
--
------------------------
Jim Comptech Consultants ltd.
Tel: 254 20 2503637, 254 716 852202, 254 735 195969
Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200, Nairobi, Kenya.
http://www.jimcomptech.com
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/481c7237/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 652 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/481c7237/attachment.png>
More information about the KICTANet
mailing list