[kictanet] 103 Government of Kenya websites hacked overnight
Harry Delano
harry at comtelsys.co.ke
Tue Jan 17 20:09:45 EAT 2012
Maybe Grace, our convener can just go right ahead and issue summons-to-appear to the relevant-in-charge
to show up on this forum, as we are wont to do as per our practice.
Then, clearly, some understanding and constructive debate to delve into the happenings on the ground
will go a long way to remedy, improve and innovate – in a way at least to do something about this and
secure our cyberspace..
It’s dangerously wild out there..
Harry
From: kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke] On Behalf Of Odhiambo Washington
Sent: Tuesday, January 17, 2012 6:33 PM
To: harry at comtelsys.co.ke
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight
And that is in conflict with their "Vision" then, otherwise it means theirs is to sit and only "react" in order "To make the Internet secure". Okay, let them have that. How about the "to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security."?? Is there anything like that they have done? I do realize the issue here was about .go.ke websites being defaced. So is it the job of this CIRT to clean the dogs*^t after the dog? :-)
On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah at gmail.com> wrote:
ummm, a CIRT is a Computer Emergency RESPONSE Team.
They respond in emergencies (like this), so yes, their mandate is
essentially "reactive".
--
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
On 1/17/12, Odhiambo Washington <odhiambo at gmail.com> wrote:
> Is it Dr. Ndemo the one responsible for the govt websites, or being the PS
> makes him overall in-charge? Sorry, folks, I simply don't understand this.
> Now that you have introduced this thing called CIRT (I am hearing about it
> for the first time!), I have looked up what their mandate is and honestly,
> I don't see how it comes to this, unless their mandate is "reactive"
> response.
> From
> http://www.cck.go.ke/industry/information_security/certification_service_providers.html,
> I can see this:
>
> *Vision*
> To make the Internet secure, to develop a world-class security and
> information base and to become a publicly accessible forum for Internet and
> computer security.
>
> *Mission*
> To assist in the development of the Kenya information Society by making the
> use of computers and the Internet safer.
>
> *Stakeholders*
> In executing its mandate, the KE-CIRT works with various local stakeholders
> including various government agencies, the private sector, academia and
> civil society. The current KE-CIRT stakeholders are as follows:
> • The various law enforcement agencies;
> • The Directorate of E-Government;
> • The Kenya ICT Board;
> • The Kenya Network Information Centre;
> • The Telecommunication Service Providers Association of Kenya;
> • The Kenya Education Network;
> • The Central Bank of Kenya.
>
> And my conclusion is that the KE-CIRT is a waste of public funds unless I
> can be given some proof of the work that they have been doing to achieve
> their "Vision". Their "Mission" is simply a decoration on the wall.
>
> Actually, I don't see what CIRT has got to do with the defacing of the
> websites. If they have a mandate to audit the development and the hosting
> environment of these websites, then it simply needs to be disbanded, like
> yesterday because it is obvious they do not have the capacity.
>
>
>
> On Tue, Jan 17, 2012 at 17:50, James Richu <james at jimcomptech.com> wrote:
>
>> Dear Dr Ndemo,
>>
>> Can you kindly explain this.........
>>
>> An Indonesion hacker known as *direxer* has taken down 103 government of
>> Kenya websites overnight. The hacker is part of an online Indonesian
>> security forum known as *Forum Code Security* and says he took down the
>> websites following tutorials from the forum. Such tutorials usually
>> exploit
>> programming errors in code, known as bugs, which have not been fixed.
>>
>> The hacker appears to have a website at http://www.direxer.com/ though
>> this has not been updated to reflect the hacking. In a message in the
>> forum, the hacker says
>>
>>
>>
>> *show off by me...*
>>
>> *thanks for tutorial in www.code-security.com all...*
>>
>> *i have exploit from cs web, and i attacking to server Goverment
>> Kenya,,,, and then,,, success full... this is deface in this night...*
>>
>> The government has moved fast to take the affected websites offline
>> through a Cyber Incidence Response Team(CIRT) based at the Communications
>> Commission of Kenya. The CIRT was formed to handle such situations and
>> ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has
>> responded with the following comment "*We're on it. Thanks for the
>> heads-up and comments*" in Kenya's *Security Forum* where the news first
>> broke.
>>
>> The government normally hosts several websites in one server at The
>> Treasury thus compromising the server may expose several websites to a
>> hacker. The Administration Police website has been hacked several times in
>> the recent past. At the same time, most of the websites hacked appear to
>> have been running the Joomla Content Management system,
>>
>> 1. http://www.administrationpolice.go.ke/index.html
>> 2. http://www.aideffectiveness.go.ke/index.html
>> 3. http://www.bungomacounty.go.ke/index.html
>> 4. http://www.businesslicense.go.ke/index.html
>> 5. http://www.cak.go.ke/index.html
>> 6. http://www.commstaskforce.go.ke/index.html
>> 7. http://www.cooperative.go.ke/index.html
>> 8. http://www.crd.go.ke/index.html
>> 9. http://www.crisisrcentre.go.ke/index.html
>> 10. http://www.ditkenya.go.ke/index.html
>> 11. http://www.doshs.go.ke/index.html
>> 12. http://www.economicstimulus.go.ke/index.html
>> 13. http://www.eldoretmunicipal.go.ke/index.html
>> 14. http://www.emu.go.ke/index.html
>> 15. http://www.education.go.ke/index.html
>> 16. http://www.environment.go.ke/index.html
>> 17. http://www.filmservices.go.ke/index.html
>> 18. http://www.fisheries.go.ke/index.html
>> 19. http://www.forestryandwildlife.go.ke/index.html
>> 20. http://www.gender.go.ke/index.html
>> 21. http://www.governmentpress.go.ke/index.html
>> 22. http://www.greenenergy.go.ke/index.html
>> 23. http://www.housing.go.ke/index.html
>> 24. http://www.ifmis.go.ke/index.html
>> 25. http://www.immigration.go.ke/index.html
>> 26. http://www.industrialization.go.ke/index.html
>> 27. http://www.isc.go.ke/index.html
>> 28. http://www.iprs.go.ke/index.html
>> 29. http://www.itentambachtowncouncil.go.ke/index.html
>> 30. http://www.itmis.go.ke/index.html
>> 31. http://www.kenao.go.ke/index.html
>> 32. http://www.kapsabetmunicipal.go.ke/index.html
>> 33. http://www.kenyayearbook.go.ke/index.html
>> 34. http://www.kerugoyakutusmunicipal.go.ke/index.html
>> 35. http://www.kesi.go.ke/index.html
>> 36. http://www.kipi.go.ke/index.html
>> 37. http://www.kisumucountycouncil.go.ke/index.html
>> 38. http://www.kirinyagacountycouncil.go.ke/index.html
>> 39. http://www.kitalemunicipal.go.ke/index.html
>> 40. http://www.kituimunicipal.go.ke/index.html
>> 41. http://www.kkv.go.ke/index.html
>> 42. http://www.knfparms.go.ke/index.html
>> 43. http://www.knsdi.go.ke/index.html
>> 44. http://www.kntc.go.ke/index.html
>> 45. http://www.laikipiacountycouncil.go.ke/index.html
>> 46. http://www.lands.go.ke/index.html
>> 47. http://www.leatherdevelopmentcouncil.go.ke/index.html
>> 48. http://www.limurumunicipal.go.ke/index.html
>> 49. http://www.livestock.go.ke/index.html
>> 50. http://www.lodwarmunicipal.go.ke/index.html
>> 51. http://www.maraguacountycouncil.go.ke/index.html
>> 52. http://www.mariakanitown.go.ke/index.html
>> 53. http://www.maurestoration.go.ke/index.html
>> 54. http://www.migoricountycouncil.go.ke/index.html
>> 55. http://www.minesgeology.go.ke/index.html
>> 56. http://www.mirp.go.ke/index.html
>> 57. http://www.monitoring.go.ke/index.html
>> 58. http://www.moyalecountycouncil.go.ke/index.html
>> 59. http://www.murangacounty.go.ke/index.html
>> 60. http://www.murangamunicipal.go.ke/index.html
>> 61. http://www.nairobicity.go.ke/index.html
>> 62. http://www.naivashamunicipal.go.ke/index.html
>> 63. http://www.nakurucounty.go.ke/index.html
>> 64. http://www.nationaldisaster.go.ke/index.html
>> 65. http://www.nationalheritage.go.ke/index.html
>> 66. http://www.nccs.go.ke/index.html
>> 67. http://www.nec.go.ke/index.html
>> 68. http://www.northernkenya.go.ke/index.html
>> 69. http://www.nyandaruacountycouncil.go.ke/index.html
>> 70. http://www.othayatowncouncil.go.ke/index.html
>> 71. http://www.pec.go.ke/index.html
>> 72. http://www.pfmr.go.ke/index.html
>> 73. http://www.pghnyeri.go.ke/index.html
>> 74. http://www.pharmacy.go.ke/index.html
>> 75. http://www.prisons.go.ke/index.html
>> 76. http://www.psrpc.go.ke/index.html
>> 77. http://www.publichealth.go.ke/index.html
>> 78. http://www.publicservice.go.ke/index.html
>> 79. http://www.publicworks.go.ke/index.html
>> 80. http://www.reformskenya.go.ke/index.html
>> 81. http://www.refugees.go.ke/index.html
>> 82. http://www.regional-dev.go.ke/index.html
>> 83. http://www.roads.go.ke/index.html
>> 84. http://www.rprlgsp.go.ke/index.html
>> 85. http://www.scat.go.ke/index.html
>> 86. http://www.scienceandtechnology.go.ke/index.html
>> 87. http://www.singlewindow.go.ke/index.html
>> 88. http://www.sprogrammes.go.ke/index.html
>> 89. http://www.tabakatown.go.ke/index.html
>> 90. http://www.tanathi.go.ke/index.html
>> 91. http://www.tfdg.go.ke/index.html
>> 92. http://www.technologycentre.ac.ke/index.html
>> 93. http://www.theenergytribunal.go.ke/index.html
>> 94. http://www.thekenyawewant.go.ke/index.html
>> 95. http://www.thikamunicipal.go.ke/index.html
>> 96. http://www.transformingkenya.go.ke/index.html
>> 97. http://www.treasury.go.ke/index.html
>> 98. http://www.ugunjatown.go.ke/index.html
>> 99. http://www.ukwalatown.go.ke/index.html
>> 100. http://www.westernkenya.go.ke/index.html
>> 101. http://www.vihigamunicipal.go.ke/index.html
>> 102. http://www.works.go.ke/index.html
>> 103. http://www.youthaffairs.go.ke/index.html
>>
>>
>> On Tue, Jan 17, 2012 at 12:00 PM,
>> <kictanet-request at lists.kictanet.or.ke>wrote:
>>
>>> Send kictanet mailing list submissions to
>>> kictanet at lists.kictanet.or.ke
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> or, via email, send a message with subject or body 'help' to
>>> kictanet-request at lists.kictanet.or.ke
>>>
>>> You can reach the person managing the list at
>>> kictanet-owner at lists.kictanet.or.ke
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of kictanet digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Re: Reality-on Media (bitange at jambo.co.ke)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Tue, 17 Jan 2012 07:28:07 +0000
>>> From: bitange at jambo.co.ke
>>> To: "Pamela" <pamela at cardiacimplants.com>,
>>> kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.ke
>>> Cc: 'KICTAnet ICT Policy Discussions' <kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>> Message-ID:
>>>
>>>
>>> <1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638- at b27.c2.bise7.blackberry
>>> >
>>>
>>> Content-Type: text/plain; charset="Windows-1252"
>>>
>>> In my view, you can tell if an economy is a middle income or not by
>>> checking the availability of toilet paper in the bathroons especially
>>> public toilets.
>>>
>>> There is a very high correlation of income and such essentials. In
>>> developing countries you hardly get toilet at it is stolen by the have
>>> nots. Kenya flip flops between low income and lower middle income
>>> status.
>>> That is why sometimes you get the toilet paper.
>>> The World Bank definition is too complex for ordinary people to
>>> understand. Take your own sample when you travel and for sure my model
>>> works.
>>>
>>> Ndemo.
>>>
>>>
>>> Sent from my BlackBerry?
>>>
>>> -----Original Message-----
>>> From: "Pamela" <pamela at cardiacimplants.com>
>>> Sender: kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.keDate:
>>> Mon, 16 Jan 2012 16:07:51
>>> To: <bitange at jambo.co.ke>
>>> Cc: 'KICTAnet ICT Policy Discussions'<kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Unsubscribe or change your options at
>>> http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and
>>> development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and
>>> bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>>
>>> End of kictanet Digest, Vol 56, Issue 53
>>> ****************************************
>>>
>>
>>
>>
>> --
>> *
>> *
>> *
>>
>> ------------------------
>> Jim Comptech Consultants ltd.
>> Tel: 254 20 2503637, 254 716 852202, 254 735 195969
>> Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200,
>> Nairobi, Kenya.**
>> http://www.jimcomptech.com*
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> I can't hear you -- I'm using the scrambler.
> Please consider the environment before printing this email.
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/dea6f9c0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 652 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/dea6f9c0/attachment.png>
More information about the KICTANet
mailing list