[kictanet] Government website Hacking incident a crying shame

Brian Munyao Longwe blongwe at gmail.com
Tue Jan 17 21:08:32 EAT 2012


I remember being approached way back in 2002, just after I had set up KIXP
by some tech guru from an Eastern European country's embassy here in Kenya,
wanting to find out how they could access ISPs (ostensibly for their
intelligence activities, though he didn't say as much). My response was a
flat, "please conduct your business through the appropriate government and
diplomatic channels".

It scares me to think how much of our confidential information is in the
hands of foreign govts who have top notch security professionals on their
payroll if such a 'simpleton' can actually break into the server hosting
the majority of our govts public websites.

Once again I call for a proper information security policy framework and
associated interventions to ensure that we are on solid ground when it
comes to data and information resource protection.

Come on guys - we are probably the most connected country in the continent
with the number of optical fibers (and bandwidth) landing into our borders
and the levels of internal infrastructure, let us face the stark reality
that these huge information highways carry good as well as bad traffic and
do what is necessary to protect against external and internal threats.

Still shaking my head,

Brian

On Tue, Jan 17, 2012 at 5:42 PM, waudo siganga <emailsignet at mailcan.com>wrote:

>  Thanks for the news Brian. This is a big shame for all Kenyans that our
> Government sites can be hacked by a simpleton. It is important to establish
> who in the maze of ICT Governance in the Government is responsible for
> Government sites and what coordination there is between different agencies
> and ministries. Are there appropriate ICT Policies in place covering areas
> such as Hosting Policy, Server Back-up Policy, etc? Is there regular ICT
> Audit of Government systems and methods to ensure that they conform to
> recognised standards and are acceptably safe and secure? Some
> learning should come out of this incident.
>
>
>  On Tue, Jan 17, 2012, at 04:09 PM, Brian Munyao Longwe wrote:
>
>
> The fact that a student on a hacking/computer security course could hack
> into and deface more than 100 Government of Kenya websites in one night(!)is a crying shame. In addition to that, the fact that it seems all or most
> of these sites were hosted on a single server is a travesty of best
> practice.
>
>  Is it so difficult for GoK to invite (readily available) information
> security experts to design and implement a suitable online information
> framework for public government websites?
>
>  Shaking my head,
>
>  Brian
>
> --
> Brian Munyao Longwe
> e-mail: blongwe at gmail.com
> cell:  +254715964281
> blog : http://zinjlog.blogspot.com
> meta-blog: http://mashilingi.blogspot.com
>
> _______________________________________________
> kictanet mailing listkictanet at lists.kictanet.or.kehttp://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/emailsignet%40mailcan.com
>
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
>
>



-- 
Brian Munyao Longwe
e-mail: blongwe at gmail.com
cell:  +254715964281
blog : http://zinjlog.blogspot.com
meta-blog: http://mashilingi.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/db8d0fcb/attachment.htm>


More information about the KICTANet mailing list