[kictanet] 103 Government of Kenya websites hacked overnight -
Harry Delano
harry at comtelsys.co.ke
Tue Jan 17 22:38:54 EAT 2012
Thanks Grace, We do look forward.
Meanwhile it is increasingly evident that cyber warfare has taken on a
whole new dimension and the cyberspace
now presents the perfect combat theatre, where malevolent battle is raging
unabated.
We must wake up very fast, map out our cyber boundaries, firewall them
accordingly and post trained sentries on
our border posts to keep watch and repulse intruders. They must also blow
the whistle for help, if they get
overwhelmed.
National ICT information/ Data assets (information warehouses) should be
distributed and not consolidated in
one location - Geo/Infrastructure - etc..
Lastly, we held on this list in not-so-distant past a robust debate covering
Data/information security( Cyber Security),
and I gleaned a wealth of information from experts available on this list.
It really remains to be seen just how much
of what we discuss, agree and lay down as framework on this and other
similar forums finds its way into policy.
Grace, how do we ensure we just not another talking-shop, wasting airtime
and bandwidth.?
Harry
From: Grace Githaiga [mailto:ggithaiga at hotmail.com]
Sent: Tuesday, January 17, 2012 9:48 PM
To: harry at comtelsys.co.ke
Cc: kictanet at lists.kictanet.or.ke
Subject: RE: [kictanet] 103 Government of Kenya websites hacked overnight
Harry
I agree that a response to this matter is necessary. Lets allow a
representative from the Directorate to 'present themselves' before we can
issue 'summons to appear'. I am sure we will get a response in the morning.
Lets see how this goes.
Rgds
Grace
----------------------------------------------------------------------------
-------
If you have the strength to survive, you have the power to succeed. Life is
all about choices we make depending upon the situation we are in. Go forth
and rule the World!
_____
From: harry at comtelsys.co.ke
Date: Tue, 17 Jan 2012 20:09:45 +0300
Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight
CC: kictanet at lists.kictanet.or.ke
To: ggithaiga at hotmail.com
Maybe Grace, our convener can just go right ahead and issue
summons-to-appear to the relevant-in-charge
to show up on this forum, as we are wont to do as per our practice.
Then, clearly, some understanding and constructive debate to delve into the
happenings on the ground
will go a long way to remedy, improve and innovate - in a way at least to do
something about this and
secure our cyberspace..
It's dangerously wild out there..
Harry
From: kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke
[mailto:kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke] On
Behalf Of Odhiambo Washington
Sent: Tuesday, January 17, 2012 6:33 PM
To: harry at comtelsys.co.ke
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight
And that is in conflict with their "Vision" then, otherwise it means theirs
is to sit and only "react" in order "To make the Internet secure". Okay, let
them have that. How about the "to develop a world-class security and
information base and to become a publicly accessible forum for Internet and
computer security."?? Is there anything like that they have done? I do
realize the issue here was about .go.ke websites being defaced. So is it the
job of this CIRT to clean the dogs*^t after the dog? :-)
On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah at gmail.com> wrote:
ummm, a CIRT is a Computer Emergency RESPONSE Team.
They respond in emergencies (like this), so yes, their mandate is
essentially "reactive".
--
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
On 1/17/12, Odhiambo Washington <odhiambo at gmail.com> wrote:
> Is it Dr. Ndemo the one responsible for the govt websites, or being the PS
> makes him overall in-charge? Sorry, folks, I simply don't understand this.
> Now that you have introduced this thing called CIRT (I am hearing about it
> for the first time!), I have looked up what their mandate is and honestly,
> I don't see how it comes to this, unless their mandate is "reactive"
> response.
> From
>
http://www.cck.go.ke/industry/information_security/certification_service_pro
viders.html,
> I can see this:
>
> *Vision*
> To make the Internet secure, to develop a world-class security and
> information base and to become a publicly accessible forum for Internet
and
> computer security.
>
> *Mission*
> To assist in the development of the Kenya information Society by making
the
> use of computers and the Internet safer.
>
> *Stakeholders*
> In executing its mandate, the KE-CIRT works with various local
stakeholders
> including various government agencies, the private sector, academia and
> civil society. The current KE-CIRT stakeholders are as follows:
> . The various law enforcement agencies;
> . The Directorate of E-Government;
> . The Kenya ICT Board;
> . The Kenya Network Information Centre;
> . The Telecommunication Service Providers Association of Kenya;
> . The Kenya Education Network;
> . The Central Bank of Kenya.
>
> And my conclusion is that the KE-CIRT is a waste of public funds unless I
> can be given some proof of the work that they have been doing to achieve
> their "Vision". Their "Mission" is simply a decoration on the wall.
>
> Actually, I don't see what CIRT has got to do with the defacing of the
> websites. If they have a mandate to audit the development and the hosting
> environment of these websites, then it simply needs to be disbanded, like
> yesterday because it is obvious they do not have the capacity.
>
>
>
> On Tue, Jan 17, 2012 at 17:50, James Richu <james at jimcomptech.com> wrote:
>
>> Dear Dr Ndemo,
>>
>> Can you kindly explain this.........
>>
>> An Indonesion hacker known as *direxer* has taken down 103 government of
>> Kenya websites overnight. The hacker is part of an online Indonesian
>> security forum known as *Forum Code Security* and says he took down the
>> websites following tutorials from the forum. Such tutorials usually
>> exploit
>> programming errors in code, known as bugs, which have not been fixed.
>>
>> The hacker appears to have a website at http://www.direxer.com/ though
>> this has not been updated to reflect the hacking. In a message in the
>> forum, the hacker says
>>
>>
>>
>> *show off by me...*
>>
>> *thanks for tutorial in www.code-security.com all...*
>>
>> *i have exploit from cs web, and i attacking to server Goverment
>> Kenya,,,, and then,,, success full... this is deface in this night...*
>>
>> The government has moved fast to take the affected websites offline
>> through a Cyber Incidence Response Team(CIRT) based at the Communications
>> Commission of Kenya. The CIRT was formed to handle such situations and
>> ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT
has
>> responded with the following comment "*We're on it. Thanks for the
>> heads-up and comments*" in Kenya's *Security Forum* where the news first
>> broke.
>>
>> The government normally hosts several websites in one server at The
>> Treasury thus compromising the server may expose several websites to a
>> hacker. The Administration Police website has been hacked several times
in
>> the recent past. At the same time, most of the websites hacked appear to
>> have been running the Joomla Content Management system,
>>
>> 1. http://www.administrationpolice.go.ke/index.html
>> 2. http://www.aideffectiveness.go.ke/index.html
>> 3. http://www.bungomacounty.go.ke/index.html
>> 4. http://www.businesslicense.go.ke/index.html
>> 5. http://www.cak.go.ke/index.html
>> 6. http://www.commstaskforce.go.ke/index.html
>> 7. http://www.cooperative.go.ke/index.html
>> 8. http://www.crd.go.ke/index.html
>> 9. http://www.crisisrcentre.go.ke/index.html
>> 10. http://www.ditkenya.go.ke/index.html
>> 11. http://www.doshs.go.ke/index.html
>> 12. http://www.economicstimulus.go.ke/index.html
>> 13. http://www.eldoretmunicipal.go.ke/index.html
>> 14. http://www.emu.go.ke/index.html
>> 15. http://www.education.go.ke/index.html
>> 16. http://www.environment.go.ke/index.html
>> 17. http://www.filmservices.go.ke/index.html
>> 18. http://www.fisheries.go.ke/index.html
>> 19. http://www.forestryandwildlife.go.ke/index.html
>> 20. http://www.gender.go.ke/index.html
>> 21. http://www.governmentpress.go.ke/index.html
>> 22. http://www.greenenergy.go.ke/index.html
>> 23. http://www.housing.go.ke/index.html
>> 24. http://www.ifmis.go.ke/index.html
>> 25. http://www.immigration.go.ke/index.html
>> 26. http://www.industrialization.go.ke/index.html
>> 27. http://www.isc.go.ke/index.html
>> 28. http://www.iprs.go.ke/index.html
>> 29. http://www.itentambachtowncouncil.go.ke/index.html
>> 30. http://www.itmis.go.ke/index.html
>> 31. http://www.kenao.go.ke/index.html
>> 32. http://www.kapsabetmunicipal.go.ke/index.html
>> 33. http://www.kenyayearbook.go.ke/index.html
>> 34. http://www.kerugoyakutusmunicipal.go.ke/index.html
>> 35. http://www.kesi.go.ke/index.html
>> 36. http://www.kipi.go.ke/index.html
>> 37. http://www.kisumucountycouncil.go.ke/index.html
>> 38. http://www.kirinyagacountycouncil.go.ke/index.html
>> 39. http://www.kitalemunicipal.go.ke/index.html
>> 40. http://www.kituimunicipal.go.ke/index.html
>> 41. http://www.kkv.go.ke/index.html
>> 42. http://www.knfparms.go.ke/index.html
>> 43. http://www.knsdi.go.ke/index.html
>> 44. http://www.kntc.go.ke/index.html
>> 45. http://www.laikipiacountycouncil.go.ke/index.html
>> 46. http://www.lands.go.ke/index.html
>> 47. http://www.leatherdevelopmentcouncil.go.ke/index.html
>> 48. http://www.limurumunicipal.go.ke/index.html
>> 49. http://www.livestock.go.ke/index.html
>> 50. http://www.lodwarmunicipal.go.ke/index.html
>> 51. http://www.maraguacountycouncil.go.ke/index.html
>> 52. http://www.mariakanitown.go.ke/index.html
>> 53. http://www.maurestoration.go.ke/index.html
>> 54. http://www.migoricountycouncil.go.ke/index.html
>> 55. http://www.minesgeology.go.ke/index.html
>> 56. http://www.mirp.go.ke/index.html
>> 57. http://www.monitoring.go.ke/index.html
>> 58. http://www.moyalecountycouncil.go.ke/index.html
>> 59. http://www.murangacounty.go.ke/index.html
>> 60. http://www.murangamunicipal.go.ke/index.html
>> 61. http://www.nairobicity.go.ke/index.html
>> 62. http://www.naivashamunicipal.go.ke/index.html
>> 63. http://www.nakurucounty.go.ke/index.html
>> 64. http://www.nationaldisaster.go.ke/index.html
>> 65. http://www.nationalheritage.go.ke/index.html
>> 66. http://www.nccs.go.ke/index.html
>> 67. http://www.nec.go.ke/index.html
>> 68. http://www.northernkenya.go.ke/index.html
>> 69. http://www.nyandaruacountycouncil.go.ke/index.html
>> 70. http://www.othayatowncouncil.go.ke/index.html
>> 71. http://www.pec.go.ke/index.html
>> 72. http://www.pfmr.go.ke/index.html
>> 73. http://www.pghnyeri.go.ke/index.html
>> 74. http://www.pharmacy.go.ke/index.html
>> 75. http://www.prisons.go.ke/index.html
>> 76. http://www.psrpc.go.ke/index.html
>> 77. http://www.publichealth.go.ke/index.html
>> 78. http://www.publicservice.go.ke/index.html
>> 79. http://www.publicworks.go.ke/index.html
>> 80. http://www.reformskenya.go.ke/index.html
>> 81. http://www.refugees.go.ke/index.html
>> 82. http://www.regional-dev.go.ke/index.html
>> 83. http://www.roads.go.ke/index.html
>> 84. http://www.rprlgsp.go.ke/index.html
>> 85. http://www.scat.go.ke/index.html
>> 86. http://www.scienceandtechnology.go.ke/index.html
>> 87. http://www.singlewindow.go.ke/index.html
>> 88. http://www.sprogrammes.go.ke/index.html
>> 89. http://www.tabakatown.go.ke/index.html
>> 90. http://www.tanathi.go.ke/index.html
>> 91. http://www.tfdg.go.ke/index.html
>> 92. http://www.technologycentre.ac.ke/index.html
>> 93. http://www.theenergytribunal.go.ke/index.html
>> 94. http://www.thekenyawewant.go.ke/index.html
>> 95. http://www.thikamunicipal.go.ke/index.html
>> 96. http://www.transformingkenya.go.ke/index.html
>> 97. http://www.treasury.go.ke/index.html
>> 98. http://www.ugunjatown.go.ke/index.html
>> 99. http://www.ukwalatown.go.ke/index.html
>> 100. http://www.westernkenya.go.ke/index.html
>> 101. http://www.vihigamunicipal.go.ke/index.html
>> 102. http://www.works.go.ke/index.html
>> 103. http://www.youthaffairs.go.ke/index.html
>>
>>
>> On Tue, Jan 17, 2012 at 12:00 PM,
>> <kictanet-request at lists.kictanet.or.ke>wrote:
>>
>>> Send kictanet mailing list submissions to
>>> kictanet at lists.kictanet.or.ke
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> or, via email, send a message with subject or body 'help' to
>>> kictanet-request at lists.kictanet.or.ke
>>>
>>> You can reach the person managing the list at
>>> kictanet-owner at lists.kictanet.or.ke
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of kictanet digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Re: Reality-on Media (bitange at jambo.co.ke)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Tue, 17 Jan 2012 07:28:07 +0000
>>> From: bitange at jambo.co.ke
>>> To: "Pamela" <pamela at cardiacimplants.com>,
>>> kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.ke
>>> Cc: 'KICTAnet ICT Policy Discussions' <kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>> Message-ID:
>>>
>>>
>>>
<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638- at b2
7.c2.bise7.blackberry
>>> >
>>>
>>> Content-Type: text/plain; charset="Windows-1252"
>>>
>>> In my view, you can tell if an economy is a middle income or not by
>>> checking the availability of toilet paper in the bathroons especially
>>> public toilets.
>>>
>>> There is a very high correlation of income and such essentials. In
>>> developing countries you hardly get toilet at it is stolen by the have
>>> nots. Kenya flip flops between low income and lower middle income
>>> status.
>>> That is why sometimes you get the toilet paper.
>>> The World Bank definition is too complex for ordinary people to
>>> understand. Take your own sample when you travel and for sure my model
>>> works.
>>>
>>> Ndemo.
>>>
>>>
>>> Sent from my BlackBerry?
>>>
>>> -----Original Message-----
>>> From: "Pamela" <pamela at cardiacimplants.com>
>>> Sender: kictanet-bounces+bitange=jambo.co.ke at lists.kictanet.or.keDate:
>>> Mon, 16 Jan 2012 16:07:51
>>> To: <bitange at jambo.co.ke>
>>> Cc: 'KICTAnet ICT Policy Discussions'<kictanet at lists.kictanet.or.ke>
>>> Subject: Re: [kictanet] Reality-on Media
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> Unsubscribe or change your options at
>>>
http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and
>>> development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and
>>> bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy,
do
>>> not spam, do not market your wares or qualifications.
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>>
>>> End of kictanet Digest, Vol 56, Issue 53
>>> ****************************************
>>>
>>
>>
>>
>> --
>> *
>> *
>> *
>>
>> ------------------------
>> Jim Comptech Consultants ltd.
>> Tel: 254 20 2503637 begin_of_the_skype_highlighting 254 20
2503637 end_of_the_skype_highlighting, 254 716 852202
begin_of_the_skype_highlighting 254 716 852202
end_of_the_skype_highlighting, 254 735 195969
begin_of_the_skype_highlighting 254 735 195969
end_of_the_skype_highlighting
>> Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 -
00200,
>> Nairobi, Kenya.**
>> http://www.jimcomptech.com*
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and
bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223 begin_of_the_skype_highlighting
+254722743223 end_of_the_skype_highlighting
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> I can't hear you -- I'm using the scrambler.
> Please consider the environment before printing this email.
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223 begin_of_the_skype_highlighting
+254722743223 end_of_the_skype_highlighting
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
Please consider the environment before printing this email.
_______________________________________________ kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change
your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/ggithaiga%40hotmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
people and institutions interested and involved in ICT policy and
regulation. The network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors
online that you follow in real life: respect people's times and bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do
not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/43b0f3e2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 652 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120117/43b0f3e2/attachment.png>
More information about the KICTANet
mailing list