<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>RE: [kictanet] NSIS website hacked?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>
<BR>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">A dig reveals this;</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">; <<>> DiG 9.3.2 <<>> nsis.go.ke any</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; global options: printcmd</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; Got answer:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 76</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 5</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; QUESTION SECTION:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;nsis.go.ke. IN ANY</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; ANSWER SECTION:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 38172 IN MX 10 mta.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 38172 IN MX 20 mail.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 29891 IN A 62.8.88.6</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 17830 IN NS dns2.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 17830 IN NS dns1.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; AUTHORITY SECTION:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 17830 IN NS dns2.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">nsis.go.ke. 17830 IN NS dns1.wananchi.com.</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; ADDITIONAL SECTION:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">mta.wananchi.com. 63997 IN A 62.8.88.64</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">mta.wananchi.com. 63997 IN A 62.8.88.63</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">mail.wananchi.com. 63574 IN A 62.8.88.102</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">dns1.wananchi.com. 64894 IN A 62.8.64.5</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">dns2.wananchi.com. 65700 IN A 196.200.36.3</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; Query time: 15 msec</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; SERVER: 196.200.16.2#53(196.200.16.2)</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; WHEN: Tue Dec 11 17:22:50 2007</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">;; MSG SIZE rcvd: 243</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">A ping reveals this</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000080" SIZE=2 FACE="Courier New">;</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">C:\Dig>ping</FONT></B></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="http://www.nsis.go.ke"><SPAN LANG="en-us"><B><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">www.nsis.go.ke</FONT></U></B></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><B></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Pinging</FONT></B></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="http://www.nsis.go.ke"><SPAN LANG="en-us"><B><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">www.nsis.go.ke</FONT></U></B></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New"> [62.8.88.6] with 32 bytes of data:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Reply from 62.8.88.6: bytes=32 time=50ms TTL=54</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Reply from 62.8.88.6: bytes=32 time=31ms TTL=54</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Reply from 62.8.88.6: bytes=32 time=29ms TTL=54</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Reply from 62.8.88.6: bytes=32 time=36ms TTL=54</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Ping statistics for 62.8.88.6:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New"> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New">Approximate round trip times in milli-seconds:</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><B><FONT SIZE=2 FACE="Courier New"> Minimum = 29ms, Maximum = 50ms, Average = 36ms</FONT></B></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Wananchi are the victims</FONT></SPAN></P>
<BR>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">-----Original Message-----<BR>
From:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="mailto:kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"></FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="mailto:[mailto:kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke]"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">[mailto:kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke]</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> On Behalf Of Odhiambo Washington<BR>
Sent: Tuesday, December 11, 2007 4:18 PM<BR>
To: James Kagwe<BR>
Cc: KICTAnet ICT Policy Discussions<BR>
Subject: Re: [kictanet] NSIS website hacked?</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">On Dec 11, 2007 3:19 PM, John Walubengo <</FONT></SPAN><SPAN LANG="en-us"></SPAN><A HREF="mailto:jwalu@yahoo.com"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">jwalu@yahoo.com</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> wrote:</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> For those who may not know NSIS stands for National</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Security Intelligence Service, the Kenyan equivalent of the</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> American CIA, Russian KGB, Israeli Mossad and the British</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> M15 get the drift?</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">></FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> Now these chaps website seems to have been hacked and</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> defaced. Check out...</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">></FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">></FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="http://www.nsis.go.ke/"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">http://www.nsis.go.ke/</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">></FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">> and please tell me am wrong.</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">You are right, it's been "cracked". However it's hosted by third</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">party, if you look at DNS records, and this can always happen when a</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">server admin installs on a server stuff they don't quite understand,</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">or even plays with a sensitive configuration without thinking much</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">about it.</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Hey, Walu, it's just the website, the content of which is for public</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">consumption (and public defacing whenever possible to prove a point).</FONT></SPAN></P>
<BR>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">-- </FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Best regards,</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Odhiambo WASHINGTON,</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Nairobi,KE</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">+254733744121/+254722743223</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">"Oh My God! They killed init! You Bastards!"</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New"> --from a /. post</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">_______________________________________________</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">kictanet mailing list</FONT></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"></SPAN><A HREF="mailto:kictanet@lists.kictanet.or.ke"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">kictanet@lists.kictanet.or.ke</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"></SPAN><A HREF="http://lists.kictanet.or.ke/mailman/listinfo/kictanet"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">http://lists.kictanet.or.ke/mailman/listinfo/kictanet</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">This message was sent to:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="mailto:jkagwe@kippra.or.ke"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">jkagwe@kippra.or.ke</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
<P ALIGN=LEFT><SPAN LANG="en-us"><FONT SIZE=2 FACE="Courier New">Unsubscribe or change your options at</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="http://lists.kictanet.or.ke/mailman/options/kictanet/jkagwe%40kippra.or.ke"><SPAN LANG="en-us"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Courier New">http://lists.kictanet.or.ke/mailman/options/kictanet/jkagwe%40kippra.or.ke</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
</BODY>
</HTML>