An Indonesian hacker on Tuesday attacked and defaced more than 100 Kenya government websites in a major cyber security breach.
The hacker, referred to as Direxer, broke into the sites and defaced them to show that he had managed to access them.
The websites included those of various government ministries, departments and local authorities. (READ: Some of the sites that were affected)
Notable sites affected included the ministries of Finance, Education, Public Health, Youth Affairs, National Heritage and Roads; as well as sensitive departments such as Administration Police, Immigration, Prisons and various city, municipal and county councils.
By Tuesday night, E-Government officials had shut down some of the sites as they tried to establish how the hacker managed to access them.
They were also working to guard against a repeat attack. The hacker claimed his “mark” on them, by defacing the front pages of the websites.
When opened, the website had the hacker’s name on it, with a message, and a song playing in the background, referring to his “victory”.
“We are making every effort within our resources to restore the websites and protect them from future attacks,” E-Government Directorate secretary Katherine Getao told the Nation.
Returned connection error
Dr Getao added that the directorate was capable of handling the restoration, saying that the hacking was a low level attack that did not warrant involvement of the Cyber Incidence Response Team based at the Communications Commission of Kenya.
Attempts by the Nation to log in to the affected websites returned a connection error reading:
“The gateway could not receive a timely response from the website you are trying to access.
“This might indicate that the network is congested, or that the website is experiencing technical difficulties.”
While others simply returned a “website could not be found” error. However, other sites were opening normally.
The hacker is part of an online Indonesian security forum known as Forum Code Security.
The news of the hacking was first exposed on the site code-security.net/archives/114, a forum on code security.
The title on the website read: “Joint Discussion — Forum on Code Security”.
The hacker claimed to have used tutorials from the site to hack into the government websites.
A message he left on the same site said: “show off by me… thanks for tutorial in www.code-security.com all… i have exploit from cs web, and i attacking to server Government Kenya,,,, and then,,, success full… this is deface in this night…”
E-Government officials assured citizens that the government’s main data was safe from the attack.