Kenya: government websites attacked


A group calling itself KURD Electronic Team have hacked 18 government websites in Kenya, bringing to question the East African country's official cyber readiness.

Websites affected included the Integrated Financial Management System (IFMIS), National Youth Service, National Environment Trust Fund, Department of Petroleum, the Department of Planning, the National Development Implementation Technical Committee, Refugees Affairs Secretariat at Immigration, Kenya Meat Commission and the Lake Basin Development Authority.

The Communication Authority (CA) issued a statement explaining the the sites had only been defaced and not hacked as alleged.

"This defacing was on websites which are devoted to sharing information with the public. These websites are not connected to any core government database or systems," read the statement.

It added that: "These core government databases and systems, including IFMIS and other critical infrastructure, are managed within a secure government network that has the requisite security. These remain safe and secure."

However, members of the public took to social media to voice their concern over government's preparedness to secure their data, including the National Integrated Identification Management System (NIIMS), which sources public data including biometrics, address and phone numbers.

According to the second quarter 2018/19 (October – December) sector statistics from the CA, there was an significant increase in malware attacks in Kenya with 9 million reported, compared to 1.8 million during the previous period.

Even though the number of web application attacks reduced to 737,289 from 1,064,971 documented in the previous period, this attack is prominent and is second only to malware attacks.

Most of the sites affected are already up, by the time of publishing.