By Ndata Waweru
The hacking of the Communication Authority website by Anonplus, part of the infamous Anonymous Hacker Group, has raised the question about the safety of data and information held by government, especially now that services are being digitalised and we are looking at a possibly electronic election.
It is not the first time such hacking has occurred. In April 2016, the Group attacked the Foreign Ministry’s server, allegedly stealing over 1TB of data and leaking some of it on the dark web. This leaked information included confidential and non-confidential and emails with security related conversation as well as international trade agreements.
Anonymous confirmed the hacking, saying, “We have 1TB of data but at the moment, we have leaked just one portion of it. In few days you will receive full disclosure of the data – We the Anonymous will stand against corruption, child abuse, and child labour! The government of Kenya should have expected.”
Just a month before, the website of the Kenya Petroleum Refinery was defaced, with the hackers posting Rick Astley’s song ‘Never Gonna Give You Up.’ Anonymous did this as part of the Operation Africa, a campaign to protest corruption and child labour in multinational corporations, which also included hacking the websites of other countries like Uganda, Rwanda and Angola. Five years ago, Indonesian hacker, Direxer of the Forum Code Security brought down 103 government websites.
With such history, it would be quite obvious that the government and its agencies should have tightened the security of their websites. However, we have already been privy to claims that al Shabaab will ‘interfere’ with the 2017 elections, thus the need to use a manual voting system as compared to an electronic system.
“We are at war with al Shabaab who are known to interfere with communication systems. The Ministry fully recommends manual back up system,” ICT cabinet secretary Joe Mucheru had said.
While many people were surprised by these claims, the question that kept coming up was what moves the government is making to ensure that the electronic system is safe, even with the presence of a manual back up.
There has been many recommendations about making any electronic system safe, including firewalls and virus protection software, limiting remote access, encrypting data and ensuring use of up-to-date software. These are just simple basic moves, but the risk is inherent, and there might even be a bigger threat than just al Shabaab.