Is Kenya’s government clueless on curbing cyber attacks?
Is Kenya’s government clueless on curbing cyber attacks?
Changing where Kenya’s government websites are hosted won’t stop the country from experiencing cyber attacks, according to an expert.
Last week, Kenya’s government made a resolution to host all state-owned websites locally.
The decision came after a breach of the Kenya Defence Forces (KDF) official Twitter account.
Hackers, claiming links to ‘hacktivist’ group Anonymous, took control of the KDF Twitter handle last week to tweet anti-government messages.
Twitter; though, is hosted in countries such as the US.
And even though Kenya is looking to migrate its other government sites to local servers, an expert says local officials are focusing on the wrong solution for this problem.
“I don’t think moving all hosting back into the country solves the problem for the government, if proper levels of protection and multiple hosting are not embraced by those in charge,” Stephen Kamau, an internet security and virtual network specialist at Onsite Technologies, told ITWeb Africa.
“I have had random look at most government-owned websites, and most of them are implemented on open source content management systems like Joomla and WordPress. This; however, does not mean that these tools are weak, but the problem lies in the absence of constant upgrading of these systems by those operating them, hence making hackers have an easy time in exploring their vulnerabilities,” Kamau added.
Kamau also said that hackers are using keylogger viruses, malicious software that records all keystrokes and then sends confidential data to a remote location.
“Keylogger viruses are becoming common, a problem that could be solved easily by using validated antivirus software to scan and disinfect machines. I doubt if government agencies and ministries are taking this with the seriousness it deserves,” Kamau said.
“The keylogger problem could be the explanation as to why the hackers were able to gain access into the KDF social media accounts twice, implying that someone somewhere was monitoring all the keystrokes and laughing at how easy it was to breach the passwords,” Kamau continued.
Kamau says government should rather focus on other solutions to this problem.
“The truth is most hosting services take security issues very seriously, and when it comes to the government’s case, hosting is not the problem.” Kamau said.
“I would advise them to start with the simple things like having strong antivirus software that is up to date, constantly changing of passwords, and ensuring that those operating the systems are people who are skilled enough on internet security and who can trusted to avoid cases of ‘inside jobs’.”
Last year, Kenya’s information, communications and technology (ICT) cabinet secretary, Dr. Fred Matiangi, said that cybercrime could have cost Kenya an estimated KES 2 billion (about $23 million) in 2013.
In March this year, Kenya’s ICT ministry also asked all stakeholders to provide ideas and courses of action to be included in a cybersecurity strategy for the East African country.