Shares

I consulted an IT security expert Tyrus Kamau on the Safaricom hosted Kenyan websites hack and this is what he had to say:

Hapa: What can you tell me about the attack?

Tyrus: This sort of attack to the websites concerned is called a Web Defacement. It basically involves getting unauthorized access to the web server and uploading your own web page or image. The reason this attack is easy to perform is because the hackers rely on poorly designed and developed websites, thus leaving loop holes to exploit the vulnerability.

In this case, they websites could have been vulnerable to one getting remote access to the web site folder and allowing anyone with that access to upload their own web pages.

Hapa: Could it have been avoided?

Tyrus: Absolutely. The owners of the website should have conducted what is referred to as a Penetration Testing and Vulnerability Assessment. This exercise allows one to play the role of a hacker in order to exploit any vulnerabilities which could lead to the web site’s compromise. Also hiring web developer’s who are security conscious is another way to mitigate such embarrassing charades.

Hapa: Who’s to blame?

Tyrus: The first culprit will obviously be the alleged Tunisian hackers and rightfully so. However, even if you were to narrow down on the exact perpetrators, our laws aren’t mature yet to build a case which is cross border. On the other hand, I think the owners of the affected websites should restore the websites with full knowledge that so long as it is accessible from the internet, someone is bound to try and take it down. So i would recommend a security test against the site even after restoring it.

Hapa: All the websites share a web server. Could this, in any way, have contributed to the hack?

Tyrus: Yes. There was a similar attack on 113 GOK websites and they were all co-hosted on the same server. One website bearing a vulnerability also opens up the others for compromise.