A man simulating hacking into a computer. (Photo: Courtesy)

The Communications Authority of Kenya (CA) website has been hacked. CA is the State agency that regulates Internet resources for public and private entities. Interestingly, by extension, the agency is supposed to protect all government sites from malicious attack.

The hackers also took down the National Environment Management Authority (Nema) website for several hours casting doubt on preparedness of Kenyan State agencies to fight cyber crime. The two regulators had their websites defaced for several hours on Thursday with the latter still down by the time of going to press.

CA was hacked by a group referring to itself as AnonPlus that replaced the regulators homepage with a five-point hackers’ manifesto promising to ‘defend freedom of information, freedom of the people and emancipation of the latter from the oppression of media and those who govern us’.

“AnonPlus puts offline sites that actively contribute to the control of the masses from the corrupt that by manipulating information and opinions create false realities; this is censorship!,” read the message posted on the CA website in part.

Nema was on the other hand hacked by a group referring to itself as the “Moroccan Islamic Union Mail” with just the words, ‘Moroccan Islamic Union Mail was here’ scrolled in caps lock where the home page is supposed to be.

The hacking of the State websites, which comes just a few months after the communications sector regulator unveiled it’s revamped website, has once again rekindled the debate of the security of Kenya’s public digital infrastructure against cyber crime.

In 2014, the Kenya ICT Authority embarked on an overhaul of government websites to host them under one server in a bid to boost security in the wake of massive cyber-attacks that had seen even Deputy President William Ruto fall victim. The attacks were conducted by a group calling itself Anonymous Kenya and saw twitter accounts belonging to DP William Ruto, Kenya Defence Forces and the spokesman Major Chirchir hijacked and used to post derogatory messages. “We conducted an audit of government websites and found that in their present state, many websites do not conform to the standards the ICT authority developed and are insecure,” explained Mr Victor Kyalo, then ICT Authority CEO and current PS at the ICT ministry while announcing the overhaul.

“It has become necessary to upgrade the hosting environment, reorient the websites to the approved standards and train ICT officers and Public Communication officers on the best practices for developing and maintaining websites,” he said.

Cyber criminals

The recent hacks, however, indicate that the overhaul might not have worked as good as the ministry had hoped. “It is sad that this has happened and we are constantly working as a country to secure our digital infrastructure,” explained ICT Cabinet Secretary Joe Mucheru yesterday.

“The overhaul of the websites did happen and the challenge at the time was bringing government websites under a common, secure hosting but the CA website was not part of the project but we are working to bring it into the fold,” he explained.

With government agencies at both the central and county governments increasingly relying on technology for numerous functions, the threat of cyber security in the country has been heightened. Commercial banks and mobile phone money transfer clients have traditionally been the targets of cyber criminals but recently the government seems to be a victim.