top of page
Lanon Wee

Examining the Kenya Cyber-Attack: Investigating the Reason for eCitizen's Outage

For the past week, the Kenyan government has been attempting to repel a considerable cyber-attack that has caused disruptions in services for a significant government online platform. Some private companies have been affected by the attack, though the degree of the impact is still unknown. Questions remain concerning the individual/s responsible and the underlying cause. The government has affirmed that the eCitizen portal, which enables the public to access over 5,000 government services, experienced a cyber-attack. Many people voiced their grievances for several days concerning various issues they faced while attempting to access services on the portal, such as: The government had to pledge to offer visas on arrival for travelers who would have been eligible for e-visas because of the issues caused by the eCitizen system. Train-booking systems and electricity payment were also disrupted. Individuals who use M-Pesa for their banking needs were not able to do so as normal, due to disruptions experienced in its service. Such interruptions hindered the ability of customers to send money to and from their accounts for activities such as paying for goods at stores, travel fares, and hotel bookings. Safaricom, in charge of the service, has yet to formally voice its opinion and there is obscurity whether they were subjected to the hack. The government has been encouraging people to make use of online government services, which, combined with the great number of people accepting mobile money payments, has had a significant effect on many Kenyans due to the attack. In Kenya, the majority of people (76%) employ mobile money, while two-thirds (67%) use the mobile internet. Eliud Owalo, the Minister for Information, Communication and Digital Economy, attested to the occurrence of the attack, yet insisted that no data had been obtained or despoiled, notwithstanding the hackers behind it claiming to have looted passport information. On Friday, ministry officials from a senior level held a gathering with representatives from the private sector to discuss all matters pertaining to cyber security. Although it has not been determined whether the discussion was set up in response to a prior attack, or was scheduled beforehand. The government has claimed to have succeeded in stopping the point of origin of the attack, although there are still occasional interruptions that have an impact on the usual speed and access of services on the web platform. The people constituting Anonymous Sudan have taken credit. This self-described collective of Sudanese cyber-warriors emphasizes that they will respond with aggression to any attempts to meddle in Sudan's internal affairs. It is purported that they have affiliations with Russia. The group openly expresses backing for Russia and has allied itself with the pro-Russian hacking organization Killnet. It denies any associations with the well-known international hacktivist group - Anonymous. Since January of this year, the anonymous Sudan group has been busy, performing numerous disruptive (though not particularly complex) attacks. The majority of the group's posts were made on a Telegram channel, where an alert concerning a potential attack on Kenyan networks was published on Sunday. It claims that it launched the assault because "Kenya has been interfering in Sudanese matters and issuing declarations that question the legitimacy of our administration." The Sudanese government has frequently refused Kenyan President William Ruto's offer to mediate in the continuing dispute between the Sudanese military and the paramilitary Rapid Support Forces (RSF), questioning his impartiality. A video featuring a Sudanese general jeering at President Ruto and the Kenyan military circulated over the internet last week. A legislator from Mr Ruto's political faction took a video which was disseminated extensively and used it to rebuke the general. Last month, Joe Tidy, BBC Cyber Correspondent, conducted an interview with an anonymous individual from Sudan on Telegram, alongside a cyber researcher known as IntelCocktail. The group refuted any connection to Russia. The spokesperson commented, "The assertions are without any ground and inaccurate; from time to time, we communicate in Russian as there are many Russian members in our channel." A recent study by cyber-security provider Truesec suggested that Anonymous Sudan's Telegram account associates its user with Russia, as noted by their location. Experts from security firms such as Mandiant and Trustwave propose that the organization may have a connection to the Kremlin, although no definitive proof has been provided. In June, the Wagner mutiny demonstrated their backing for the Kremlin. They put it like this: "We don't have any preoccupation or emphasis on Russian matters, however something analogous took place in our country, and Russians offered us their support, consequently we desired to repay them." Joe Tidy noted that it was not possible to come to any definite decisions regarding the group's actual identity from the interview. The attack relied predominantly on a DDOS, which is a technique commonly employed by hackers to overwhelm online services with an influx of requests, in efforts to render them inaccessible. In June, Anonymous Sudan executed the same technique in their highest-profile attack on Microsoft services to date. The Information Minister stated that they attempted to overload the system by submitting an excessive amount of demands. This started by reducing the velocity of the system. Gameli, who is from Kenya and works in cyber-security, believes that those inside could be implicated. He remarked that DDOS attacks launched against essential endpoints are never arbitrary. Being aware of substantial data is essential in determining precisely where to hit, leading to a disruption of multiple systems. "We are fortunate there has been no unauthorized removal of data as it would have been mortifying."

Коментарі

Не вдалося завантажити коментарі
Здається, виникли технічні проблеми. Спробуйте оновити сторінку.
bottom of page