Kenya one of the amazing countries in the eastern part of Africa, has been facing a series of cyber-attack from threat actors.
The country which boasts of over 54-million human population, and the third largest economy in Sub-Saharan Africa after Nigeria which first, and South Africa which is second; has had its government facing series of cyber malicious engagements.
The attacks, has affected a series of key government online platform for the past seven days. The hackers also not just limiting their procedures to just the government institution, but further take their malicious gaming to other private institutions.
It is not certain at the moment, the threat group behind the attack, the motive of the threat group, and the extent which they have gone to exploit the Nairobi (capital of Kenya) parastatals, and private institutions.
Description of the Event:
The description of the event that really occurred is said to be an attack, that targeted the government eCitizen portal, that is utilized by the public, in accessing government services that is said to be over 5,000 in number.
The citizens experiences could be documented from their complaints in accessing a list of services such as:
- The application and renewal of passports (travel documents).
- The issuance of e-visas for foreigners intending to visit the country.
- Issuing of other government identifiable documents such as: driving license’s, identification cards, and national health records.
The incidence further became outrageous when other services such as the train-booking systems, and electricity payment systems where also disrupted. A major hit was the financial institution, where the Mobile-money banking services was affected. The services such as M-Pesa a mobile payment, utilized by the citizens to make purchases at local shops, paying for public transportations, hotels and other necessities experienced glitches.
The government in an emergency response to those who were affected by e-visa application platform downtime, had to go out of their regulations to promise visa on arrival for intending visitors whose country would have qualified for the e-visa; due to the eCitizen system downtime.
The digital age and mode of transacting businesses has been adopted by Kenyan government, and the citizens have been continuously advised by the government to adopt the new modal form of conducting business. The magnitude cannot be ascertained for now, but it is known from statistics that over 76% of the Kenyan citizens have adopted the use of mobile money, and over 67% adopt the use of mobile internet. With these statistics it is certain that a large population of the citizens were impacted by the attack.
The Minister of Information and Digital Economy of Kenya Mr. Eluid Owalo, confirmed that indeed the incident did occur, however, no data has been exfiltrated. Although this information is disputed, as the hackers says otherwise; that passport data were stolen.
The senior officials of the ministry held a meeting with a group of private sector players, discussing about the necessity of cybersecurity, although it is not certain if the incident occurrence triggered this, or a pre-planned event by the ministry. The Kenyan government announced to the public that the source of the attack has been blocked, although fitful interruption of the efficiency of various services is still noticeable on various online platform.
Threat Group Responsible for the Attack:
A set of groups titled by the name Anonymous Sudan; claims they are the threat group responsible for the attack.
The group claims to attack anyone who tries to interfere with the internal affairs of the Sudanese government, although there is suspicion that the group is somehow linked to the Russian state.
In a series of their outward declaration, in support of the Russian government during the Wagner insurrection sometime in June, it is deduced that they might be an affiliate of the pro-Russian threat group known as the Killnet, but anonymous Sudan denies of ever having any affiliation with the international hacktivist.
Earlier January this year, the anonymous Sudan group emerged and has been making waves with a series of regular disruptive but not sophisticated, cyber-attacks they have been carrying out since their emergence. In a telegram channel owned by the group; it is said that they have been making post on imminent attack on systems owned by the Kenyan government.
Their reasons for carrying out the espionage as stated by the group:
“Kenya has been attempting to meddle in Sudanese affairs and released statements doubting the sovereignty of our government.”
It is known that the Kenyan President William Ruto’s has been trying to mediate the recent conflict issues between the northern, and southern part of Sudan, which has been outrightly rejected by the Sudanese government; on claims that he is not neutral in his mediation. In a video that went viral, it is shown that the Sudanese general was taunting President Ruto, and the Kenyan Military. In a retaliation, a parliamentary member of the Kenyan President, was seen making a video hitting back at the Sudanese general.
The threat group, in an interview with BBC Cyber Correspondent (Joe Tidy) and a cyber-researcher by the name IntelCocktail, via telegram denied of having any links with the Killer group from Russia.
In a response from the spokesperson of the group, they said:
“Those claims are baseless and false; we sometimes write in Russian simply because there are many Russian members in our channel.” – Source BBC.com
Although this seems to be not true, as other cybersecurity organization such as Truesec, reported earlier this year that the Anonymous Sudan, list the location of its users to be Russia. Other cybersecurity organization such as Trustwave and Mandiant have the opinion that the threat group maybe working for the kremlin, although no substantial proof for the discovery at the moment.
According to BBC.com, a cybersecurity expert from Africa Centre for Strategic Studies, told them that “There was no doubt it was a pro-Russian hacking group and that despite its name, it does not appear to have verifiable linkages with the country of Sudan.”
He said that based on the tools and techniques used by the group, it is discovered that they mirrored that of other hacking groups belonging to Russia.
In a statement he said:
“And if you look at the group’s targets, they are mostly Western or West-aligned countries and government. It does not appear to have attacked any targets in Russia itself.”
However, BBC Cyber Correspondent (Joe Tidy) said it wasn’t possible to draw any final conclusion of the group’s actual identity, from the interview conducted.
How the Attack on the Kenyan Government, was Staged:
From the analysis and event that happened during the cyber-attack, it can be concluded that the attack is DDOS (Distributed-Denial-Of-Service), based.
This is mostly used by hackers in flooding the network, servers or services provided by the government of a state or big cooperation’s, in other to flood the server rendering these services with overwhelming traffic, which then results into service downtime. In some cases, the downtime maybe for hours, and in major incidence might go on for weeks, depending on the strength of the bots flooding these networks, and the weakness of the security put in place, on the infrastructure rendering the response when a query (information request) is sent.
The group Anonymous Sudan, has also been detected to use this same Techniques, in launching an attack against Microsoft, sometime in June.
The Minister of Information and Digital Economy of Kenya Mr. Eluid Owalo further stated:
“They tried jamming the system by making more than ordinary requests into the system. It started by slowing down the system.” – Source BBC.com
Another important source from a Kenyan based Cybersecurity expert by the name (Bright Gameli), has a vital opinion that insiders might be involved. In his statement:
“DDOS to critical endpoints are never random. One needs to know a lot of information, to know exactly where to hit, thus bringing a lot of systems to a halt.” – Source BBC.com
More Future Attacks? How Prepared is the Kenyan Government:
It is certain from the comments of the threat group, that more future attacks should be expected by the Kenyan government. But how prepared are they? In overcoming these threat actors or other groups unknown, in futuristic attacks.
According to reports from BBC.com when they spoke with Mr. Allen:
“Kenya is probably as well prepared as any government in Africa to respond to such an attack. It has a well-developed cybersecurity and computer-security emerging response infrastructure. It ranks 51st out of 182 countries on the UN ITU’s Cybersecurity Commitment Index.”
In a further statement to BBC.com he made a series of facts on how badly the country was affected by the attack. He is of the opinion:
“The dangers of becoming dependent on digital technology for critical economic functions without taking cybersecurity seriously.
To some extent, countries across Africa are prioritizing digital development rather than cybersecurity when it is becoming increasingly clear the two need to go hand-in-hand.”
Although the incidence is quite alarming as numerous services were disrupted that did not only affect the government, but also incurred a huge financial loss, as a result of various service downtime. The amount of information and financial mishap hasn’t been publicly disclosed or stated.
We at FixitgearwareSecurity, hope this would not impact the integrity and trust which Kenyan citizens, and citizens of other countries will have with regards to using digital services provided by the Kenyan government, to enable users in carrying out the various transactions that they offer, and as well worried if their sensitive data is adequately protected.
Please do let us know in the comment section what are your thoughts about this.