Mr.Normal User: Hey Mr. Security Expert, my twitter account has been hacked, what do I do?
Mr. Security Expert: Change your password, disable all the third party apps you are using and then jienjoy
Mr.Normal User: My email has been hacked too, so I can’t get the password changed
Mr. Security Expert: Are you using commercial emails like Gmail or private email for the company or organization
Mr.Normal User: I am using the private email
Mr. Security Expert: Then tell your hosting admin to reset the password from the server, after that start the process of reclaiming your twitter account
Mr.Normal User: By the way what if I was using commercial email?
Mr. Security Expert: Then you needed to follow their password recovery procedure. May be you will need to provide your alternative email or number to get the security code. Just like if you would have done if you had forgotten your password.
Mr.Normal User: Ok
It is over 3 days since the KDF twitter account was hacked allegedly by anonymous group. The KDF account together with that of Army Liaison Officer Major Chirchir remains in the hand of the hackers up to the time of writing this article.
— Kenya Defence Forces (@kdfinfo) July 21, 2014
Being hacked is normal, I mean so many people and organizations get hacked around the world, but not being able to retrieve the account over three days later is just sad.
I must say that, at first it was like a joke but now it is serious. Actually it is more than alarming and it points to bigger problems we have in this country. Kenya is mentioned in high regards when come to emerging tech hot spots around the world. With that in mind, the situation moves from being a humiliation to the Government to an embarrassment on the people who work in the tech industry. If you think this a joke then the following should be a wake-up call:
Integrated Financial Management Information System of Kenya Hacked http://t.co/J8JBGzDofB
— Major E K Chirchir (@MajorEChirchir) July 21, 2014
Now we are talking about the system use by the Government to manage the public finances.
I am trying to look how this was handled by Itumbi and his team. So when the account was hacked they tried all they can, and by that I mean they wrote to twitter and waited to be helped
— Dennis Itumbi (@OleItumbi) July 21, 2014
Almost 24 hours later, they managed to retrieve the accounts but the celebrations lasted for only two hours. The accounts were hacked again by the same person or group. From there onwards, the digital team seems to have stopped trying to get back the hacked accounts, and the hacker also stopped using the two accounts. Kenyans being Kenyans too forgot the story on the second day and moved on to “LMAO” on other things.
So why should this be, in a country known to be leading in tech in this part of the world? The problem is much within the structure of the Government and how they ended up using Social Media. The Jubilee Government marketed themselves as a digital team, in other words a group of people who are very tech savvy. At the time or even up to now everyone in the team thought or still think they are tech experts and that include the security issues. At the beginning,to prove that they are digital as promised, they created several social media accounts without planning or proper strategy on how they would handle the online jungle.
Being tech savvy in Kenya going by the Jubilee Government definition, simply means using social media, and specifically Twitter and Facebook. After taking over the Government, Social Media was used for all the manner of things and it became a Government of hashtags. By the end of December last year digital team had created over 85 hashtags. The following are some of them
This year they moved a step higher and even launched a hashtag to curve online hate speech (#StopHatespeechKenya). Yes, officially launched. And that is how serious they take this hashtag thing.
Using hashtag and thinking you are tech gurus is one thing but when the real gurus like Anonymous group visit the town, it is completely another matter. But again if you are Kenyan, that is the point where you would think that the Government would mobilize all the best tech brains and online security experts in the country to help them solve their hacking problem. Well, they have not. Their main solution was to reach out to Twitter and sit back and wait. The digital team only reached out to one Tyrus Kamau for example after he asked them on twitter to do so.
AM: Following the hacking, you have reached out to Dennis Itumbi, the Government Of Kenya’s Digital Strategist, are you able to comment on this?
Ty: Yes I did though I cannot comment on that at this stage. All I can say is it was purely at an advisory capacity to secure other Government of Kenya institutes.?
I called Tyrus to confirm how much they discussed and why the team were not able to use the advice given by him to secure the accounts. Unfortunately, their conversation lasted for like 30 seconds. Too bad.
Is there way out? Of course yes, but let’s go back again to the beginning.
Whenever a company go to a new place to open a branch or office, there is always a proper preparation. First the research to understand the place, to understand the culture, to understand what are needed in order to be successful in the new place. Through the research one is able to put in enough resources, including the supporting teams. Kenyan Government went online without doing the required research. They never hired the much needed technical team to help in shaping the technical aspect of being online. They never thought of the risks involved in being online especially when you do it without the tech support team. Due to that they remained exposed and hackers can do what they like with almost every Government online accounts including websites.
I did mention to someone that the hacking of those accounts and the struggle to get them back might be a good thing, like a blessing in disguise. My thinking at the time was that, it would be a wake up call and the Government would take online seriously and don’t treat it like a by the way. Unfortunately, it seems I was wrong. By the look of things, they have given up and I wonder how much enthusiasm remain in them for the internet in general