'Anonymous Kenya' group hacks government Twitter accounts

Hack calls government security preparedness into question

The hacked Twitter account of the Kenyan Defense Forces

The hacked Twitter account of the Kenyan Defense Forces

A hacker group calling itself "Anonymous Kenya" has poked holes at the government's cybersecurity preparedness by hacking two official Twitter accounts.

The accounts of The Kenya Defence Forces (KDF) and KDF Spokesman Major Emmanuel Chirchir were hacked on Monday and the users were only able to regain access to them yesterday evening, through the intervention of Twitter. Before Twitter intervened the users of the accounts couldn't log in or reset passwords.

Kenya has been involved in the war in Somalia, mainly targeting terrorists and pirates, and updates of the Somalia incursion have been coming through @kdfinfo and @majorEchirchir.

"So much poverty in Africa while you are wasting money in guns," was one of the tweets sent out on the @kdfinfo account following the breach. The hacked @MajorEChirchir account was used to tweet President Uhuru Kenyatta, "Hey @UKenyatta give me the weed!"

This is the second time the government has been embarrassed by a hack. The first time was two years ago when 128 government websites were hacked by an Indonesian hacker. After the incident the government promised to put in tighter controls.

To show that it was taking information security seriously, the government consolidated all agencies handling ICT under the current, central ICT Authority, which was then charged with handling all government ICT related matters. A government ICT security master plan was also supposed to guard against hacking incidents.

"Policies exist on paper but whether they are enforced or not is an entire debate altogether," said Tyrus Kamau, an independent security consultant. "Now we have a National Cyber Security Strategy and master plan from which all government IT security policies will be derived and it's just a question of prioritizing the implementation of the master plan and having the right people in the right place doing the right things,"

The Twitter hack exposed the need for the government to train personnel on security preparedness, including basic issues like passwords, and how to use social media. To that end, the government should take on the C4ISR (Command Control Computers Communications Intelligence Surveillance Reconnaissance) methodology used for cyber defense by the U.S., said John Gichuki, a security consultant involved in public and private sector security tests.

On its part, the ICT Authority said that it was enforcing new security measures and would release an update once all the processes were in place.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rebecca Wanjiku

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts