East African Firms Caught Up in Hacking Spree

A number of sites in East Africa were hacked starting last week by multiple hackers, in what appears to be an uncordinated hacking spree .The hacks come just after an overnight hack involving 103 Government of Kenya websites by an Indonesian hacker. This include the website of MTN, the largest mobile operator in Rwanda and a major player across the continent. Hackers in the name of INYANGAMUGAYO got an entry into the database changed MTN’s website, leaving a politically motivated message to Rwanda’s president, Paul Kagame. The attack appears to border on issues of National Security for the country.

The attack appears to have been through SQL injection, where vulnerabilities in the code of a page enable an attacker to insert and execute their own code on the underlying database, thus gaining illegal entry into it. A group of hackers known as Rwandan Hackers had shortly before the hack posted information about SQL injection vulnerabilities on the MTN Rwanda site.

MTN took off the site for a couple of days, but it is now back up, It is not clear if the same vulnerabilities affect other MTN sites.

The above Rwandan Hackers also hacked into the website of The East African Standard, a leading media house in East Africa based out of Kenya. In the attack, hackers gained entry into the sites database and published about 1000 usernames, emails and encrypted passwords of users. While the passwords may have been encrypted, it is easy to decrypt and thus reveal short passwords, especially since the passwords were not salted. Salting mixes the password with random characters before encrypting it, making it harder to decrypt.

Such attacks are normally dangerous as it has been found that users commonly use the same password on social media sites , web mail accounts such as Gmail and Yahoo and at times even in Internet banking sites. The exposed details are posted here https://pastebin.com/QCtP3AxH.

Attack on the East African Standard appears to have been also through SQL injection. It is still not clear if the site administrators have notified affected users, or fixed the vulnerabilities.

On Saturday morning , Toyota East Africa’s website was hacked into and defaced by hacker known as X-line. The hack appears to have been an automated one , targeting thousands of websites globally and affecting other Kenyan domains. Other affected organisations, according to the hackers database include ICEA Lion insurance group. A detailed list of compromised domains under the Kenyan domain space can be found herehttps://www.zone-h.org/archive/filter=1/domain=.co.ke/fulltext=1/page=1

Rwandan Hackers have also announced that they were able to hack into the database of Sahaj Computers, who are security vendor’s Kaspersky distributors in Tanzania. The hack was through SQL injection and the hackers published the username of the administrator’s account.

In January, Rwandan Hackers have also hacked into a site belonging to a Nigerian Government Agency and the University of Ghana.

At the same time, several security experts have exposed several Kenyan banks for exposing critical banking infrastructure. On Saturday , one bank was named in the Security list for operating Internet banking over an unsecured connection, thus leaving banking information exposed.

On Monday, a banking and commerce mobile application made by a Kenyan firm was found to be interfacing with several banks on unsecured interfaces , with default usernames and passwords which are known to most system administrators.

Related:Kenyan hackers to hold hacking battle