Hack calls government security preparedness into question A hacker group calling itself “Anonymous Kenya” has poked holes at the government’s cybersecurity preparedness by hacking two official Twitter accounts.The accounts of The Kenya Defence Forces (KDF) and KDF Spokesman Major Emmanuel Chirchir were hacked on Monday and the users were only able to regain access to them yesterday evening, through the intervention of Twitter. Before Twitter intervened the users of the accounts couldn’t log in or reset passwords.[Activism’s slippery slope: Anonymous targets children’s hospital]Kenya has been involved in the war in Somalia, mainly targeting terrorists and pirates, and updates of the Somalia incursion have been coming through @kdfinfo and @majorEchirchir. “So much poverty in Africa while you are wasting money in guns,” was one of the tweets sent out on the @kdfinfo account following the breach. The hacked @MajorEChirchir account was used to tweet President Uhuru Kenyatta, “Hey @UKenyatta give me the weed!”This is the second time the government has been embarrassed by a hack. The first time was two years ago when 128 government websites were hacked by an Indonesian hacker. After the incident the government promised to put in tighter controls. To show that it was taking information security seriously, the government consolidated all agencies handling ICT under the current, central ICT Authority, which was then charged with handling all government ICT related matters. A government ICT security master plan was also supposed to guard against hacking incidents.“Policies exist on paper but whether they are enforced or not is an entire debate altogether,” said Tyrus Kamau, an independent security consultant. “Now we have a National Cyber Security Strategy and master plan from which all government IT security policies will be derived and it’s just a question of prioritizing the implementation of the master plan and having the right people in the right place doing the right things,”[More governments want Twitter user data]The Twitter hack exposed the need for the government to train personnel on security preparedness, including basic issues like passwords, and how to use social media. To that end, the government should take on the C4ISR (Command Control Computers Communications Intelligence Surveillance Reconnaissance) methodology used for cyber defense by the U.S., said John Gichuki, a security consultant involved in public and private sector security tests.On its part, the ICT Authority said that it was enforcing new security measures and would release an update once all the processes were in place. Related content feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach news Top cybersecurity product news of the week New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Cycode, and more. By CSO staff Nov 30, 2023 17 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe