A group of hackers known as the Kurd Electronic Team defaced Kenya's government related websites earlier on 1 June 2019. At the time of publishing some of the websites, like that of the National Youth Service, had been restored while others were still displaying the hacking group's message stating that they were responsible for the defacement.

In some cases, Kenya's ICT Authority seemed to have regained control and put up a message that they are under maintenance.

"Sorry for the inconvenience but we're performing some maintenance at the moment. If you need to you can always contact us. Otherwise we'll be back online shortly! - GoK Cyber Security Team"

Hacktivisim or just mischief?

So far, it is not clear what was the motive for the defacements. However, looking at the list of hundreds of websites that the Kurd Electronic Team have previously defaced worldwide it could well be that they hunt for vulnerabilities on websites and when they find them, they exploit them and deface their target websites.

In recent years activity around defacement of African government websites perceived to be oppressive has increased. During July 2018 South Africa's Presidency website was defaced with a message that declared "Sahara is Moroccan" while later in the same year Gabon's government websites were attacked by Anonymous in protest against the government and specifically against the dictatorship of President Ali Bongo.

More recently, the hacktivism group Anonymous DDoS'd Zimbabwe and Sudan's government websites because  of their acts against their own citizens.

Is Kenya's citizen data safe?

Recently Kenya's government embarked on an initiative to collect and digitize citizen data including some biometric data under the Huduma Namba initiative. This initiative has raised several concerns among some citizens who highlighted that Kenya already has a unique identifier for citizens with the national ID number. Other concerns include the alleged possibility that the government is going to sell citizen data to the highest corporate bidder.

However, given this recent defacement of Kenya's government websites, some have started asking whether all of Kenya's systems are secure from being exploited by potential hackers.

It's also important to note that most of the government websites, before they were defaced, did not have any SSL certificates.