From Monday evening, Kenyans looking to access over 5,000 government services through the eCitizen self-service portal were met by slow service.
For 3 days, the website has been down. Sudanese hackers admitted to this malice in the wake of the ongoing diplomatic cold war between Kenya and Sudan.
A month ago, President William Ruto launched the Gava Mkononi app, which aimed at digitizing approximately 80% of all government services.
On Thursday, June 27th, Kenyans received the confirmation by ICT and Digital Economy CS of the malicious hacking attempts on eCitizen and other government platforms.
“Yes the eCitizen platform was hacked and we are addressing it. They tried jamming the system by making more than ordinary requests to the system. However, no data has been accessed or lost,” he said.
The question lingering on a majority of Kenyans’ minds is, ‘How did this happen?’ In this article, we shall take a look at what the hackers did to bring down the eCitizen platform and their intended goal.
How it happened
The government was able to restore the eCitizen service in a short span. They however continue to remain vigilant over potential cyber security attacks of such a magnitude.
The state characterised the attack as a form of Distributed Denial-of-Service (DDoS) cyber attack.
According to CloudFlare, a DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
In an exclusive interview, Moses Kemibaro, the CEO of Dotsavvy Africa noted that a DDoS attack is essentially a traffic jam of malicious bots clogging up a highway.
“A DDoS or Distributed Denial-of-Service, attack is essentially a form of digital congestion. It’s as if you are trying to drive on Thika Road during rush hour, but all of a sudden, thousands of additional cars, buses and trucks flood the road,” Mr. Kemibaro clarified.
“Chaos, right? That’s pretty much what a DDoS attack does to a website or online service, as with eCitizen. It sends so much traffic that a website or online service can’t handle it and ends up stuck in its own digital traffic jam,” he added.
The CEO further explained that computers, known as botnets, are used to carry out cyber attacks and are infected by malware/viruses. Oftentimes, the computers are so many and are all internet connected.
Thousands of malicious botnets controlled remotely by hackers were issued with remote instructions to flood the eCitizen platform.
Each bot sent requests to eCitizen all at the same time, causing the eCitizen’s server to overload and resulting in denial-of-service to normal traffic.
For this reason, it becomes difficult to differentiate normal legitimate traffic from malicious botnet traffic.
“It is basically a form of malicious digital sabotage,” Dotsavvy’s CEO stated.