Poor security measures at fault for cyber attack, say government IT experts

IT experts have suggested that the scale of yesterday’s attack on government sites was due to poor security mechanisms.

Government IT experts have told Minivan News today that the hosting of multiple government sites on a single server was a security concern of which government was aware.

“Shared hosting is cheap, while having a dedicated server could be expensive. So this is a price versus security choice. But even with shared hosting if the server is secured properly it would minimise the risks,” said a cyber security official at one government institution.

Dhiraagu has today confirmed that the 117 websites defaced in yesterday’s cyber attack by a Syrian anti-war group were hosted on a single Dhiraagu server.

The Maldives’ oldest telecommunications company noted that all affected websites were fully restored last night, within twenty four hours of the attack.

“Attacking government websites is a criminal act and this is being investigated by the police now. Such attacks are carried out against many corporations and organisations around the world, even the most secure,” said Dhiraagu Public Relations Executive, Ibrahim Imjad Jaleel.

“Our engineers have assure that assured that security will be upgraded even further to ensure such an incident is not repeated in the future. It is equally important for developers to increase the security features of websites,” he added.

Shared hosting issue previously flagged

IT experts have told Minivan News today that the attack was likely to have been carried out by the manipulation of one or more vulnerable government websites hosted on a single Dhiraagu server.

“It seems that after accessing the server and gaining elevated privileges, the attacker decided to deface the websites. If it was someone with really malicious intentions they could have done more,” explained a local software engineer.

“Defacement is the least of our worries – think about what somebody could do or have probably done already. Load in exploit code on the pages and nobody would notice. It is possible to compromise thousands of Maldivians and offices,” they warned.

The case is now being investigated by the cyber crime division at the Maldives Police Services (MPS).

Ahmed Athif, head of Information & Communication Directorate at MPS said police will conduct an assessment and share the information and recommendations with the National Centre for Information Technology (NCIT) and other relevant authorities.

While he noted that this is the biggest attack of this nature to be carried out against the Maldives government, he said specific details of the case could only be revealed after a thorough investigation.

The NCIT has made no official comments regarding the issue, but a source within the centre today told Minivan News that the shared hosting of sites and other security concerns have frequently been raised during security assessments of government institutions.

In August 2013 the Elections Commission reported that their servers were continuously under attack at the time, while in the same month the Department of National Registration’s (DNR’s) ID card database with political party affiliations was leaked online.

Police later said the database was stolen from an Elections Commission web server after it had been hacked.

In March 2013 the United Nations (Maldives) website was also defaced in order for a hacker to deliver a message saying that securit on their website was insufficient.

Responsibility for yesterday’s attacks was claimed by Dr. SHA6H – an anonymous figure who has claimed to have infiltrated hundreds of similar sites across the globe over the past two years.

“This site has been hacked because of the world’s silence of three years of massacres that occur in Syria and this is still happening,” read the message left on the defaced websites, attributed to a group called the Syrian Revolution Soldiers.