MNDF website hacked

The website of the Maldives National Defence Force (MNDF) was hacked this morning and is currently offline.

MNDF Spokesperson Major Hussain Ali told local media that control of the site has since been regained.

“It’s going to happen again,” reads a message on the hacked home page under the date ‘7-11-2014.’

“There are only two ways to live. One is though nothing is a miracle. The other is as though everything is a miracle,” read the rest of the message.


No intention to “displease” Russia with Seleznyov expulsion, says home minister

The Maldivian government would have “acted differently” if the Home Ministry had been aware that an alleged hacker expelled on July 5 was the son of a Russian lawmaker, Home Minister Umar Naseer said on state broadcaster Television Maldives (TVM) last week.

“Had it been known that he was a high-profile person in Russia, we would have discussed with Russia. We would have talked and found out what they thought of the matter. We don’t want at all to do anything to displease Russia,” Naseer said on TVM’s Raajje Miadhu (Maldives Today) programme Thursday night (July 17).

Naseer said that the Home Ministry was only aware of information concerning the suspect’s alleged crimes, adding that the government had no wish to be caught between Russian-American rivalry.

The Russian Foreign Ministry had expressed outrage over the arrest of Roman Valerevich Seleznyov, 30, from the Ibrahim Nasir International Airport (INIA) and called it a “kidnapping” by the U.S. Secret Service.

The Home Ministry however insisted that Selezynov – son of Russian parliamentarian Valery Seleznyov – was expelled in response to an Interpol red notice with American authorities informed upon his arrival in the Maldives.

The US embassy in Colombo backed the government’s stance with a spokesperson informing Maldivian media that an Interpol red notice had been issued following indictments relating to bank and computer fraud that affected thousands of American citizens.

“This was a law enforcement action, and was based solely on law enforcement considerations. The indictment in this case was returned on March 2011, and thus long predates any current issues involving Russia and the United States. It has nothing to do with any of those issues. Nor was this a ‘kidnapping’ or in any way illegal,” the spokesperson stated.

Seleznyov “was arrested following his expulsion from another country, acting under its own laws. He was advised of his rights and given consular notification. These actions also were in no way inconsistent with any treaty arrangements with Russia.”

While President Abdulla Yameen has dismissed allegations of a US Secret Service operation on Maldivian soil as baseless, Home Minister Naseer insisted in parliament last week that Selezynov was arrested lawfully “by Maldivian police”.


However, Russian media has reported an anonymous eyewitness at the airport as claiming that Selezynov was allegedly handcuffed and led away by “two white guys” before he was about to board a flight to Moscow.

“I can remember one very clearly, one was wearing a green T-shirt and jeans type pants. He cuffed him,” the eyewitness told the Voice of Russia radio station.

While Maldivian police were present, the eyewitness claimed “they were not engaging in anything, they were just behind him.”

Selezynov was taken to the VIP lounge where passengers departing on private jets are processed, the eyewitness explained.

His girlfriend, Anna Otisko, who was with him at the airport told Russian media at a televised press conference on July 11 that her partner was “grabbed by unknown men” at the airport.

Selezynov’s father has also called on Russian authorities to impose economic sanctions on the Maldives and reportedly offered US$50,000 for evidence proving his son was detained by American intelligence agents.

“No legal procedures involving local authorities required for extradition were observed,” the Russian Foreign Ministry contended in a statement.

“The Russian citizen was literally kidnapped, which is a flagrant violation of the laws of any civilised state as well as international law.”

Maldives Foreign Minister Dunya Maumoon and Attorney General Mohamed Anil meanwhile flew to Sri Lanka last week to brief Russian diplomats regarding the incident.

The ministry said in a statement that “strong, mutually beneficial” relations with Russia would not be derailed due to the “isolated incident.”

Due process

The opposition Maldivian Democratic Party (MDP) has also accused the government of flouting due process in Seleznyov’s arrest.

In a statement, the party said that personnel of Maldivian security services must make arrests within Maldivian territory and a warrant from a Maldivian court must be obtained for such seize-and-arrest operations.

Further, the suspect should also be produced at the relevant court in Maldives prior to repatriation, the party said.

The MDP has also expressed concern the incident may have adverse effects on trade and tourism.

Russia currently ranks fifth in terms of the number of tourist arrivals to Maldives, with more than 33,000 tourist arrivals during the first five months of 2014.


Court did not share Elections Commission security information, says police

Data and technical information provided by the Supreme Court to a police forensic team during the Jumhooree Party’s case against the Elections Commission (EC) could not have been used to access the commission’s web servers, the Maldives Police Service has said.

Police said in a press release yesterday (October 21) that the forensic team offered technical assistance sought by the court to examine the evidence of alleged electoral fraud.

The police team were provided a printed list of the marked voters register and the access logs for the EC’s ballot progress report system (BPRS), which contained the IP addresses of those who had accessed the server, along with date and time.

“This is not information that could be used to penetrate any web site or web server,” police said, adding that the Supreme Court did not share any data from the EC aside from the BPRS logs.

“As sufficient time was not available to analyse the aforementioned logs and because the Elections Commission did not provide technical information concerning the BPRS, this service’s forensic team was unable to conduct a technical analysis,” the press release stated.

The police statement concluded with an appeal to all state institutions to protect and securely maintain “online systems containing information related to Maldivian citizens” while offering assurances that police would provide any assistance requested to ensure protection of such systems.

The police statement follows remarks by EC Chair Fuwad Thowfeek on state broadcaster Television Maldives (TVM) on Saturday night claiming that the commission’s data was being “destroyed” after technical information and logs were submitted to the Supreme Court.

“Previously, access to the system was very restricted to very few people, not just anybody could access it. But now the system is open. Now we are seeing people accessing and changing our database. No one had the opportunity to access the system in the annulled first round of presidential elections. People are destroying our data,” Thowfeek had said.

“So we cannot give the kind of certainty they [political parties] want, NCIT [National Centre for Information Technology] cannot give that kind of assurance now either. Earlier, they said they could not notice any external access in the annulled first round of election. They have not said anything yet [about the revote]. But I am certain, I know that if they check now, they will find there are ways for people to access the database. Because we see changes that should not take place happening to our data.”

Securing the IT system

The NCIT meanwhile said in a press statement on Sunday (October 20) that the centre’s staff have been working with the EC to secure the commission’s database and IT system following the Supreme Court judgment annulling the September 7 election.

In point 16 of the guidelines imposed on the EC by the Supreme Court verdict on October 7, the EC was ordered to reform their IT system in accordance with the “professional opinion” of the NCIT and other relevant state institutions.

Following consultations with the EC on October 8, the NCIT recommended immediate measures concerning “the most sensitive problems”, which the EC promptly implemented, the press release stated.

As interruptions to the EC systems could occur during the process, NCIT officials were allowed to establish a mechanism ensuring security on October 18 after the voter registry was printed – one day before the re-scheduled vote was due to take place.

The NCIT did note, however, that as the mechanism was set up on October 18, the centre was unable ensure external parties did not access the EC server and database before that date.

The NICT press release stressed that it had not sought any usernames or passwords required to access the EC systems and database during the process of securing the servers, adding that this information was not required to implement the recommended security measures.

“Therefore, if anyone apart from those authorised by Elections [Commission] accessed the system and database, it has to be further investigated,” the NCIT stated.

Following Thowfeek’s remarks on TVM, the press release stated, the NCIT had asked the EC to share relevant information concerning the alleged security breach, but was yet to receive a response.


The police press statement meanwhile revealed that on August 14 it was alerted to information from the Department of National Registration’s (DNR’s) ID card database, along with the names of registered political party members, being published on a website (

Police discovered that the information was taken from an EC web server ( as the server’s home page was hacked, the press release explained.

However, when the security breach was brought to the attention of the EC, police said that the commission allegedly denied the incident took place and refused to provide cooperation to the police investigation.

The site was blocked by the Communication Authority of Maldives (CAM) on August 20 upon request by the police, after which it was taken down with foreign assistance, police revealed.

Moreover, police found out that an automatic virus was downloaded to computers of persons visiting the page on the EC’s website that detailed the number of registered members of political parties.

Following the discovery, police met with EC Chair Thowfeek and other officials on August 19 to discuss the security issues and to share the findings.

“At the meeting, the commission’s technical staff said the Elections Commission’s web servers were constantly attacked and that they were blocking the IP addresses of the attackers,” police said.

While the EC was requested to provide the noted IP addresses, the police statement said that the information has yet to be sent.

Speaking at a press conference last night (October 21), Thowfeek said that NCIT officials were working ceaselessly with the EC IT staff but had not yet completed a full report on the security issues.

The NCIT has offered assurances that the EC servers and database would be secured before preparations were underway for the presidential election scheduled for November 9, Thowfeek said.

“We are proceeding with the assurance of the technical staff,” he said.


Indian hackers take down MACL website as lenders, Malaysian government seek to resolve GMR crisis

Indian hackers have taken over the website of the Maldives Airports Company Limited (MACL), the government company that has ordered the GMR-Malaysia Airports Holdings Berhad (MAHB) consortium to hand over the airport by the end of next week.

The hackers, calling themselves the “Indishell Defacers Team”, replaced the MACL homepage with a black background and a pair of eyes Thursday (November 29) evening, demanding that the Maldives “stop defaming Indian Reputed Companies & learn how to run a website and secure it first.”

“If you don’t know how to secure a website, can you run an Airport securely, MACL?” the hackers added, along with a promise to “do anything for India”.

As of Saturday afternoon, the MACL website remained suspended. MACL CEO Mohamed Ibrahim declined to comment, stating only that he was in a meeting and that the company would “issue media statements from time to time”.

Following the government’s announcement last week that its contract with GMR was void and it would therefore be issuing a seven day ultimatum for the investor to leave the country, MACL claimed that local employees who applied for jobs with the state operator would “have their present basic salary, allowances and other benefits, and training and development opportunities maintained under MACL management.”

The same day, the Immigration Department announced that it would cease renewing the work permits of GMR’s 140 foreign employees, while the Civil Aviation Authority (CAA) sent GMR a letter stating that the operator’s aerodrome certificate – the regulatory authority to operate an airport – would be withdrawn at 11:59pm on December 7.

MACL has also filed a complaint with the Maldives Police Service, alleging that the contract was given to GMR in 2010 “unlawfully”.

GMR has meanwhile stated that it has no intention of leaving without exhausting the legal process and seeking due compensation – the company has stated that it has already invested between US$220-240 million of funds set out for the US$511 million airport development project.

Arbitration proceedings over the contentious airport development charge were already ongoing in Singaporean courts prior to the government’s declaration that the contract was void.

GMR is currently seeking an injunction against its eviction in the Singapore courts, with the next hearing reportedly set for Monday.

Malaysian visit

Meanwhile, Malaysian Foreign Minister Anifah Aman and MAHB Managing Director Basir Ahmed visited the Maldives on Friday to try and resolve the situation.

Aman told local media at the airport that his discussion with Maldivian Foreign Minister Dr Abdul Samad Abdulla was “fruitful”.

“As we are two friendly nations, there is no reason why this matter cannot be resolved,” Aman was reported as stating by Haveeru.

The reaction from the Indian government and industry groups has been substantially less prosaic.

The Associated Chambers of Commerce and Industry of India (ASSOCHAM), expressed “serious concern over the unilateral decision of the Maldives government” and the “violation” of the country’s concession agreement with GMR.

The chamber of commerce group urged the Indian government “to take immediate steps as may be necessary to protect the interests of GMR, its people working in Male’ as well as the Indian banks against such irrational moves.”

Lenders to GMR, including the lead underwriter Axis Bank, Indian Overseas Bank and the Indian Bank have meanwhile written to the Maldives government demanding that their interests be protected. US$368 of the US$511 million project is a loan component, most of it financed by Indian companies.

The Indian government is meanwhile reported to be reconsidering its bilateral aid assistance to the Maldives.

A succession of Indian loans have been crucial to the Maldives’ ability to pay its operating costs, including civil servant salaries.

Days prior to the government’s decision to void the GMR agreement, India had requested repayment of US$100 million in treasury bonds by February 2013.

A further US$25 million state loan from India was found to have been delayed after the Maldivian government failed to submit the requested paperwork, according to an Indian diplomatic source.

Overall Indian aid to the Maldives has totalled MVR 5 billion (US$324 million) over the last three years, according to official statistics from the Indian High Commission released in May.

In additional to credit facilities, purchase of bonds and provision of equipment and financial assistance, India provided the government substantial aid to hold the SAARC Summit in Addu Atoll last year.

In the last three years, India funded the construction of the Faculty of Tourism and Hospitality, provided US$4.5 million for the development of Indira Gandhi Memorial Hospital (IGMH), US$25 million for a police academy, US$9 million for police vehicles, US$1.5 million for a coastal management centre, US$1 million for the purchase of pharmaceuticals and sports equipment, US$5.3 million for the Institute of Information Technology, and most recently, the construction of a military hospital for the Maldives National Defence Force (MNDF).

Credit facilities of US$40 million were provided for the construction of 500 housing units, while the State Bank of India (SBI) had spent US$100 million of treasury bonds (with a further US$100 as standby credit). India also provided US$28 million for the development of human resources in the Maldives.

Moreover, a substantial amount of private lending to the resort industry development takes place through Indian banking institutions active in the country, most notably SBI, and a significant quantity of food to the import-dependent Maldives (including basics provisions such as eggs) is supplied through trade concessions with India.

India has also provided extensive military support to the Maldives, including supplying vehicles and a helicopter.

“An impact on ties is inevitable,” Indian newspaper The Hindu reported a senior Indian government source as stating, after last week’s decision by the Maldivian cabinet to evict GMR.

“For the time being, we have to consider how things stand and how to proceed,” an official source told the paper, “when asked whether India would continue assisting the Maldives in combating its financial difficulties, including paying salaries to civil servants and shoring up the surveillance and reconnaissance ability of its security forces.”

“Stability can come only after elections. All of them [political parties] are looking for some cause célèbre. GMR has unwittingly become a major political issue in the Maldives,” an official source told the paper.


Maldives websites report denial-of-service (DDoS) cyberattacks

Telecommunications firm Dhiraagu has confirmed that websites in the Maldives have been targeted in apparent Denial of Service (DDoS) cyberattacks, according to local media.

DDoS attacks involve malevolently flooding a web server with queries, locking up bandwidth and preventing legitimate users from accessing a site.

New outlets Sun Online and Haveeru reported accessibility problems, particularly from abroad, according to reports this morning.

Speaking to Haveeru, Dhiraagu’s Marketing, Communications and Public Relations Manager Mohamed Mirshan claimed the attacks were targeted at the newspaper, and not Dhiraagu infrastructure.

“DDoS is very common all around the world. We have taken the same measures taken internationally. DDoS cannot be controlled by anyone other than its originators. The only thing we can do is mitigate the attacks. Dhiraagu has also taken all necessary measures taken against it worldwide,” Mirshan told Haveeru.

Meanwhile, an anonymous email was sent to police and several media outlets, including Sun and Haveeru, from a group claiming to take responsibility for recent attacks on Dhiraagu’s web servers.

“For years our main Internet Service Provider and Communication Provider “Dhiraagu” has been taking our money from us. No government of the Maldives helped us solve this problem. No politician gives a damn about improving the Information Technology and its awareness in Maldives,” the email read, promising escalating cyber attacks “with inside help from Dhiraagu employees”, on targets including government email servers and the provider’s ADSL service.

Dhiraagu’s media division referred Minivan News to Mirshan, who was not responding to Minivan News at time of press.

Police Spokesperson Sub-Inspector Hassan Haneef said police had not received reports of such an incident.

“We have a financial unit that currently investigates such cases, but we are in the process of trying to establish a cybercrime unit that should be operating in 2-3 months,” Haneef said.

Following attacks that affected the company’s web services in January 2011, Mirshan told Minivan News that the company had been receiving such attacks since August 2009, which he claimed were “very organised.”

“We have been working with our counterparts both in the country and overseas around the clock in order to try and minimise the impacts of the attack on our services,” Mirshan said at the time.