‘eCitizen portal was not hacked’ – CS Owalo clarifies cyber attack reports
ICT Cabinet Secretary Eliud Owalo has confirmed that key government services have been affected following cyber-attack attempts on the eCitizen portal.
In a statement on Thursday, July 27, the CS clarified that the attacks, also targeting the private sector, were unsuccessful and no data was compromised as alleged on a section of social media.
"Over the past one week, there have been unsuccessful cyber attacks attempts targeting both the Government and the Private sectors. The eCitizen Portal is among the targets of these unsuccessful attacks," Owalo confirmed.
According to the CS, the attack on the eCitizen platform entailed an unsuccessful attempt to overload the system through extraordinary requests, with the intention of clogging it.
He, however, assured that the platform's technical teams blocked the source IP address where the requests were emanating from, preventing a possible data breach.
"For clarity, both the privacy and security of data were not compromised. The system was not hacked," Owalo stated.
He assured that efforts are ongoing to stabilise the platform that offers over 5,000 government services from ministries, county governments and agencies.
"As a consequence of the attack efforts, Owalo said, the system has been experiencing intermittent interruptions affecting the normal speed in accessing services on the platform. These attempts have, however, been rebuffed by the security systems and applications in place. Shortly, we will revert to optimal utilization levels," he said.
"The relevant Government of Kenya agencies are on high alert and have enhanced the security of the eCitizen portal and all Government Services Sites. All Systems and Portals under the control of the Government of Kenya are safe."
"We want to assure Kenyans that the government has put in place remedial measures to address the current challenge plus a long-term risk mitigation framework to ensure sustainable data privacy and data security."
A group identifying as Anonymous Sudan has claimed responsibility for the attack.
The group said on social media that they were targeting more government digital services.
"Kenyan retards are changing protection every few hours, first to Cloudflare now they switched to Radware. How pathetic, they don't know nothing can stand in front of us and we will... accounts.ecitizen.go.ke no matter the protection they put. We downed their shitty site for 3 days and counting. We hope Kenyans now know who the Sudanese are, and the next will be worse, we are preparing something very big," the group posted on Telegram.
