In Africa, increased access to the internet has led to a rise in the number of websites being developed for businesses, NGOs, government departments and the like.
However there has been a corresponding rise in the rate of Cyber-crime in Africa. Instead of defacing physical properties, African cyber criminals have taken to defacing the websites of businesses and government establishments.
The term “website defacement” refers to any unauthorized changes made to the appearance of either a single webpage, or an entire site. In some cases, a website is completely taken down and replaced by another.
In other instances, a hacker may inject code in order to add images, popups or text to a web page. Other forms of website defacement may include the insertion of malicious code in a bid to infect the computers of visitors, thus making them vulnerable to viral attacks.
Website defacement in Nigeria
In 2012 the Centrex team produced a comprehensive two-year report on Web Server defacements In Nigeria. What makes the Centrex lab archive unique is that the data is gathered from the hackers/defacers themselves and every defaced website is confirmed and mirrored.
Between 2010 – 2012 a total of 23 official government websites (.gov.ng) were defaced, out of a total of 60 website defacements recorded during the period.
In 2013 Centrex conducted similar research on Nigerian government websites and it was revealed that:
* 48 Nigerian government (.gov.ng) websites was defaced, an alarming 109% increase when compared to the previous year.
* Nigeria’s Official Website – (www.nigeria.gov.ng.) was defaced on 7th of July 2013 by an Irish Hacker, Paddyhack for reasons associated with his bitterness over:
- The killing of at least 42 pupils of Government Secondary School Mamudo, Yobe state by the Boko Haram Group
- Ill-treatment of homosexuals in Nigeria.
Other prominent Nigerian government establishments that had their websites defaced in 2013 include:
* Federal Ministry of Health
* National Agency for the Control of Aids (NACA)
* The Nigerian Prisons Service
* The Nigerian College of Aviation Technology, Zaria.
* The Nigerian Copy Rights Commission
* Cross River Ministry of Justice (www.crslegal.gov.ng)
As the number of websites in Nigeria is rapidly increasing so is the attack against them. Contrary to popular perception, Windows/IIS websites is most frequent hacked more often than Linux/Apache websites. Given the fact that Windows/IIS and Linux/Apache market value is comparable in recent years, the comparison is a valid one. The following image was compiled from 2013 web defacement audit.
“As it turns out, this has little to do with the fact that Microsoft IIS 6.0 has far less vulnerability than Apache 2.0. When we look deeper at the “Attack Method” data, it turns out that the OS and Web Server platform you run has little to do with how secure you are. What does seem to matter in the world is how well you administrate the website and how carefully you write your web applications. By looking at the trend in the last two years, it would seem that website administrators may have finally wised up to certain attacks. The bad news is that password stealing or sniffing has been the most likely attack vector,” said Nsikak Nelson, The Chief Cyber Security Expert / co-founder of Centrex Lab.
He further stated that, Web hacking is just the tip of the iceberg the recent spate of website defacements only serves as a reminder to on-going questions about the general state of network security in Africa. More sophisticated attacks are coming in the future.
The motivation behind most of the government websites defaced in African Countries in focus are mostly to protest an action or message by the government, promote their own cause, and religious sentiments.
The other hackers defaced these websites as a means to mock site owners and/or security personnel for the weaknesses within their server(s) and to leave their mark on the website.
But regardless of whatever their reasons might be, the Centrex Ethical Lab Team is urging governments of African countries to intensify efforts in protecting their cyberspace. Governments of these countries in focus should view this research report as their scorecard and a call to develop a more robust and effective cyber security strategy that can counter the evolving cyber threats facing our world today.