ICT CS Kabogo downplays hacking of Gov't websites, says no data lost

Information, Communication and the Digital Economy Cabinet Secretary William Kabogo has assured the public that no government data was compromised during Monday’s apparent breach of several State websites.

Speaking in in Baku, Azerbaijan, where he is attending the World Telecommunications Development Conference under the International Telecommunication Union, Kabogo describing the incident as a “simple Zero-Day attack” that had only redirected domain names to hackers.

The CS said his ministry has since taken control of the situation and ensured return to normalcy of operations of most of the websites involved in the breach.

“It was just a simple Zero-Day attack, meaning it has happened for the first time, and it’s only the domain names that were directed to the hackers. So, really, we haven’t lost any data…we haven’t had any data compromise,” he said.

“We’re on top of stuff, most of the sites are up and running, so (there’s) nothing to worry about, these things do happen, but we’re on top of stuff as a ministry.”

A number of government portals, including those of key ministries, displayed defaced pages on Monday, sparking concern over the integrity of State systems at a time when Kenya is pushing for deeper digital adoption in public services.

Citizen Digital established that the affected ministries included: Ministry of Interior, Health, Education, Environment, Energy, Labour and Water.

One could only see encryptions that read: "Access denied by PCP", "We will rise again", "White power worldwide" and "14:88 Heil Hitler".

CS Kabogo’s assurance came hours after Internal Security and National Administration Principal Secretary Raymond Omollo also confirmed that restoration efforts were underway, warning that those behind the breach would “face the full force of the law.”

He noted that State agencies were collaborating to trace the source of the attack and seal vulnerabilities within the system.

"The situation has since been contained, and the systems are under continuous monitoring. Our focus is on building layered defences, improving readiness, and ensuring that any attempt is detected early, contained quickly, neutralized decisively, and its impact minimized," said PS Omollo on Monday evening.

The Interior PS further rebuked the hacking incident, saying it is in violation of Kenyan law and applicable international conventions, including the Computer Misuse and Cybercrimes Act, the Kenya Information and Communications Act, and the Data Protection Act. 

“Individuals found culpable will face the full force of the law,” PS Omollo warned.