Cyber Incident Victim: Kabarak University

On or around May 7, 2023, Kabarak University experienced a significant cybersecurity incident involving the compromise of its official Facebook account. The account, which was verified and had approximately 46,000 followers and 36,000 likes, was seized by a group of cyber criminals. The attackers used the compromised account to disseminate malicious and misleading images and content. The university stated that this content contravened the institution’s established Christian values, though the specific nature of the posts was not detailed in public statements. This unauthorized activity represented a direct takeover of a primary social media channel used for communication with stakeholders and prospective students.

The attackers behind the incident issued a specific financial demand for the return of the Facebook account. They demanded a payment of Ksh68,250, which is equivalent to 500 US dollars, to surrender control back to the university. Following this initial demand, the hackers subsequently posted another message on the account daring the institution to reclaim it. This post included a taunt, identifying the perpetrator as a student from an IT-based high school in Jakarta, Indonesia. The claim of the attacker's origin was presented as a direct quote from the post made on the compromised page.

In its initial response to the breach, Kabarak University issued a notice indicating it had decided to surrender the compromised Facebook account to the hackers. The institution announced it had been ordered to create a new page to re-establish its official presence on the platform. This notice also stated that the case had been forwarded to concerned authorities for action. As an immediate internal consequence, the university announced the suspension of its ICT Manager pending further notice. This administrative action was taken in direct response to the security incident.

The university then released a more formal statement from its Vice Chancellor, Professor Henry Kiplangat, addressed to all stakeholders and the general public. This statement assured them that all necessary measures were being taken to regain control of the hijacked page and to prevent any further unauthorized access. The university explicitly urged its followers and prospective students to disregard any information posted by the criminals on the compromised account. It directed them to contact the institution directly through its official website or other verified channels for accurate information.

A key component of the university's public response was to completely distance the institution from the content posted by the attackers. The Vice Chancellor's statement emphasized that any information or advertisements posted on the Facebook page by the cyber criminals did not represent Kabarak University and that the institution dissociated itself from them entirely. The university acknowledged that the situation had caused significant disruption to its online presence and apologized for any inconvenience caused. It expressed appreciation for the patience and understanding of its community as it worked to resolve the issue.

In the wake of the incident, the institution heightened its cybersecurity protocols. This action was described as a direct response to the breach that resulted in the suspension of the IT manager. The public statements did not elaborate on the specific technical or procedural security enhancements that were implemented, but the action signifies the university's recognition of the need to bolster its defenses against future cyber threats. The compromise of a major social media account highlighted a vulnerability in the university's external digital communications infrastructure.

The impact of the incident was primarily reputational and operational. The loss of control over a verified social media account with tens of thousands of followers disrupted the university's primary method of engaging with its audience online. The dissemination of malicious content from an official source posed a risk of misleading followers and damaging the institution's public image, particularly as the content was stated to be in conflict with its core values. The need to create a new Facebook page from scratch also meant starting over with building a follower base, as the legacy and verification of the original account were lost.

The response involved multiple layers, including technical, administrative, and public relations efforts. Technically, the approach shifted from attempting to recover the original account to abandoning it and building a new one. Administratively, the suspension of the ICT manager indicated an internal review of accountability and responsibilities related to digital security. From a public relations perspective, the university engaged in proactive communication to manage its reputation, assure stakeholders, and redirect its audience to new, secure official channels. The involvement of external authorities was also confirmed, though the specific agencies contacted were not named in the available reports. The incident serves as an example of a cyber attack targeting the digital communications of an educational institution for financial gain and disruption, resulting in significant but non-critical operational impact.