Cyber Incident Victim: Kenya

On or around June 28, 2023, the Kenyan government's eCitizen online services portal began experiencing significant technical difficulties and became unavailable to the public. For a period of at least four days, a majority of Kenyans attempting to use the portal encountered errors upon trying to log in to the website, preventing access to thousands of government services. The Information, Communication and Technology (ICT) Cabinet Secretary, Eliud Owalo, subsequently confirmed the cause of this widespread outage was a cyber-attack. During an interview on Spice FM, the minister admitted that the government's online services had been affected by this incident. The hacking group identifying itself as Anonymous Sudan publicly claimed responsibility for the attack. The group stated its actions were targeted against Kenyan government digital services.

The attackers employed techniques aimed at disrupting the normal operation of the eCitizen platform. According to Cabinet Secretary Owalo, the initial phase of the attack involved making the system work at a significantly slower rate, a common symptom of a denial-of-service style attack. This jamming of the system was achieved by directing a volume of traffic into it that far exceeded ordinary levels, overwhelming its capacity and degrading performance for legitimate users. The group Anonymous Sudan corroborated this on their Telegram channel, boasting about their actions and the effectiveness of their attack. They specifically mentioned that Kenyan officials were frequently changing their protection services, first switching to Cloudflare and then to Radware, in an attempt to mitigate the ongoing attack. Despite these defensive measures, the group claimed to have successfully downed the site for three days and counting at the time of their statement.

The impact of this sustained attack was severe and directly felt by the Kenyan public. The inability to access the eCitizen portal meant a halt to a vast array of essential services. Citizens were unable to process or access government-related transactions, applications, and information that are central to daily life and business operations in Kenya. The widespread nature of the disruption led to a significant volume of complaints from users across various social media platforms, highlighting the frustration and inconvenience caused by the extended outage. The incident underscored the critical reliance of the nation on its digital infrastructure and the severe consequences when such systems are compromised.

In response to the incident, the Kenyan government, through its ICT ministry, initiated containment and recovery measures. Technical teams worked around the clock to resolve the problem and secure the platform. The defensive actions included engaging and switching between different third-party protection services specializing in mitigating cyber attacks, as acknowledged by the attackers themselves. Cabinet Secretary Owalo publicly addressed the situation, aiming to manage public concern and provide assurance. He insisted that no data was lost during the attack and that no data had been accessed by the threat actors. He repeatedly assured Kenyan citizens that their personal data remained secure and that there was no cause for alarm or panic.

The government's response was not limited to immediate remedial measures to restore service. Cabinet Secretary Owalo stated that the administration was also implementing longer-term strategies to prevent future occurrences. He acknowledged that such cyber-attacks are a prevalent global problem in the current technological era and are not a strange occurrence. A key part of the stated strategy was the enhancement of the government's capacity to address cyber insecurity through the development of an elaborate risk mitigation framework. He cited the recent operationalization of the Office of the Data Commissioner as a preparatory measure the government had taken in anticipation of such events, positioning it as a component of their broader data protection and cybersecurity strategy.

The threat group Anonymous Sudan remained active throughout the incident, using their Telegram channel to issue taunts and threats. Their messages were characterized by inflammatory language and boasts about their ability to circumvent the defensive measures being deployed by the Kenyan government. They explicitly stated their intention to continue and escalate their attacks, warning that they were preparing something "very big" and that the next attack would be worse. Their stated motivation, as presented in their Telegram post, appeared to be a form of nationalist sentiment, expressing a desire for Kenyans to "know who the Sudanese are."

By the time of Cabinet Secretary Owalo's public statements, which were made on July 1, 2023, efforts to fully restore the system were ongoing. He expressed confidence that the eCitizen portal would be returned to normal operation before the end of that day. The incident served as a public demonstration of the vulnerabilities within critical national digital infrastructure and the evolving threat landscape faced by governments. The official statements focused on reassuring the public about data security while simultaneously acknowledging the need to continuously enhance the state's cybersecurity capabilities to mitigate against such pervasive threats. The event highlighted the challenges of maintaining service availability against determined threat actors engaged in disruptive attacks.