Hackers leak stolen Kenyan Foreign Ministry Documents

Reuters | BY GEORGE OBULUTSA

HackRead, a cyber security news site, reported that a hacker affiliated with “Operation Africa” had told it: “In (a) few days you will receive full disclosure of the data – We the Anonymous will stand against corruption, child abuse, and child labour!”

A link to a sample of 95 documents was published to a widely known Anonymous Twitter account, part of what it claimed was a one-terabyte stash of date from Kenya’s Ministry of Foreign Affairs and International Trade. The sample documents cannot be read using standard Web browsers but can be viewed using TOR.

The documents, viewed by Reuters, appear to consist of mostly routine correspondence between Kenyan foreign ministry officials and other diplomatic missions, trade partners and international companies around the world.

A news release in January by activists described Operation Africa as an effort to mount computer attacks on governments in Rwanda, Uganda, South Africa, Zimbabwe, Tanzania, Sudan and South Sudan and Ethiopia. The Kenyan government was not on the initial list.

The Kenyan ministry documents leaked on Thursday included email discussions of security preparations for diplomatic trips, trade deals and a status report on the conflict between Sudan and South Sudan, dated from the middle of this month.

One document, from last August, contains a warning to ministry staff of hacking attempts using phishing techniques containing links to malware.

A spokesman for the ministry declined to comment on the alleged breach and referred Reuters to Kenya’s Ministry of Information and Communications Technology (ICT).

“NOTHING TOP SECRET”

The ICT Cabinet Secretary Joseph Mucheru told Reuters the attack was a phishing attack, as opposed to a hacking attack on the foreign affairs ministry’s computer systems, and that no classified material had been accessed.

“What they did is they managed to send emails to people, and people clicked the links to change their credentials, and as a result they were able to access emails,” he told Reuters by phone. “Our systems have remained safe and stable.”

“What we have been able to identify is mostly on security clearance ‘Open’ as opposed to ‘Restricted’ or ‘Top Secret’.”

Mucheru said they were working to alert government employees on how to avoid being tricked by phishers and hackers.

In January, Operation Africa hackers said they were seeking the dismantling of corporations and governments in Africa they blamed for corruption, child abuse, environmental problems and Internet censorship.

In February, hackers using the Operation Africa banner said they had breached a South African government database and leaked names, email addresses and passwords of some 1,500 government employees, security site Softpedia reported.

Hackers also claimed credit that month for attacking the Ugandan Finance Ministry and a firm supplying video services to the Rwandan government, Softpedia reported. In February and March they claimed to have stolen data from employees of Tanzania Telecommunications and defaced the website of a Kenyan oil refinery, according to HackRead.

In a separate incident, Qatar National Bank, the largest lender in the Middle East and Africa, said this week it was probing an alleged breach of bank records that exposed the names and passwords of clients.

(Writing and additional reporting by Eric Auchard in Frankfurt; editing by Andrew Roche)