The Government of St. Vincent and the Grenadines failed to take simple steps that could have prevented the hacking of its website by “Islamic State” on Sunday, a computer expert has told I-Witness News.
The expert said that with the hacking of the website, “all government mail at this time has been compromised” and sensitive information may have fallen into the hands of persons or entities who might not have the country’s best interest at heart.
“The occurrence on May 3, 2015 that resulted in the hijacking of the top level domain ‘gov.vc’ was as simple in its occurrence as could have been its prevention,” the expert told I-Witness News after conducting some investigations into the development.
“If even basic security protocols for handling a website and its relevant domain and I.P. (Internet Protocol) addresses were in place, there would not have been a takeover of what is arguably the most important tool a government has at its disposal for disseminating information to a large audience both at home and abroad in an age of ICT,” the expert said.
Visitors to the website were greeted by a message saying “Hacked By Moroccanwolf – Islamic State” and a photo of man firing a high calibre machine gun from the back of a pick-up truck.
The website later went offline, supposedly after the government began to take steps to regain control.
While the website was accessible and hacked, the landing page also including a message, purportedly from the Islamist rebel group that claims religious, political and military authority over all Muslims worldwide.
The computer expert told I-Witness News that the original, takeover as reported, was “a simple hijack of the name servers that rerouted all request going to the targeted site to an ISIS controlled server that contained the image that was displayed to the world.
“Secondary to this was a denial of service attack after the attempt was made to retake control of the domain that resulted in all attempts to connect to said site timing out.
“As of writing this at 9:41PM EST this was still in place but using other means of access the pertinent records such as CNAME, TXT and A were all back pointing to the Government of St. Vincent and the Grenadines end points, however the MX records which control all electronic mail and its routing where pointed to alternate destinations, which in layman’s terms mean that all government mail at this time has been compromised,” the expert said in the written statement.
“Even more frightening though is the fact that the main TLD ‘GOV.VC’ serves as a gateway into all other aspects of the government’s online presence for example ‘customs.gov.vc’, ‘education.gov.vc’, etc. So something that should not have happened in the first place being a takeover of one aspect of the government’s online portal has succeeded in taking offline the entire government of St. Vincent due to no fail safes in design,” the expert told I-Witness News.
“Also though they may seek to deny it, the Gov.vc portal serves as an information linkage between all government agencies and ministries which use the system, which means that an ingress at any one point compromises the entire system and allows one to go through all governments’ electronic data at their leisure. So any classified, sensitive or otherwise not meant for public or not cleared for dissemination is now out in the open for persons who may not have the best interest of S.V.G. at heart. For example, giving away government’s position on a topic before entering negotiations, etc., and one has to consider now how many times has this been done in the past by persons who may not necessarily want to make a public statement,” the expert said.
The expert told I-Witness News that even the government’s Local Area Network (LAN) is “the product of a bygone era and susceptible to hijack that even a child with even the most basic understanding of programming languages can breach the system.
“Said system is run on a DOS based program that was last updated in November of 1990…
“Wrap your head around the fact that the system that sends data between government departments was last updated before the advent of Windows NT and before the date of birth of most Community College aged students in SVG,” the expert said.
“A simple preventative measure that could have prevented all of this was an active firewall aka the thing that is turned on by default on all computers. However this is a government and way more protection should have been in order and there are a myriad of free to use services that could have done this…,” said the expert, who also supplied supporting documentation “in the eventuality they say websites aren’t linked or have access to offline resources”.
In addition to attacking government website around the world, Islamic State has hacked into the website of airports, media entities.
In February, Hacking group Anonymous said it has taken down more than 1,000 Islamic State websites in just three days.
Through its Operation ISIS — #OpISIS — Anonymous has been targeting the terrorist group’s online presence.