Part of the message that greeted visitors to the official website of the Government of SVG Sunday evening.

The Government of St. Vincent and the Grenadines failed to take simple steps that could have prevented the hacking of its website by “Islamic State” on Sunday, a computer expert has told I-Witness News.

The expert said that with the hacking of the website, “all government mail at this time has been compromised” and sensitive information may have fallen into the hands of persons or entities who might not have the country’s best interest at heart.

Related: 

“The occurrence on May 3, 2015 that resulted in the hijacking of the top level domain ‘gov.vc’ was as simple in its occurrence as could have been its prevention,” the expert told I-Witness News after conducting some investigations into the development.

“If even basic security protocols for handling a website and its relevant domain and I.P. (Internet Protocol) addresses were in place, there would not have been a takeover of what is arguably the most important tool a government has at its disposal for disseminating information to a large audience both at home and abroad in an age of ICT,” the expert said.

Visitors to the website were greeted by a message saying “Hacked By  Moroccanwolf – Islamic State” and a photo of man firing a high calibre machine gun from the back of a pick-up truck.

The website later went offline, supposedly after the government began to take steps to regain control.

While the website was accessible and hacked, the landing page also including a message, purportedly from the Islamist rebel group that claims religious, political and military authority over all Muslims worldwide.

The computer expert told I-Witness News that the original, takeover as reported, was “a simple hijack of the name servers that rerouted all request going to the targeted site to an ISIS controlled server that contained the image that was displayed to the world.

“Secondary to this was a denial of service attack after the attempt was made to retake control of the domain that resulted in all attempts to connect to said site timing out.

“As of writing this at 9:41PM EST this was still in place but using other means of access the pertinent records such as CNAME, TXT and A were all back pointing to the Government of St. Vincent and the Grenadines end points, however the MX records which control all electronic mail and its routing where pointed to alternate destinations, which in layman’s terms mean that all government mail at this time has been compromised,” the expert said in the written statement.

“Even more frightening though is the fact that the main TLD ‘GOV.VC’ serves as a gateway into all other aspects of the government’s online presence for example ‘customs.gov.vc’, ‘education.gov.vc’, etc. So something that should not have happened in the first place being a takeover of one aspect of the government’s online portal has succeeded in taking offline the entire government of St. Vincent due to no fail safes in design,” the expert told I-Witness News.

“Also though they may seek to deny it, the Gov.vc portal serves as an information linkage between all government agencies and ministries which use the system, which means that an ingress at any one point compromises the entire system and allows one to go through all governments’ electronic data at their leisure. So any classified, sensitive or otherwise not meant for public or not cleared for dissemination is now out in the open for persons who may not have the best interest of S.V.G. at heart. For example, giving away government’s position on a topic before entering negotiations, etc., and one has to consider now how many times has this been done in the past by persons who may not necessarily want to make a public statement,” the expert said.

The expert told I-Witness News that even the government’s Local Area Network (LAN) is “the product of a bygone era and susceptible to hijack that even a child with even the most basic understanding of programming languages can breach the system.

“Said system is run on a DOS based program that was last updated in November of 1990…

“Wrap your head around the fact that the system that sends data between government departments was last updated before the advent of Windows NT and before the date of birth of most Community College aged students in SVG,” the expert said.

“A simple preventative measure that could have prevented all of this was an active firewall aka the thing that is turned on by default on all computers. However this is a government and way more protection should have been in order and there are a myriad of free to use services that could have done this…,” said the expert, who also supplied supporting documentation “in the eventuality they say websites aren’t linked or have access to offline resources”.

In addition to attacking government website around the world, Islamic State has hacked into the website of airports, media entities.

In February, Hacking group Anonymous said it has taken down more than 1,000 Islamic State websites in just three days.

Through its Operation ISIS — #OpISIS — Anonymous has been targeting the terrorist group’s online presence.

5 replies on “Hacking of St. Vincent gov’t website by ‘Islamic State’ was easy to prevent — computer expert”

  1. TeacherFang says:

    AHHH BULL$#IT…INSIDE JOB, some disgruntled Government worker decided to have some fun at the Government expense.

    ….

  2. C. ben-David says:

    Don’t forget that this is the same incompetent and accident-prone government which claims that its employees can run the Argyle International Airport on their own without outside assistance.

    What is really running little SVG is a mauby shop style government.

  3. Well, if this is correct, the government, current and previous, should be ashamed of themselves. Raises many questions though – Does the government of the people believe that SVG is too unimportant in the greater scheme of things for hackers to pay attention to? Did they think it more important to spend money on pet projects than to provide some security? Or perhaps they are just too ignorant, or at best not informed? What has their IT professionals been doing? Too many questions! Hope someone has answers.

  4. I believe its worse than that, I was told last night on the telephone that this was self inflicted so as they can run to the courts to get court orders to be able raid the internet providers to search for the intruders trail, but that is a ruse to enable them to really fish for the internet crazies.

    There is no ISIS in Morocco, there is no group or person known as the Moroccan Wolf. Morocco destroyed all ISIS cells during 2014/15. Remember Morocco was the place where the PM visited last month with a huge enterage of his family dynasty and Argyle airport people and our UN rep, and came back with nothing.

    We must ask him if he got the recipe for sheeps eyes, date and cous-cous salad that was served at the Kings banquet?

    Although having said that, Morroco recently withdrew from the US coalition against ISIS. I am not sure if that had anything to do with Gonsalves?

  5. It’s very hard for me to believe this. I don’t think for a second this website had been hacked. Who is responsible for running the government network system should be held accountable be investigated. It doesn’t add up to me

Comments are closed.