Minister of Technology Sen. Camillo Gonsalves holds a list of several websites hacked by “Moroccan Wolf”, including gov.vc. (IWN Photo)

The visit of Prime Minister Ralph Gonsalves to Morocco in March may have triggered interest in St. Vincent and the Grenadines that resulted in the hacking of the government website on May 3.

The hacking also occurred at a time when the website was vulnerable, the Ministry of Technology having relaxed some security protocols to allow several programmers to work on a new web portal that was expected to be launch on May 4.

Minister of Technology Sen. Camillo Gonsalves told the media on Friday that the visit and the timing of the hacking were two coincidences that he asked his ministry to explore after the hacking.

On May 3, the landing page of the www.gov.vc website was hacked and replaced by pro-Islamic State message. The hack was purportedly carried out by an individual or entity using the name “Moroccan Wolf”, who the Moroccan government has said is known to them.

Gonsalves apologised to the media on Friday for taking so long to make a statement, saying he wanted to ensure that he had the relevant information that it was verified by independent sources.

Related

He further told a press briefing that the manner in which the victim of a hacking reports on the development can be an invitation for hackers to take another crack at the website.

He described as “odd coincidences” the fact that the hacker called him or herself “Moroccan Wolf” and that PM Gonsalves had made a state visit to Morocco in March and that the Ministry of Technology was scheduled to launch a new website and web portal on May 4.

Related:

 

“And I wanted a report on the hacking itself but also some analysis on the timing involving the either the Moroccan connection or the website upgrade that was taking place.”

Gonsalves said the hacker only succeeded in disabling the homepage of the website.

“There was no contagion. They didn’t get into anybody’s email; they didn’t get into any other servers or any other technological areas. It was simply that they got to the homepage, they took it down and they put up their radical Islamist propaganda,” he told reporters and members of his staff.

Attacks from multiple countries

A screen capture of another part of the message appearing on the SVG Government's website Sunday evening.
A screen capture of another part of the message appearing on the SVG Government’s website Sunday evening.

He explained that while the hack became apparent on May 3, the attempt to break into the system began on April 24.

“And, in technological terms, they were trying what is called a brute force attack, where they bombard our server from multiple computers with attempts to break into our system.

The Internet protocol (IP) addresses or the location of the computers that were trying to break in were from a number of places including Morocco, countries in the European Union, and Iraq, and there were also attempts from some Asian countries.

“But technological experts have issued the caution that just because the IP addresses list those countries, … they can’t guarantee that that is actually the source of the attack, because there are ways in which you can disguise your IP address.”

He said there is hacking community of people who try to break into websites around the world and a lot of them do so for the credit of it, then go onto Internet fora and brag.

Gonsalves said that officials in the Ministry of Technology visited some of these website and found that the “Moroccan Wolf” entity had listed a number of other websites that they hacked on that day, including sites in the United States, and some in the Caribbean that have not discussed being hacked.

Gonsalves said this “lent credence to the belief that this was a hacker who was hacking around the world for the credit of it, more so than for the ideology of it; than anything of the sort”.

He said his ministry has spoken to the U.S. State Department “because the persons were clothing themselves in radical Islamist language and garb.

“The State Department is aware and they are doing their own information gathering,” he said.

Gonsalves, who is also Minister of Foreign Affairs, said that ministry has also had conversations with the government of Morocco.

“They indicated that the Moroccan Wolf individual or entity is known to them and that this is a hacker,” Gonsalves said, adding that he knows there has been some talk in the media the hacking was a local operation.

“The information that we have gathered indicates that it was a foreign hack of the website,” he said, but added that officials could not say where it was in fact an Islamic State operation.

Wide coverage of PM Gonsalves in Morocco

Gonsalves said that Moroccan government has also informed their Vincentian counterparts that PM Gonsalves’ press statement during his state visit to Morocco were given very wide coverage in the Moroccan media.

“So, his visit may have precipitated some interest in St. Vincent and the Grenadines and the hack obviously came very shortly after his visit there, which was heavily publicised in Morocco and that part of the world. I cannot say there is a causal relationship between those two things. But I am simply saying they occurred in reasonable proximity to one another,” he said.

The government of SVG is being assisted by experts from Taiwan who have analysed the log and identified “holes” in the security apparatus and are working to patch them and develop protocols for greater security of the website, Gonsalves said.

Lax security

Gonsalves said there is some significance with the timing of the scheduled launch of the new website and the hacking.

“Because we had a number of programmers working on the website from home, from in the office, after hours, and because of all the work being done to get the website ready, some security features were relaxed to allow persons to log in from their homes.

“Certain passwords were simplified, certain security procedures lapsed in the rush to get the website ready and up to speed and we believe that it is in that period when we were transitioning from the old to the new website there were certain lapses in our security procedures.

“… Some of the lapses were of the nature of human error, but they were geared to the rush to get the new website up and a mandate that they had to get it up by a certain deadline. And when you are doing that transition while someone is trying to hack, there were little gaps that they were able to penetrate,” he said.

Related:

Gonsalves noted that the Bahamas tourist board’s website was also hacked by an entity purporting to be sympathetic to radical Islamic causes.

That hack was more detailed, and the hacker(s) went through the site and changed images and text “and did a more comprehensive hack of the website,” he said.

‘Robust’ hardware, software needs upgrade

Speaking of hacks generally, Gonsalves said:

“It is something that is going to be a feature of modern commerce, modern information sharing, that there are people out there who are going to want to compromise our systems.

“The Taiwanese are of the view that our systems, from a hardware perspective, are fairly robust but we have some work to do on upgrading some of our software and upgrading some of our procedures, to ensure, for example, that if we are being bombarded from the 24th [of April] we should about it before the 3rd [of May], when the hack actually becomes successful.

“So they are making some recommendations, which we have agreed to adopt regarding our procedures and protocols, we are re-launching formally the portal in the near future…”

He assured persons who have interacted with the website that there information has not been compromised.

“None of your information is floating around anywhere out there. It was the web portal that was attacked and we are putting the procedures in place to — we can never guarantee that it will never happen again, but certainly, we are making our websites and servers more secure,” the technology minister said.