Over the past few days, we have learnt that more than a hundred Zambia websites, some of them belonging to the government and prominent companies, were hacked and defaced in the past 2 months. The defacement messages on the hacked websites don’t show any deliberate targeting by the hackers, but more random attacks on unsecured sites or servers. The hackers are identifying themselves as being from Saudi Arabia and Syria.
Some of the websites, especially those of prominent companies have already been restored while some are just defaulting to the web hosts “under construction” page. Of the hundreds, here’s a few prominent websites we could identify:
- Spar: www.spar.co.zm (hosted by iConnect)
- Postdotnet: www.postdotnet.co.zm (hosted by iConnect)
- Vodacom Business: www.vodacombusiness.zm (hosted by iConnect)
- ZCAS: www.zcas.ac.zm (hosted by iConnect)
- MISA Zambia: www.misazambia.org.zm (hosted by iConnect)
- Tangy Drinks: www.tangydrinks.co.zm (hosted by iConnect)
- iSchool: www.ischool.zm (hosted by iConnect)
- SEC: www.seczambia.org.zm (hosted by Zamnet)
- Ministry of Health: www.moh.gov.zm (hosted by Zamnet)
- Home Affairs : www.homeaffairs.gov.zm (hosted by Zamnet)
- Ministry of Finance: www.mofnp.gov.zm (hosted by Zamnet)
- National Pension Scheme Authority : www.napsa.co.zm (hosted by Zamnet)
- Zambia department of immigration: www.zambiaimmigration.gov.zm (hosted by iConnect)
It is not clear exactly if the hacking was a result of poor security implementation by the owners of the websites or by the ISPs hosting them. In our analysis, the conclusion was that specific websites sitting on specific servers. In the case of Zamnet, a server called buffallo.zamnet.com and the server on the IP Address 18.104.22.168 in the case of iConnect.
Of the ones we checked, the websites were either built using the Joomla or Drupal content management systems, but we can’t rule that other CMSs as well, like WordPress may have been used by some sites.
We tried to get some of this information from iConnect but they had not responded to our questions by the time we published.