April 23, 2017

What caused the Afghan government cyber-attack?

By Khaama Press - Sat Dec 27 2014, 10:44 am

cyber attack on Afghan govt sites

Author: Said Marjan Zazai

While the motive of the recent cyber-attack on Afghan government websites is still not known, the incident has certainly put the Ministry of Communications and Information Technology (MCIT) on the spot and the administration and management of the IT programs and projects are under scrutiny.

A number of Afghan government websites were compromised on December 19, where a JavaScript file was modified on the Content Delivery Network (CDN), allowing malicious java applet to run on the webserver affecting the visitors of the websites. The affected government agencies included Afghan Embassy in Australia, Herat Province Government, Office of Administrative Affairs and Council of Ministers, Ministry of Foreign Affairs, Ministry of Commerce and Industries, Ministry of Education, Ministry of Finance, Ministry of Justice, and Ministry of Women’s Affairs. MCIT officials released a press release three days after the incident, and a day after the US cyber security company ThreatConnect, hadreleased news about the incident. ThreatConnect provided details and evidence on the attack, it went further to link the attack with the government of China. . The company also related the attack explicitly with China’s Prime Minister Li Keqiang, who wasmeeting with Afghan Chief Executive Officer Abdullah Abdullah during that time.  The linking and blaming by ThreatConnect indicates the company’s aggressive and political position in this incidence. Afghan technology civil societies also raised questions on why the US company performed penetration testing on Afghan National Data Center.

Although this attack did not pose significant implications to the infrastructure nor a severe data leakage has been reported, however it did draw attention of many civil societies and IT technologists of the country, to the hardware and software infrastructure in the country, the administration of the ministry, the technical capacity of the engineers and as wellthe policies and strategies set by the government for the development and adoption of Information Technology.

Shortly after the incident, MCIT officials tried to detract citizens’ attention from the severity of the incident by stating that maintaining 100% security wasnot possible anywhere. Among other concerns that the officials showed, two important issues were raisedin order to mitigate the problem in the future. The first ‘solution’ includedan improved compensation system for the IT staff in the ministry and the second was the possibility of outsourcing their programs to a company outside of the ministry or possibly outside of the country. As an expert in the field, these are red flags in the priorities set by our officials in tackling the incident. It was expected by the officials to take responsibility for their failure and work towards a more realistic operational plan in providing strong cyber protection to the citizens and their data. The request for further financial support to IT projects might be truthful but it is not timely, given that no immediate solutions have been provided to the issue.

Information security practices in an organization requires global standards set by a number of global organizations, such as ISO 27001 & 27002, which ensures that the organization has the processes in place to secure its data. Unfortunately the MCIT does not hold this standard but these practices are within the human skills and budget available to them. The practice of ensuring multiple layered server signing in feature, the practice of providing instructions and guidelines in protecting server access passwords and other authentication methods are within their capacity but perhaps not their priority. And the question of outsourcing the national data center service is again not timely and most certainly the priorities have been confused. It would have been less costly and more realistic if the government data center was outsourced when we didn’t have the infrastructure establish and then slowly bring the technologies in to the country and work towards developing the human capacity of the ministry.

The implications of this incident might not be big but it has taken our attention to the capacity of the administration and the processes established in the organization. The administration should set their short term and long term goals to address the issue. Implementing long term strategies of outsourcing or increasing compensation is not going to provide a workaround or a quick fix to the current vulnerable networks. Afghan university graduates and self-learned IT technologists have the capacity to provide the technological solutions to such incidents. MCIT administration need to develop a strategy to work together with the students in order to develop their skills and also work towards providing equal recruitment opportunity to its citizens.

Follow Khaama Press (KP) | Afghan News Agency on Twitter, become a fan on Facebook. Stay updated via RSS


Comments -49 - 0 of 3First« PrevNext »Last
  1. Very well written article. I hope we have some eligible people in these positions so that our nation’s sensitive data could be protected. We need to have a culture of promoting the talent rather than nepotism.

  2. Its a disaster to the government. I do believe that Tens of top confidential data which was achieved during last 14 years were all in the Gov. Websites which most probably have been hacked and stolen. Biography, memorable photos,name of the created projects for fraud ( with no achievement), their female secretaries profiles……etc are all in the top confidential data categories.

  3. Thank you for such a good article. This should not be taken lightly.. I believe a lot of sensitive data is compromised. The ministry of education’s EMIS system, for example, is also hosted on a server in there and it contains sensitive data which is normally available for certain people for decision making. I was responsible for developing one of its modules. 

    Being the National Data Center, I believe the e-tazkira database is also going to be placed there and imagine if that gets compromised?

    For God sake it’s the ANDC, please use all your resources and secure it. Don’t take this lightly.

Comments -49 - 0 of 3First« PrevNext »Last

Leave a Reply