Hacking into Govt. websites prompts amending Computer Crimes Act 2007
By Nadia Fazlulhaq
Information Technology Minister Ranjith Siyambalapitiya said discussions will be held with the Defence Ministry to amend the Computer Crimes Act of 2007, consequent to the hacking of about 50 government websites.
“It has been more than five years and needs amendments, es3pecially with regard to information security. Sri Lanka’s computer literacy stands at 35% and people are unaware of hacking,” he said.
The global trend of hacking important government websites did not spare Sri Lanka, with the Higher Education Ministry and the Media Ministry being the latest sites to be hacked.
According to a well-known cyber crime archive, Zone-H, among the Sri Lankan websites that have been hacked this month are Lessons Learnt and Reconciliation Commission (LLRC), Ministry of Rehabilitation and Prison Reforms, Sri Lanka Ports Authority, Sri Lanka Inventors Commission, Fisheries Department, Environment Ministry, Child and Women’s Affairs Ministry, Agriculture Ministry and the Road Sector Assistance Project.The websites of the Media Centre for National Security (MCNS), North Central Provincial Council, the Ports Authority, Board of Investment, Nelum Pokuna Theatre, Sports Minister Mahindananda Aluthgamage, Rupavahini, One Sri Lanka television channel, Employees Provident Fund, Justice Ministry, National Museum, Immigration Department, Agriculture Department, Probation Department, Uva Province Tourism division and the Strategic Enterprise Management Agency (SEMA) are some sites that have been hacked this year.
Last year, the Foreign Employment Bureau, Sri Lanka Customs, Telecommunication Regulation Commission, Valuation Department, Finance Commission and the Medical Research Institute websites were also hacked.
The LLRC websitewww.llrc.lk and the MCNSs site -www.nationalsecurity.lk could not be accessed even yesterday.
Unfortunately, most government institutions do not contact the Sri Lanka Computer Emergency Response Team (SLCERT), its Chief Information Security Engineer Roshan Chandragupta said.“Most of them are unaware that their site is hacked until it appears in the media or published in cyber crime websites,” he said.
Moratuwa University’s Computer Science and Engineering Department’s Prof. Gihan Dias said that the majority of them were hacked using very common practices, indicating that the sites have not followed basic security measures.
Hacking is not only defacing the frontal view of the web- site. It can be done by using malware, viruses, Denial of Service (DoS) attacks, leaking information and admin user name or password, using information in the site to commit fraud, hate/threat mail etc.
“Fixing vulnerabilities in websites, after an incident, has proven to be ineffective. This will cause higher production costs, additional vulnerabilities and substantial delays in deliveries,” said Information Security expert Sujit Christy.
He said proper security education and certification in secure software coding will help develop secure websites.
“It is less expensive than the loss of revenue and reputation from a breach of data, intellectual property, or highly secure information, after an attack,” Mr. Christy added.
According to SLCERT, installing trusted software, using strong passwords and keeping them secret, having regularly updated virus guard, maintaining firewall, updating software and Operating Systems regularly and refraining from clicking hostile or suspicious links in emails or on the web, are some measures to secure sites.