A series of cyber-attacks on Sri Lankan government sites are making official documents and other information vulnerable, computer experts warned yesterday. Upto now about 50 official websites have been hacked with the latest being the website of the Lessons Learnt and Reconciliation Commission (LLRC).
It comes just weeks ahead of the UN Human Rights Commission sessions that begin in Geneva on February 25.
Sri Lanka’s Computer Emergency Readiness Team (CERT) Chief Security Engineer Roshan Chandragupta said a number of site owners had contacted them and immediate restoration work was taking place.
“It is a sign that these sites are vulnerable and they have not been upgraded or information has leaked through an access to a folder. These are caused due to negligence or not knowing the fact that a simple user name and password can be used for hacking,” he said.
Sujit Christy, an information security professional, said there was a growing need to have highly qualified security professionals to detect and mitigate threats.�“There is a need to invest in technology to monitor the networks and systems, conduct forensics investigation and suggest remedial measures to prevent such incidents recurring,” he said.
Athula Pushpakumara, head of communications at Information and Communication Technology Agency (ICTA), said that despite launching websites in a grand manner with much publicity, some of these sites were often neglected after the first few months.
“We conduct cyber security drills from time to time, but government institutions should respond more and actively get involved. It is the image of the institution that is tarnished by hackers,” he said.
According to a well-known cybercrime archive, Zone-H, among the Sri Lankan websites that have been hacked this year are the Employees Provident Fund, the Justice Ministry, the National Museum, the Immigration Department, the Agriculture Department, the Probation Department, the Uva Province Tourism division and the Strategic Enterprise Management Agency (SEMA).
Last month, the websites of the Media Centre for National Security (MCNS) websites, the North Central Provincial Council, the Ports Authority, the Board of Investment, the Nelum Pokuna Theatre and Sports Minister Mahindananda Aluthgamage, Rupavahini and One Sri Lanka television channel were hacked.
The MCNS site — www.nationalsecurity.lk — could not be accessed even yesterday.�The websites of the Foreign Employment Bureau, the Sri Lanka Customs, the Telecommunication Regulation Commission, the Valuation Department, the Finance Commission, the Medical Research Institute, the Lanka Interoperability Framework (LIFe) and the Heritage Ministry were also hacked.
The hacking varied from homepage/front page defacing and adding text or images to folders.