Over the last few years, Many a Kenyan government websites have been subjected to a number of attacks which have mainly been about defacing them. This can be said to be the work of an armature using published methods to proclaim their prowess in accessing private information. However such acts lead to one simple conclusion; the government is not ready to deal with a serious cyber-attack in the event that its subjected to one. Specifically I want to zero in on the specific attack called Distributed Denial of service (DDoS) attack.
When we talk about DDoS attack we are talking about a simple scenario. Assume ten people speaking to one person all the same time. This means the recipient of the information won’t be able to provide any meaningful feedback hence breaking down the communication cycle.
In the case of the many websites that we provide vital information, I will look at the KRA tax returns. As we draw to the deadline (End of June I think) more and more people are accessing the website to file their tax returns. There are obvious flaws which mean you have to use a specific web browser despite the system being claimed to be built on the java platform which is cross platform! However let’s consider what would happen if an attacker launched a DDoS attack on the site at the URL given below.
Mind you there are more than enough motivations to be unhappy with not just KRA but many other government bodies but I wont delve into that either. This would mean people queuing at the times tower offices to submit their returns files , loss of revenue since most are business men and possibly fining in the event the deadline is surpassed as a result of the same, bearing in mind Kenyans have an insatiable appetite for deadlines.
I am not trying to undermine the efforts made by various institutions to digitize their content and putting it online. All that I am doing is ensuring that we are able to ask ourselves what’s the worst that could happen. If we can answer that questions then it’s the beginning of fear, the fear of the worst and with Kenyans getting more and more disillusioned it won’t take long before someone unleashes a mega attack.
Therefore in order to ensure that it doesn’t happen (hopefully). In the next few weeks I will be publishing a series of articles detailing DDoS attacks; what they are, how they happen and possible ways of mitigating them. Keep an eye on the blog.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States License.
