Hackers attacked the websites of the Ethiopian News Agency (ENA) and the Office of Federal Auditor General(OFAG) on Sunday.

ENA’s website was hacked by a certain individual named “Artin”. The hacker defaced the homepage of ENA with a Kurdish flag and a note that reads: By ArTin (Kurdish Hacker) Iraq [email protected]. However, specific webpages on ENA were accessible through external links. This is the second hacker to attack ENA’s website since last March.

There were hundreds of website defacements in the web attributed to this same hacker in the past three months , according to the data on a cybercrime archive websites.

A common feature of these defacements is that they contain Kurdish resistance leader’s photo and/or its flag. The e-mail address [email protected] leads to a facebook account of Artin Duhoke, which doesn’t provide much info about the individual.

On the other hand, OFAG’s website was defaced by a hacker named “Hero_Aze”. He changed the homepage of the website into a black background with a note that claims “[in] 1918 Armenians killed more than 50 thousand Azerbaijans, plundered their houses drove tens thousands people out of their homes……”.

There are only a few hacking activities attributed to “Hero_Aze” or “HeroAze” on the web.

It is not clear whether the hackers randomly picked ENA’s and OFAG’s websites or have a specific reason to.

More defaced sites

The two sites are neither the first nor the sole victims of cyber-attacks, among Ethiopian government sites.

In 2012 alone, more than a dozen government websites have been defaced by hackers. The homepage of the Afar regional state website is defaced by a hacker named “ReturnOfEviLzz” at least as of mid-March.

Some webpages of the Adama city website are defaced by a hacker called “The.Psiqopat” since February. This hacker apparently defaced about ten homepages or webpages of different government websites last February.

The website of the Central Statistics Agency (CSA) was attacked by a hacker named “Altiiever” and another named ‘‘Ashayne’’ in mid-April.

The websites of ENA and CSA were restored soon after the hacking, unlike the websites of OFAG, Afar region and Adama city which either lacked the required expertise or attention – as it is the case with most government websites.

Victims of the hacking in this year alone include websites belonging to the state of SNNPR and Harari regions and several federal agencies including that of the Ombudsman as well as Addis Ababa city Mayor Office.

Motive

Most of these cases appear to be have been done by individuals whose are motivated by intellectual curiosity or fame and the like. As many of the hackers can be seen bragging about it on the internet and as their identity is not that hard to discover. Unlike some of the hackers who are careful to disguise or even successfully hid their identity.

Cyber experts distinguish between this type of ‘traditional hackers’ from ‘crackers’. The latter group’s aim ranges from identity theft to financial gain, intimidation and the like. A Wikipedia entry on the subject reads:

A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.

The most common method of defacement is using SQL Injections which allows gaining administrative access. Defacements usually consist of an entire page. This page usually includes the defacer’s pseudonym or “Hacking Codename.” Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless and is only done to show off a system cracker‘s skills or for Hacktivism, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.

Thus, it could be the case that most of the hackings of Ethiopian government websites could be crimes of opportunity – as the websites are administered by professionals with insufficient training and resources.

However, this doesn’t mean the sites are not or were not targeted by politically motivated hackers.

The official website of the Ethiopian Ministry of Foreign Affairs routinely suffers from malware attack that misleads Google-search and internet browsers to give false alarm saying: “this site may harm your computer”. This blogger observed that starting from 2007 as recent as early this year.

In mid-2010, Africa Online News reported that:

Several key Ethiopian websites are marked “This site may harm your computer” when listed in a Google search. This was not the case until recently.

The websites include the proper online presence of the Ministry of Foreign Affairs of Ethiopia (mfa.gov.et), but also the Ministry of Information (moinfo.gov.et), the National Bank of Ethiopia (nbe.gov.et) and the Ethiopian Embassy in Stockholm, Sweden.

Among the Ethiopian media websites where our reporters have found aggressive spyware were the ‘Ethiopian News Journal’ (www.ethjournal.com), which however is not marked by Google as a harmful web address. The problem at this Ethiopian media may thus have already been fixed.

Asking several Ethiopian sources about why there are currently so many government sites infected by harmful software, nobody had an answer. Initial speculations went in the direction of sabotage acts from Eritrea or from exiled opposition groups. None of the sources however wanted to state their name.

The theory is not totally unreasonable. One year ago, hackers infected the website of the Ethiopian Embassy in Washington, along with embassies from two other countries, with similar spyware. The Embassy’s website was quickly cleaned up and is now risk-free.

Curiously, these cyber-crimes and incidents are not reported by the mainstream media in Ethiopia.

*****************

(I will try update you with more data and expert opinion on the matter. Stay tuned.)

* Read well-researched and unparalleled analyses of Ethiopia’s internet filtering by Daniel Berhane – Ethiopia’s web filtering | Advanced technology, hypocritical criticisms and bleeding constitution (link) and Ethiopia’s web filtering | Beyond the cycle of condemnation and denial (link)]

Check the dropdown menu at the top for related topics.