Sensitive info of state owned websites leaked?

• Defence Ministry takes preventive action following prior intel  

By Kalani Kumarasinghe  

Sensitive information of two state websites have been leaked to a hacker forum, a cyber threat intelligence platform claimed last week. On March 2, the FalconFeeds.io announced on Twitter that the administrator access of Sri Lanka’s Ministry of Defence website has been released to a Hacker’s Forum for sale.  

Personally Identifiable Information (PIIs) such as names, phone numbers and emails were among the data claimed to be on sale, through a data broker named Kelvin Security.  Kelvin Security, which describes itself as a hacker group has a history of claiming data breaches in several countries including Colombia, Mexico and Chile. 

    
When contacted by the Daily Mirror, Defence Ministry media spokesperson Colonel Nalin Herath denied the report stating no data has been compromised as flagged by the intelligence platform, nor has data has been made available for sale.   

“There was an alert we initially got that the Ministry of Defence website was going to be hacked. But there was no such incident,” the Ministry Spokesperson said. “We were alerted by the United States Embassy. Based on that we took some extraordinary precautions and because of that we could prevent a breach,” he said. The US Embassy warning came a day prior to the incident, he said. “Nothing happened. There was no breach. We adopted certain precautions. But we did not experience an attack or anything,” Herath said.   

Asked of the precautionary measures taken related to this incident, Herath said the Ministry worked with the Computer Emergency Readiness Team (CERT) as well as the Air Force Cyber Operations Centre to look into the issue.   

However sources told Daily Mirror that CERT had not been immediately notified of the alleged breach. “We haven’t got any request asking for any assistance in this regard,” a spokesperson for CERT said.   

Prior to the alleged Defence Ministry data breach, FalconFeeds.io on February 25 had also claimed that ‘32 admin information’ from the Central Bank of Sri Lanka websites were leaked. The tweet also contained an image suggesting that the Central Bank’s Twitter handle was compromised.  

The Daily Mirror spoke to two officials at the Central Bank who said there has been no data breach reported. “I think you are referring to the tweet. There was no data breach as such,” an officer who wished to remain anonymous said. Asked if there is an investigation into the incident with other parties, he said “Along with our service provider, we investigated the claim. But we didn’t find any data breach.”