How The Kenya Police Website Was Hacked

As we all know, the Kenya police website was hacked multiple times recently. Today, we report on how, exactly, the hacker got in.

Of course it is not really “hacking” (here’s why) – it is more of “defacement”. Regardless, Idd Salim has a post up that analyses this “hacking” in detail. According to Salim, this is what happened:

The “hacker”, looking for a way into the site (or maybe just curious) did the simplest of things and got the admin password to the Kenya police website just sitting there, exposed for everyone to abuse.

The “hacker” probably just entered this query into Google search: “filetype:txt

This query checks whether there is any text document on the Kenya Police website that can be accessed by the public. Unbelievably, the password to the whole police website was stored in an insecure text document and all the “hacker” had to do was read it, and log in.

How to hack the Kenya Police

Exhibit C (click for larger)

Easy peasy. The password was just sitting there waiting to be discovered.

It is such a shame that the primary security organ in this country clearly does not know, does not care, or both when it comes to cyber security.

Additional Resources


  1. […] Bad The Kenya Police – this is the site of the Kenya Police. Besides being hacked numerous times a while back, it is not available right now. Makes you wonder, doesn’t […]

Speak your mind