A dig reveals this; ; <<>> DiG 9.3.2 <<>> nsis.go.ke any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 76 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 5 ;; QUESTION SECTION: ;nsis.go.ke. IN ANY ;; ANSWER SECTION: nsis.go.ke. 38172 IN MX 10 mta.wananchi.com. nsis.go.ke. 38172 IN MX 20 mail.wananchi.com. nsis.go.ke. 29891 IN A 62.8.88.6 nsis.go.ke. 17830 IN NS dns2.wananchi.com. nsis.go.ke. 17830 IN NS dns1.wananchi.com. ;; AUTHORITY SECTION: nsis.go.ke. 17830 IN NS dns2.wananchi.com. nsis.go.ke. 17830 IN NS dns1.wananchi.com. ;; ADDITIONAL SECTION: mta.wananchi.com. 63997 IN A 62.8.88.64 mta.wananchi.com. 63997 IN A 62.8.88.63 mail.wananchi.com. 63574 IN A 62.8.88.102 dns1.wananchi.com. 64894 IN A 62.8.64.5 dns2.wananchi.com. 65700 IN A 196.200.36.3 ;; Query time: 15 msec ;; SERVER: 196.200.16.2#53(196.200.16.2) ;; WHEN: Tue Dec 11 17:22:50 2007 ;; MSG SIZE rcvd: 243 A ping reveals this; C:\Dig>ping www.nsis.go.ke Pinging www.nsis.go.ke [62.8.88.6] with 32 bytes of data: Reply from 62.8.88.6: bytes=32 time=50ms TTL=54 Reply from 62.8.88.6: bytes=32 time=31ms TTL=54 Reply from 62.8.88.6: bytes=32 time=29ms TTL=54 Reply from 62.8.88.6: bytes=32 time=36ms TTL=54 Ping statistics for 62.8.88.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 50ms, Average = 36ms Wananchi are the victims -----Original Message----- From: kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+jkagwe=kippra.or.ke@lists.kictanet.or.ke] On Behalf Of Odhiambo Washington Sent: Tuesday, December 11, 2007 4:18 PM To: James Kagwe Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] NSIS website hacked? On Dec 11, 2007 3:19 PM, John Walubengo <jwalu@yahoo.com> wrote:

For those who may not know NSIS stands for National Security Intelligence Service, the Kenyan equivalent of the American CIA, Russian KGB, Israeli Mossad and the British M15 get the drift?

Now these chaps website seems to have been hacked and defaced. Check out...

http://www.nsis.go.ke/

and please tell me am wrong.

You are right, it's been "cracked". However it's hosted by third party, if you look at DNS records, and this can always happen when a server admin installs on a server stuff they don't quite understand, or even plays with a sensitive configuration without thinking much about it. Hey, Walu, it's just the website, the content of which is for public consumption (and public defacing whenever possible to prove a point). -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: jkagwe@kippra.or.ke Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jkagwe%40kippra.or. ke