Sunday Observer Online
 

Home

Sunday, 04 September 2016
Untitled-1

observer
 ONLINE

OTHER PUBLICATIONS

OTHER LINKS

Marriage Proposals
Classified
Government Gazette

Presidential website under cyber threat

A 17-year-old student from Kadugannawa made headlines this week when he hacked into the official website of the country’s most influential person; President Maithripala Sirisena.

The teenage computer ‘hacker’, having by-passed security on the web site, posted a message on the homepage, without revealing his identity.

The message read; “Dear Mr. President,

We are extremely displeased about the decision to hold the GCE A/L in April since the Sinhala/Hindu New Year falls between the exam dates. Therefore, reconsider that decision. Furthermore, take care of the security of Sri Lankan websites. Or else, we will have to face a cyber war.

If you cannot control the situation hold a Presidential Election.

Stop the Prime Minister’s irresponsible behaviour.

Look more into the problems of the university students.

The Sri Lankan Youth”

Soon after the incident, the team that handled the President’s website took the hackers message offline and replaced it with a message saying the website was down for maintenance. Upon restoration of the site, it came under attack a second time – raising serious concerns about the competency of the team managing the President’s website.

Investigations

Immediately after the incident, the CID was tasked with handling the investigation. They traced the IP address – the Internet Protocol address, a numerical label assigned to every device – to Kadugannawa, and arrested the 17-year-old student in connection with the incident.

After the arrest was made, there was an outcry, among some sections of the society, against penalizing the student. Their argument was that the student should be given support to study IT, considering the ‘skills’ he displayed in hacking the President’s website.

Two people suspected of hacking into President Mathripala Sirisena's website being taken to court. Pic: Sarath Peiris

However, law enforcement authorities identified the student’s action as ‘crime’, as per Sections 3, 4, 5 and 6 of the Computer Crime Act, No. 24 of 2007, under which he is charged.

The definition of computer crime he committed is set out in the act as follows:

3. Any person who intentionally does any act, in order to secure for himself or for any other person, access to —

(a) any computer; or
(b) any information held in any computer,

knowing or having reason to believe that he has no lawful authority to secure such access, shall be guilty of an offence and shall on conviction be liable to a fine not exceeding one hundred thousand rupees, or to imprisonment of either description for a term which may extend to five years, or both such fine and imprisonment.

4. Any person who intentionally does any act, in order to secure for himself or for any other person, access to— (a) any computer; or (b) any information held in any computer, knowing or having reason to believe that he has no lawful authority to secure such access and with the intention of committing an offence under this Act or any other law for the time being in force, shall be guilty of an offence and shall on conviction be liable to a fine not exceeding two hundred thousand rupees or to imprisonment of either description for a term which may extend to five years or to both such fine and imprisonment.

Explanation 1 — for the purposes of paragraph (a) the mere turning on of a computer is sufficient. Explanation 2 — for the purposes of paragraph (b)- (a) there should be an intention to secure any program or data held in any computer ; Doing any act to secure unauthorised access in order to commit an offence Securing unauthorised access to a computer an offence.

Computer Crime Act, No. 24 of 2007 3 (b) the access intended to be secured, should be unauthorised; (c) it is not necessary to have access directed at any particular program, data or computer.

5. Any person who, intentionally and without lawful authority causes a computer to perform any function knowing or having reason to believe that such function will result in unauthorised modification or damage or potential damage to any computer or computer system or computer program shall be guilty of an offence and shall on conviction be liable to a fine not exceeding three hundred thousand rupees or to imprisonment of either description for as term which may extend to five years or to both such fine and imprisonment.

Illustrations

For any unauthorised modification or damage or potential damage to any computer or computer system or computer programme to take place, any one of the following may occur:—

(a) impairing the operation of any computer, computer system or the reliability of any data or information held in any computer; or

(b) destroying, deleting or corrupting, or adding, moving or altering any information held in any computer;

(c) makes use of a computer service involving computer time and data processing for the storage or retrieval of data;

(d) introduces a computer program which will have the effect of malfunctioning of a computer or falsifies the data or any information held in any computer or computer system. Causing a computer to perform a function without lawful authority an offence.

4 Computer Crime Act, No. 24 of 2007 Explanation- for the purposes of paragraphs (a) to (d) above, it is immaterial whether the consequences referred to therein were of a temporary or permanent nature.

6. (1) Any person who intentionally causes a computer to perform any function, knowing or having reason to believe that such function will result in danger or imminent danger to —

(a) national security;

(b) the national economy; or

(c) public order, shall be guilty of an offence and shall on conviction be punishable with imprisonment of either description for a term not exceeding five years.

(2) In a prosecution for an offence under paragraphs (a) or (c) of subsection (1), a Certificate under the hand of the Secretary to the Ministry of the Minister in charge of the subject of Defence or, in a prosecution for an offence under paragraph (b) of subsection (1), a Certificate under the hand of the Secretary to the Ministry of the Minister in charge of the subject of Finance, stating respectively, that the situation envisaged in subsection (1) did in fact exist in relation to national security or public order, or the national economy, as the case may be, shall be admissible in evidence and shall be prima facie evidence of the facts stated therein.”

Charges

According to the Act, any person who is convicted for computer crime will be liable to a fine not less than one hundred thousand rupees and not exceeding three hundred thousand rupees or to imprisonment of either description for a term not less than six months and not exceeding three years, or to both such fine and imprisonment. This explains the gravity of the offence the 17-year-old student committed.

However, IT specialists confirmed to the Sunday Observer that the hack job on President Sirisena’s official website was unsophisticated, and does not say much about the 17-year-old student’s skills. They argued that most government-owned websites are run on outdated platforms, without necessary security measures in place, making them vulnerable to various types of cyber attacks.

Suchetha Wijenaike, an IT professional and a social activist, said most of the government websites could be attacked in three simple and very basic steps:

“Find out what CMS it is running (check the HTML source), find out what outdated version of the CMS it is running (there are Google Chrome and Firefox extensions for that) and use readily available and published exploits to get in and do what you want,” he quipped, in a Facebook post, following the incident, explaining the danger most of the government owned websites faced. He attributed this danger to lethargic officials who are in charge of government-owned websites.

“The government websites are mainly maintained by government servants. Generally, in Sri Lanka, the rule number 1 of being a government servant is ‘don’t do anything more than you absolutely have to’. The server software and the CMSs they use haven’t been updated since they were installed, mainly because no one wants to take responsibility for pressing the button ‘Update’,” he said.

The incident, needless to say, was a wake-up call to many system administrators running government websites without ensuring the necessary security measures are in place. It was also revealed that the same group who allegedly hacked the President’s website had also hacked thirty-seven other website.

Apart from the teenager, the Police also arrested a 27-year-old youth from Moratuwa over the incident.

In court, Defence counsel Susantha Dodaawatta with Harin Hettiarachchi, appearing on behalf of the suspects said their clients did not have criminal intent when committing the offence.

They informed Court that the two had merely wanted to raise the fact that the President’s website hada weak security system. They further submitted to Court that some parties were attempting to gain political advantages by this incident.After being produced before court, the teenager was sent to a children’s home while the other suspect was remanded.

Realpolitik

The incident was politicized by some sections of the Joint Opposition, who wanted to add a different spin to the story.

Udaya Gammanpila, a parliamentarian known for making controversial remarks, addressing a press conference in Colombo, said the teenager did not deserve to be punished.

Gammanpila dubbed the student who committed the alleged computer crime a ‘talented youth’.

“In the US, youths even hack the official websites of NSA and Pentagon, but the US government does not imprison them, but utilises their capabilities in an effective way,” Gammanpila said addressing a Joint Opposition press conference.

“The imprisoned boy had obtained A passes for all subjects during the O/L examination which justifies that he is truly talented,” he said.

“The boy had not committed any offence although he secretly entered the President’s official website. He had left a message saying there was no proper security in the website. The boy should not be imprisoned, but he should be disciplined and awarded a scholarship in the computer field by the government,” Gammanpila, a lawyer by profession, said.

Gammanpila seems unaware however, of the story of Aaron Swartz, later documented in the film, ‘The Internet’s Own Boy’. Swartz, a computer programmer was considered an Internet genius, a prodigy even. At age 14, he was on the working group for the popular web syndicator RSS and also worked on Reddit – the ‘Internet’s front page’, and Creative Commons.

He even went to Stanford. But Swartz was arrested when he was 24 for hacking into the website JSTOR and downloading academic articles that he felt should be freely available to the public.

Swartz was charged in 2011 by US law enforcement for computer crimes under the Computer Fraud and Abuse Act, with a maximum punishment of one million USD in fines and 35 years in prison.

Swartz committed suicide in January 2013 and was posthumously inducted into the Internet Hall of Fame. Similar are the stories of Julian Assange and Edward Snowdon, on the run from litany of charges, including espionage, for releasing information using their computer skills. It is clear that even in the face of moral reasoning, public outcryand civil society sympathy, the rule of law must prevail.

However, when this issue was raised with the President during a breakfast meeting with media heads and newspaper editors at the President’s House, on Friday, the President, responding to the question if he would pardon the teenager involved in the hacking incident said: “It is still too early to comment on the matter. But, I will make a decision, as a father, who has children,” he said, not ruling out the possibility of a pardon upon conviction.

On Friday, the schoolboy and the youth were granted bail by Colombo Chief Magistrate. While ordering the release of the suspects on bail, the Chief Magistrate Gihan Pilapitiya advised the parents of the schoolboy to be more vigilant about the online activities of their child. The schoolboy was ordered released on two sureties of one million rupees. The other suspect was ordered released on a cash bail of Rs.25, 000 with four sureties of one million rupees.

President meets editors

President Maithripala Sirisena seemed jubilant when he walked into the main meeting room at the President’s official residence, on Friday morning, for a meeting with media heads and newspaper editors.

It was clear that the President had convened the meeting to brief the media about the successful meeting he had with the UN Secretary-General, on Thursday. In addition, the President wanted to make the media heads aware of the government’s plan for poverty alleviation and the SLFP’s 65th convention.

Commenting on his interaction with UN Secretary-General Ban Ki moon, the President said the UN Chief seemed happy about the progress achieved by the government, over the past 16 months.

“The UN Secretary General didn’t dictate terms to us nor did he impose any time-frame. He appreciated the new reforms we introduced after coming to power, including the 19th Amendment, the Office of Missing Persons Bill and the Right to Information bill. Apart from the official discussion, I had a closed-door meeting the UN chief for nearly 10 minutes.

“I explained to him the need to give more time and space for the government to conclude the reconciliation process. He responded positively to our request,” the President told the media heads.”

The UN chief, the President said, agreed to give his fullest support to the government to proceed with the reform process it initiated after January 08, 2015. “There is no unnecessary pressure on the government. We have everyone’s blessings to proceed with what we are already doing,” he said.

“Under the previous government, the relations between Sri Lanka and the UN were strained. A minister of the previous government launched fast unto death campaigns opposite the UN office in Colombo and the former President also visited him, sanctioning the minister’s act.

“Their behaviour resembled that of a hooligan in a village. With a new government coming to power, the situation has changed for the better and the government has repaired ties with the UN. The UN Secretary-General’s congenial approach spoke volumes of the goodwill between Sri Lanka and the UN,” the President said.

“The UN chief said he was highly impressed by the natural beauty of our country. He had visited the country a few times before and his last visit was in 2009, a few days after the end of war. I asked him if he noticed any change in the country, under the new government. He said, now there is more freedom, democracy, and human rights in the country,” he said.

The President then talked about unresolved issues in the Northern province and said the extremist elements in the North and the South were misleading the public on many matters.

“Some in the North,” the President said, “exert pressure on the government to resolve long-drawn issues, overnight. They want us to implement miraculous solutions. It doesn’t work that way!”

The journalists present at the event also asked questions about ongoing protests in the North demanding land rights. The President, in response, quipped that he had expected more protests in the North after the UN General-Secretary announced his visit to Sri Lanka.

“Some sections just want to show the world that they have so many unresolved issues. But, they don’t support us to implement solutions,” he added, directing his criticism at some groups that staged protests in the Northern province, over the past few days.

“Some of their demands were fair. But, they do not support our attempts to resolve their problems. They prevent government officials from surveying their lands. I identify this as a well-organised campaign to hamper any possible solution. It is quite clear that a certain group wants to keep IDPs in their camps forever. They want to perpetuate this issue and capitalize on the grievances of the helpless,” he stressed.

“However,” he added, “it doesn’t make the demands of the ordinary people dismissible”

“We, as a government, should understand the grievances of the people in the North. They don’t need lands owned by the military. They ask for their own lands. It is not unfair,”the President said.

“We have achieved remarkable progress on resettlement. But, there are some problems that need to be resolved. However, at this point, we have informed all IDPS in writing about the status of their lands. We have to admit that there is a delay on the part of the Survey Department as they do not have sufficient human capital to fast track the process,” the President added, saying that the government intended to resolve all land issues in the North, in three months.

During his interaction with media heads, the President diplomatically avoided queries about the power struggle within the SLFP. Dismissing the claims by the rebel group, the President said, the 65th anniversary of the Sri Lanka Freedom Party (SLFP) would strengthen the party’s will to remain in the national unity government.

“We have to forget our greed for power and remain united to create a better country for the nest generation,” the President said, stressing the need for protecting the unity government to address key issues faced by the country.

The national unity government, he said, should be strengthened to resolve several key issues, including the repayment of foreign debts amounting to Rs. 9,000 billion.

He said the national unity government, in which the two main political parties function as the key stakeholders, lays the perfect foundation to find solutions to long-drawn socio-economic issues.

While the President was addressing media heads and editors at the President’s House, some members of the Joint Opposition group made an interesting move at former President Rajapaksa’s political office, in Battaramulla.

They gathered at the office to celebrate the anniversary of the SLFP. Interestingly, this was the same group who threatened to split the SLFP, to contest separately at the Local Government election, under the former President’s leadership.

Dullas Alahapperuma, Bandula Gunawardena, Prasanna Ranatunga and Renuka Perera cut a cake to celebrate the party’s 65th birthday, which fell on Friday. The cake was decorated with a message congratulating the party, and in the message they identified themselves as ‘Mahinda and Sons’ (Mahinda samaga daru kela).

However, the rebel group’s anniversary celebration shows that they now have a love-hate relationship with the party, especially in the wake of the President’s recent decision to remove 13 Rajapaksa supporters from their electoral organiser positions.

 | EMAIL |   PRINTABLE VIEW | FEEDBACK

eMobile Adz
 

| News | Editorial | Business | Features | Political | Security | Sports | Spectrum | World | Obituaries | Junior |

 
 

Produced by Lake House Copyright © 2016 The Associated Newspapers of Ceylon Ltd.

Comments and suggestions to : Web Editor