Hacking Sri Lanka: Hall of Misery

Team ReadMe
8 Min Read

The goal of this list is two things. One is to keep track of all the notable security incidents and concise them into one place. The other is to highlight the growing need to ramp up security amidst the ever-so-digitalizing environment. It should be noted that this is not a complete list of all cybersecurity incidents in Sri Lanka, but rather a rundown of some of the most notable ones over the past few years. Regardless, the Hall of Misery will be continuously updated.

[04/04/2023] The Ministry of Education

The Ministry of Education was hacked in what appears to be an attempt by an A/L student (allegedly) to create awareness about the site’s vulnerability.

[21/07/2023] Sarasavi Publishers Facebook page

The official Facebook page of Sarasavi appears to have been hijacked and has since been flooded with adult content.

2022 list of notable hacked entities in Sri Lanka

[16/10/2022] Bandaranaike International Airport’s email

One of Bandaranaike International Airport’s primary emails belonging to its Safety department was compromised owing to a weak/insecure password. The email was briefly hijacked to send random emails.

Speaking to ReadMe, BIA’s engineering team has stated that the issue has been resolved since.

[11/10/2022] Sampath Bank official Twitter account

Sampath Bank’s official Twitter account was seemingly hijacked over a crypto scam with the account tweeting what suspiciously looked like scam links.

Account has since deleted the dubious crypto tweets

[27/09/2022] Sri Lankan Airlines official Twitter account

Hijacked by crypto scammers in a round that appeared to specifically target verified accounts. The national airline carrier’s Twitter account was hacked to disperse the typical stream of random crypto tweets.

The incident was reported on 27 September. The account remains inactive with the crypto tweets still on the feed.

November 2: The account appears to have been restored, though Sri Lankan Airlines might have lost its verification

[09/09/2022] Department of Examinations website (doenets.lk)

Technically this wasn’t a hack. It was just a 17-year-old exposing an insecure API. In this case, the student utilized the open nature of the doenets website API to manipulate its data. In other words, it was less breaching in and more walking into a home with the key on the door.

[20/04/2022] Anonymous attacks on multiple websites

Following the economic crisis and the peak of #GotaGoHome protests, Sri Lankans actively campaigned for the notorious Anonymous hacktivist group to “dig up information on corruption” à la leaking supposedly sensitive information. The constant demands were finally answered in some form, in what appeared to be a clique of enthusiastic individuals attacking several websites. Some of these included,

  • Sri Lanka Bureau of Foreign Employment (SLBFE) database leaked with 1000+ entries
  • Ministry of Health website
  • Subdomain belonging to Ada Derana (24.adaderana.lk)
  • Business Today website with database leaked

There were reportedly over 30 targeted attacks. Watchdog has a detailed account of the entire ordeal.

Many, if not all of the defaced websites have since been reclaimed and are now online. How far the exposed vulnerabilities have been patched, remains to be seen. No update on any recourse taken on the leaked data.

[01/04/2022] PayHere hack

An attacker compromised Bhasha’s fintech arm PayHere and exposed over 1.5 million records. The attack exposed 65GB worth of data of IP and physical addresses, names, phone numbers, purchase histories, and partially obfuscated credit card data. The suspected hack reportedly happened via a malicious file upload.

The company has listed its course of action following the breach and now has opened up its own bug bounty program

[24/03/2022] Seylan Bank official Twitter account

Similar to other crypto scam attacks on Twitter, Seylan Bank’s account was briefly hijacked tweeting suspicious crypto-related content and links.

2021 list of notable hacked entities in Sri Lanka

[06/09/2021] Sirasa Youtube channels

Several YouTube channels belonging to the Maharaja Network (Sirasa) were briefly compromised, including Voice Teens and TV1. Although it’s unclear what the motivations were, evidence points to another crypto scam hijack.

[19/08/2021] Derana YouTube

Likely the first major online account hijacked over a crypto scam. TV Derana YouTube channel was hacked following an exploited vulnerability in one of the remote access software. The attackers replaced the channel with a crypto stream.

[03/06/2021] Multiple government sites compromised

A widespread attack on several government websites that mostly included unsanitized URL redirects and some defacements.

[30/05/2021] Local ISP attacked

Leading ISP, suspected to be Sri Lanka Telecom, reportedly fell victim to a cyberattack that caused service interruptions to several of its customers.

The extent or the acknowledgment of the attack has not been communicated to this day.

[18/05/2021] Multiple government websites defaced

State websites belonging to the Health Ministry, Energy Ministry, Rajarata University, and the Chinese Embassy in Sri Lanka were hacked. Tamil Eelam Cyber Force claimed responsibility for the attacks.

[06/02/2021] LK Domain Registry hack

The LK Domain Registry was hacked and several websites were compromised following a DNS cache poisoning attack. As a result many visiting google.lk were instead redirected to a page that drew attention to several contemporary national issues.

2020 list of notable hacked entities in Sri Lanka

[24/08/2020] National Lotteries Board of Sri Lanka email server

The National Lotteries Board of Sri Lanka’s email servers appeared to be compromised following phishing emails sent to the public.

[30/05/2020] Government sites under attack

The websites for the Sri Lanka Bureau of Foreign Employment, the Ministry of Public Administration and the Ministry of Health came under a cyberattack by the Tamil Eelam Cyber Force.

[25/05/2020] REvil attack on SLT

A ransomware known as REvil attacked a section of SLT’s internal servers. The internet provider stated that the attack had no impact on its services.

[18/05/2020] Government and private websites defaced

The Tamil Eelam Cyber Force targeted the websites of Rajarata University, Sri Lanka Embassy in China, Hiru News, Brics Ventures (construction company), and the Cabinet Office.

[05/05/2020] MAS Holdings under ransomware

MAS Holdings fell victim to the Nefilim ransomware where hackers claimed to be in possession of 300GB worth of private data. At the time, the group posted some allegedly stolen documents online as evidence.

[25/08/2017] President website hacked, twice

The president’s website was compromised twice on the same day, by a 17-year-old. The website has was shortly restored afterward and the teenager was let off with a warning.

[20/01/2015] Presidential Secretariat is down

The website was taken down for unknown reasons, either as a result of an attack or an administrative mistake

[17/04/2014] 129 websites attacked

Dubbed #OpSriLanka, the attack carried out by the Anonymous group managed to target 129 local websites.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings