Making a public display of the pathetic state of cyber-security unawareness in the state sector, the Sri Lanka Foreign Employment Bureau (SLFEB) at the heights of their ignorance had publicized personal information including ID/passport numbers of over 25,000 individuals.
The publicized data had been uncovered by Suchetha Wijenayake – an employer of Linux Center in Colombo. He had stumbled upon the files while looking up two names who used to be ardent listeners of Sri Lanka Broadcasting Corporation (SLBC). One of the Google listings that popped up had led him to a 2.5 MB Microsoft Excel file that contained full names, ID/passport numbers of over 25,000 individuals that had been dated from July-September 2013 indicating the information was in the public domain for over a year.
Instantly recognizing the gravity of the situation, Suchetha had attempted to contact SLFEB Chairman Amal Senadhilankara, but to no avail. Finally he had been directed to SLFEB’s IT Consultant, who had confirmed the records were indeed public and were ‘supposed to be out there’. Without accepting the mistake on their part, he had turned around and accused Suchetha of attempting to hack the SLFEB website.
Suchetha had thereafter contacted Senadhilankara’s Secretary, to whom he had explained the situation. She had requested him to write an email to her, explaining the situation and fortunately, she had understood the gravity of the situation and the files had been taken down 30 minutes later.
However, Suchetha has written that even afterwards his numerous attempts to contact Senadhilankara and explain to him that their site is insecure was not successful.
This incident ironically reflects on the sorry state of the lack of IT knowledge among those who administer manage government owned websites, despite the Rajapaksa regime’s aspirations of making Sri Lanka an IT hub. Against this backdrop, it is no wonder government sites are being constantly targeted by hacker groups.