June 24, 2025

Yohan Perera | Sri Lanka

Yohan Perera from Colombo, Sri Lanka writes about Cyber Security, E-Commerce, Social Issues, Family and Relationships, Current Affairs, and Religion

Trending News

5 Red Flags: Products and Sellers to Be Cautious About on Daraz
Productivity
From Sticker to Suspect: What Really Happened?
Humanity
Israel, Hamas, and the Fight: Shattering Myths
Humanity

Find Me On

A flat, minimalist illustration depicts a black laptop with a red warning triangle on its white screen, set against a solid blue background. The laptop casts a long, soft shadow to the right, suggesting a light source from the left. The overall impression is one of a digital alert and error symbolizing the worrying state of cybersecurity in Sri Lanka.

The worrying state of Cybersecurity in Sri Lanka

Yohan Perera013 mins

On February 6th, 2021 many usersโ€™ traffic to GOOGLE.LK and a few other websites under the LK Domain Registry redirected to a propaganda page in what seemed to be the work of hacktivists. The page drew attention to several contemporary national issues. Although the media reported the websites themselves have been hacked, the hackers had spoofed the DNS records for the websites affected instead. (Whatโ€™s DNS and whatโ€™s DNS Spoofing?) We are lucky that the attack was just a malicious redirect. However, the continuous and successful cyberattacks mounted against Sri Lanka and our responses so far indicate the countryโ€™s cybersecurity is in a worrying state. Keep on reading to learn why? (Read my previous blog post โ€œIโ€™m sticking with WhatsApp: Hereโ€™s Why?โ€ if you missed it.)

Sri Lanka isn’t taking Cybersecurity Seriously

The attack on the 6th wasnโ€™t the first time the cybercriminals penetrated the LK Domain Registryโ€™s network. On January 27th, 2013 they mounted an SQL Injection attack which yielded the control of a few top-level domains into their hands. Below is an inclusive list of other attacks in chronological order.

  • 01.05.2009 LTTE propagandists defaced the ARMY.LK website
  • 22.11.2012 Hacker โ€œBroken Securityโ€ breached the Presidentโ€™s web server
  • 26.01.2013 Hacker โ€œDavy Jonesโ€ defaced three websites operated by the government
  • 13.02.2013 “Davy Jones” defaced a website operated by a Sri Lankan consulate
  • 26.09.2015 A teenager defaced former President Maithripala Sirisenaโ€™s website twice
  • 17.05.2020 LTTE Propagandists defaced five websites ending in LK and COM
  • 23.05.2020 SLTโ€™s internal computer network was overrun by the “REvil” ransomware

These attacks were successful mainly because the targets were running outdated software. In a report carried out by the News First Website on May 31st, 2020 another local IT group also warned that most websites in Sri Lanka run on top of outdated software. This widespread trend indicates we are not taking cybersecurity seriously.

Sri Lanka is bad at proactive Cybersecurity

Followed by the ransomware attack on its internal computer network Sri Lanka Telecom released an official communique clarifying the situation to its customers. Itโ€™s worthwhile to understand why the attack was successful because in the communique the management shamelessly bragged about how they cleaned up the mess after the attack although they could have stopped the attack on its heels.

Our vigilant early warning systems detected the attempt and precautionary measures with the shutdown of some servers were implemented without delay. These servers are isolated and corrective action is being taken. There is no impact to any system that is used to provide SLT services. Thus, there is no risk to any services offered to our customers and also there is no risk to the customer information. System experts are attending to the issue and have already identified all the areas and SLT internal services will be restored in a short time. Our expert teams have detected the threat at a very early stage and successfully isolated the problem.

Management – Sri Lanka Telecom

According to Wezen Group, the โ€œREvilโ€ ransomware exploits a vulnerability in Windows Server 2012 R2 which Microsoft fixed three years ago (KB4471320). SLT could have thwarted the ransomware attack on its internal computer network had they patched its server operating systems on time. (This makes us rethink the safety of our information because important financial bodies like the Hatton National Bank and Commercial Bank of Ceylon are hosting their websites also with SLT.) The fact that SLT as a semi-government telecommunications company failed to prevent a major attack indicates we are not good at proactive security as much as we are at reactive security.

Sri Lanka is clueless about Cybersecurity

On February 10th, 2021 in response to an advertisement for โ€œSLT Storageโ€ (SLTโ€™s Cloud Storage Service) that appeared on Facebook I inquired whether it supports encryption. It was a simple yes or no question but their response was โ€œHi Yohan, Thanks for getting in touch, please inbox your requirement and the phone number we can contact. thank you.โ€

A few others also inquired and this time SLT responded saying โ€œHi, Thanks for your Interest. Please refer to the attached link for more details. www.slt.lk/storageโ€ โ€“ The said link however stated nothing about encryption. After I told them that they said end-to-end encryption is available. As far as I know, end-to-end encryption protects data on transmission only. Not the data stored in the server. That allows a cybercriminal gaining access to the servers to access my data also. Apparently, either the SLT marketing team is clueless about their product or thereโ€™s no encryption at all. Below is another interesting story that the CEO of a firm specializing in information security shared with Roar Media a leading media platform in the country.

A few years ago, we were demonstrating how our data operations centres use surveillance software to scan a network for vulnerabilities. The client was a very large financial institution servicing thousands of customers. While we were doing this, in real-time in their conference room, we spotted a stream of data moving out of one of the company laptops to a foreign country. And the laptop in question? It happened to be in the room โ€” it belonged to the head of systems security!

Romeish de Mel, CEO – Flix 11

The chief of security didnโ€™t know someone is stealing sensitive data right under his nose. SLT doesnโ€™t know how secure its cloud solutions are. This atmosphere indicates we are clueless about cybersecurity.

In Sri Lanka Cybersecurity is an afterthought

By now, you must be familiar with the โ€œStay Safeโ€ app developed and launched by two voluntary software engineers under the guidance and support of government-owned ICTA (short for Information and Communication Technology Agency) to help prevent the spread of COVID-19. More details of the app are available here. Although a noble contribution to the countryโ€™s future, on December 15th, 2020 Roar Media reported the vulnerabilities in the app could endanger the privacy of any citizen using the app. One of these vulnerabilities allowed anyone to check submitted information on the service with an API call. (Short for Application Programming Interface, it allows two applications to communicate with one another to access data, helping software developers to save time and effort.)

According to the same report ICTA later confirmed it patched this vulnerability. However, this was a very simple loophole ICTA had failed to identify before opening the app to the general public. If it neglected a flaw as simple as an Unauthorized API Call how can we trust it to guard our personally identifiable information against more sophisticated threats? A vulnerability in an app developed at a national level to deal with citizen data, whose development and maintenance is overseen by a government agency indicates we believe cybersecurity is a mere afterthought.

Wrap Up

In a country where digitalization is effectively being encouraged at a national level all of the issues mentioned above stress the worrying state of our countryโ€™s cybersecurity โ€” which in turn begs the question: are we truly prepared for a digital Sri Lanka?

Update: HSBC Sri Lanka Website Impersonated

Although the attack on the LK Domain Registry initially appeared to be nothing more than a malicious redirect Twitter user Duminda (@dumindaxsb) revealed attempts by one IP address at impersonating the HSBC Sri Lanka website in a similar fashion (in addition to serving a malicious file to Windows PCs from GOOGLE.LK which aimed to exploit Internet Explorer the browser used in most of Government Institutes). Was the attack on the LK Domain Registry a distraction while the HSBC Sri Lanka website was the real target? I do not know.

If you found this content helpful, I kindly ask you to leave your feedback in the comments section below. Sharing it on social media would also be greatly appreciated. In order to promote meaningful and respectful dialogue, I request that you use your full name when commenting. Please note that any comments containing profanity, name-calling, or a disrespectful tone will be deleted. Thank you for your understanding and participation.

guest

0 Comments
Inline Feedbacks
View all comments
Back To Top

Our website is currently undergoing renovations. Thank you for your patience as we work to enhance your experience.

Got it!
X
22 Shares