As the massive protests against Sri Lankan President Gotabaya Rajapaksa entered its eighth week, hacktivist collective Anonymous took the floor last month – in a way that has alarmed cybersecurity experts and the general public, wondering if the organization is doing more harm than benefits.
On April 20, Anonymous, the decentralized collective of internet activists, attacked the websites of the Ceylon Electricity Board, the Sri Lanka Police and the Ministry of Immigration and Emigration with DDoS (Distributed Denial-of-Service) attacks. Twitter phones linked to Anonymous said the group started this #OpSriLanka hashtag in support of people and was “declare cyber war on the government.”
Many Sri Lankans had taken to social media to call for the group to intervene using the hashtag #AnonymousSaveSriLanka. But as part of the attack anonymous hackers shared publicly Thousands of usernames, passwords and email addresses from the database of Sri Lanka Scholar, a private portal connecting students to various higher education institutions using the official “.lk” domain. The hackers published similar information through the agents registered with the Sri Lanka Bureau of Foreign Employment (SLBFE).
The leaks not only violate the privacy of Sri Lankans, but also expose them to cybercrime and phishing attacks, technology law expert Ashwini Natesan said rest of the world.
These individuals are still at risk because “unless remedied, another hacker could access the same database and collect employees’ passport details and other personally identifiable information, which can be sold on the dark web for around $50,” according to cybersecurity specialist Asela Waidyalankara told rest of the world. “These details can then be used for a range of cybercrimes such as impersonation.”
In addition to the data leak, a Twitter handle linked to Ghost Squad, a politically motivated hacktivist team that is part of Anonymous, common strategies for attacking the state-owned National Savings Bank, the semi-state-owned mobile operator Mobitel and the digital platform provided by Sri Lanka Telecom for locals to book appointments with doctors. Waidyalankara said these systems were fortunately not violated. “Had this taken place, sensitive medical information about individuals would have been disclosed.”
Experts say Anonymous’ attack has exposed the deficiencies of Sri Lanka’s cybersecurity infrastructure at a time when the country is grappling with its worst economic crisis since independence in 1948.
Sri Lanka is in economic shambles as foreign remittances have slowed, tourism revenues have suffered from the pandemic, high global oil and gas prices are making daily life expensive and the government is struggling to borrow from international lenders due to massive outstanding foreign debt. The cost of essential goods has skyrocketed in the island nation, along with daily power outages, fueling ongoing anti-government protests across the country.
Given these circumstances, the government may not have the resources to prioritize cybersecurity, which could leave its citizens vulnerable to future threats, experts say. In March, the Sri Lankan Parliament passed a data protection law that has not yet come into force. “The Data Protection Act provides for the protection of personal data from misuse and abuse and provides for necessary reporting procedures. However, it still hasn’t come into force and the DPA hasn’t been established according to the law,” Natesan said.
The Sri Lankan Ministry of Technology “continuously takes many precautions against cyber attacks and these will be further strengthened,” Secretary Jayantha de Silva said rest of the world.
If the government prioritizes cybersecurity, it will use taxpayers’ money to mitigate the damage, “so I don’t see how this attack adds to the overall cause of the protests,” Waidyalankara said. The true impact of this cyber attack will be understood much later, Waidyalankara added. “If the country’s cyberattack threat profile was previously low to medium, it would now be somewhere between medium and high.”
Meanwhile, Anonymous’ attack is being used by some to spread misinformation. On April 22, a Facebook page called Lanka E News published a post claiming to reveal the “hidden wealth” of the ruling Rajapaksa family. Lanka E News said this information was leaked during Anonymous’ cyber attack.
The post, which did not hyperlink to databases or documents, claimed that media houses and prominent media figures covering the economic crisis and the protests were implicated in the Rajapaksa family’s underhanded dealings.
Social media analyst Sanjana Hattotuwa, who investigated the post, labeled it “narrative corruption.” Hattotuwa noted that the post was published simultaneously by different accounts, one of the “signals of inauthentic distribution”. This is an example of pro-government dissemination of misinformation trying to derail the movement against President Rajapaksa, Hattotuwa said, adding that “the prevailing public belief that the Rajapaksa are corrupt is being exploited.” [by the creator].” The post was shared on a number of Facebook groups supporting the anti-government protests, including GoHomeGota2022, which has over 300,000 followers.