The recent hacking of Essar Telecoms Kenya Web site and that of the Kenya Administration Police left security experts scratching their heads for answers. Others have gone ahead to blame it on Gichuki Jonia aka Chuks, a reputable security consultant, who however denies taking any role. But why have these incidences been on the rise? According to Evans Kahuthu, a security consultant at Teqlink Solutions and an organiser of the upcoming Secure ICT conference where reputable hacker Johny Long will be the keynote speaker, the industry has long been relying on "Security by obscurity." Basically, this means that installations have being termed secure on the simple grounds that  no one had information on what is inside them, or rather no one knew they existed.  In explaining "Security by obscurity" further, Kahuthu says that a few years ago, most organizations did not have Web sites, had few of their systems connected to the Internet or electronic. So there was no information for hackers to come after. Futhermore, Kenya relied on slow overseas satellite connectivity. It therefore took a long time for information to be transferred between a server here and a hacker’s computer abroad. With the coming of fibre, latencies have decreased  and hackers are able to access servers as if they are next door.

The above situations have been worsened by the current security cultures and practices. Kahuthu says that most installations are left with their default settings which are known to everyone hence making it easy for one to break into them. Password patterns used by companies are also easy to figure out, such as the companies phone number in reverse.