Hackers are bragging that the Central Bank of The Bahamas’ website was an “easy target” for them to take down, although the regulator says the attack was “stabilised in less than 24 hours”.
John Rolle, the Central Bank’s governor, also disputed suggestions that the attack on its website was a “hack”, describing it as a “denial of service” event” that struck between Wednesday and Friday last week.
“We did experience a denial of service event on our website, but it should not be characterised as a ‘hack’,” Mr Rolle wrote in a Tweet that was distributed by Central Bank public relations executives. “The site was stabilised in less than 24 hours. There was no cover-up. All of our staff were informed, and service to the public was not materially affected.”
But the hacker allegedly responsible, named ‘Shizen, openly boasted to the website, Rogue Media Labs, that the Central Bank of The Bahamas website was vulnerable because it lacked basic security measures.
“The Central Bank of The Bahamas is an easy target,” ‘Shizen’ was quoted as saying. “The website is protected by Cloudfare, but as long as the DDoS (distributed denial of service) doesn’t exceed the 1 TBPS limit.
“I have attacked with a Python script. The website has been taken down for 28 hours before it changed over to Cloudfare. Now, if you make a check-host, you can see an error ‘503 Service Temporarily Unavailable’. The website now works because they have changed the Cloudfare, so I think I’ll try to take it down next with an IRC Botnet or an MIRAI next.”
The Central Bank’s website was still operating with the enhanced Cloudfare protection as of yesterday. The Rogue Media Labs article criticised the site for failing to install an active SSL certificate, adding that “its front-end still suffers from a lack of basic and fundamental security measures”.