No suspects have been identified in connection with the hacking of the SA Police Service website last month, police minister Nathi Mthethwa revealed on Wednesday. Mthethwa said the investigation was still underway and the level of threat to identified whistleblowers was not yet known.
The information was provided in an answer to a parliamentary question by Freedom Front Plus spokesman Anton Alberts. Alberts asked the minister whether any steps had been taken to safeguard those whose identities were compromised.
Mthethwa replied: “Full implementation of steps will be finalised after the investigation and the threat assessment is completed.”
Alberts said it was concerning that these people appeared to not receive any protection by police.
He feared the hacking incident would be a setback for crime-fighting because people with information would be too scared to come forward. “This is negligence on a huge scale and shows the incompetence of the state’s IT agency, which manages the police’s website. The public’s confidence in the police will definitely be harmed by this.”
In May, a State IT Agency (Sita) official said information posted by citizens alerting police about crime had been left on the police site by mistake. “The data is collected on that public server. There was a little bit of an oversight, because it should have been removed afterwards,” said divisional head responsible for government solutions, Daniel Mashao. “We increased the functionality [of the police website] to allow people to be able to report further information. When we did that we should have also decided to move it to the secure site.”
The hacker reportedly performed a data dump when complainants and whistleblowers’ details were downloaded from the SA Police Service website’s e-mail server and uploaded onto another site. Mashao said at the time that the information obtained by the hacker comprised about 15 000 lines.
“Most of the information was submitted anonymously. We are concerned because there is information [within the 15 000 lines] where people have given [their] further details to say ‘I know about such and such [a crime]’.”
Mthethwa reiterated in his reply that nobody in the witness protection programme had been compromised in any way, contrary to media reports.
The hackers used social networking site Twitter to inform the public that the attack was in connection with the lack of arrests for the August 2012 shooting of 34 protesting mineworkers at Marikana mine in Rustenburg.
Public service minister Lindiwe Sisulu also answered questions submitted by Alberts. He had asked her what security measures were in place at the time. Sisulu replied that the website had a firewall and network intrusion protection, malware inspection and antivirus software. It also had an inverse proxy, which took requests from the Internet and forwarded them to servers in an internal network.
“Those making requests connect to the proxy and may not be aware of the internal network, and it helps to protect the internal network from intrusions,” Sisulu said. The website application was developed in 2004/2005 and there were no external contractors involved in its maintenance.
Sisulu said the increasing sophistication of cyber criminals had resulted in a race to implement security measures ahead of attacks. She said Sita had scanned its websites for vulnerabilities and a process had been underway since February this year to address these vulnerabilities. “This is unfortunately a tedious process as it requires the redevelopment of large portions of the application.” — Sapa