We Took The Liberty Of Rounding Up The 8 The Biggest Hacking Scandals To Hit SA
Liberty is the latest in a series of companies and government departments to fall victim to cyberattacks in recent years. The company assured its clients that no personal or financial data had been breached when hackers accessed its servers over the weekend, according to Eyewitness News (EWN).
According to BusinessTech, Liberty said the hackers had only accessed their email servers, and had mostly obtained emails. Liberty maintained that no one lost any money as a result of the breach. In light of more serious cyber attacks suffered by SA companies and government entities recently, where huge amounts of personal data were leaked online, it seem Liberty may have got off lightly.
Here are eight of the biggest hacking scandals in South Africa over the last few years.
1. Moroccans hack SA government
In December 2012, the websites of three government departments were hacked. The department of social development, the Presidential Planning Commission and the National Population Unit's sites were al hacked by "H4ksniper", which linked to a Facebook account of someone called Moroccan Haksnipx.
He told the Mail & Guardian by email that the hack was in response to the South African government's support of the Sahrawi Arab Democratic Republic — a partially recognised state that reportedly claims sovereignty over the Western Sahara, but Morocco controls the majority of the territory. South Africa reportedly regards Western Sahara as being illegally occupied by Morrocco.
The Moroccan hacker reportedly said he had no "evil plans", and was simply "defending our country and our religion!"
No sensitive information was reportedly accessed or released.
2. SA government sites hacked again
In February 2016, The World Hacker Team, which associates with the Anonymous collective, hacked the department of water affairs' site, releasing the personal data of thousands of people and sensitive financial information belonging to the department.
According to Business Tech, the group, calling itself #OpAfrica, said its target is a "disassembly of corporations and governments that enable and perpetuate corruption on the African continent".
The group also hacked the Government Communications and Information Systems' site a week earlier, releasing hundreds of names, email addresses, phone and ID numbers, and passwords stories in both hashed and plain text.
3. And again
The website of the state arms manufacturer, Armscor, was hacked by the same group in 2016. About 63MB of HTML files from the company were reportedly leaked onto the dark web, according to Fin24.
The files reportedly included ordering and payment details for companies like Denel, Airbus, Thales and Rolls-Royce. The hackers reportedly claimed to have access to nearly 20,000 supplier names, IDs, names and passwords.
4. And... again
About a year ago, the department of education's website was hacked by Islamic militants who posted pictures of decapitated corpses, including children.
A message posted by the hackers said,
"Hacked by Team System DZ
"A message to the government, the American people and the rest of the world. Is this the humanity you claim, or is life irrelevant to Muslims? Do not imagine that these actions against Muslims will pass you and we will forget what you did to the Arab and Muslim peoples all over the world. I love Islamic State!"
5. Guptas, SABC
Anonymous Africa, the same group under a slightly different name, went after the SABC and Oakbay Investments sites in June, 2016. Oakbay Investments belongs to the Guptas. The hacks took the form of flooding servers with thousands of requests at once.
The group told Fin24 in an interview that it targets "corrupt/or racist individuals, corporations and parties."
"In every one of these cases, we feel justice has gone unanswered, and while we are not justice, we are a very loud voice complaining about the lack of justice."
The Guptas' The New Age newspaper, as it was then known, ran a story headlined: "Hackers fail to shutdown Oakbay websites". This prompted another cyberattack by Anonymous, and a comment:
"They got extra attention from us for lying about us in an article they wrote afterwards. We may be cowards hiding behind our keyboards but we do not lie."
6. University of Limpopo
Also in 2016, New World Havkers, linked with the same group that attacked government sites, defaced the home page of the University of Limpopo and released a trove of data belonging to students, according to Hackread.com.
The hackers later revealed themselves to be operating under the #OpAfrica banner. They released data containing exam and intranet files, the personal data of 16,000 university alumni, as well as the personal information contained in some 1,700 department faculty entries.
7. Property data breach
It has been called the biggest hacking scandal in the country's history: more than 30-million records and 2.2-million emails were published online, and discovered by an Australian web security expert Troy Hunt, who runs a data breach service called www.haveibeenpwned.com.
According to IOL, the data breach consisted of names, addresses, ID numbers, home ownership statuses, employers and more.
Tech Central later reported that the source of the leak was a real estate company in Pretoria called Jigsaw Holdings, which is a holding company for several real estate franchises. Jigsaw appeared to be hosting the personal data of millions of South Africans to provide a service to its clients, which include large real estate companies. Presumably, these companies would then use the data to vet potential clients.
It was estimated that the data could have been available online since 2015, and the Hawks' cybercrime division is investigating.
The personal data of nearly a million South Africans who used the website ViewFines to check for traffic fines was leaked in May this year. The data included personal information such as ID numbers, according to News24.
It emerged that the passwords kept on the site were in plaintext, and the operations manager of Aggregated Payment System (Pty) Ltd, Stephen Birkholtz told News24 that his was because when the site was created in 2006, this was sufficient.
However, in the light of the leak, security had beefed up, he reportedly said.
But in this case, to the relief of those using the site, Birkholz reportedly said there were no credit card, bank details of addresses stored on the website, and that it only informed people of where they could pay their fines.
The site is currently down. A message on its home page says:
"Please note that the system is currently offline while we upgrade the system with further security protocols."