/ 22 May 2013

Hackers steal SAPS whistle-blower info

Hackers Steal Saps Whistle Blower Info

The police website, like other government entities, is hosted by the State Information Technology Agency (Sita).

Divisional head responsible for government solutions, Daniel Mashao, said information posted by citizens alerting police about crime had been left on the police site by mistake.

"The data is collected on that public server. There was a little bit of an oversight, because it should have been removed afterwards," he said in Pretoria.

"We increased the functionality [of the police website] to allow people to be able to report further information. When we did that we should have also decided to move it to the secure site." 

The hacker reportedly performed a data dump on Friday when complainants and whistle-blowers' details were downloaded from the South African Police Service website's email server and uploaded onto another site.

Mashao said the information obtained by the hacker comprised about 15 000 lines.

"Most of the information was submitted anonymously. We are concerned because there is information [within the 15 000 lines] where people have given [their] further details to say ‘I know about such and such [a crime]." 

Hacker with a cause
Posting anonymously on social media, the hacker "DomainerAnon" raised questions regarding the lack of arrests for the August 2012 shooting of 34 protesting mineworkers at Marikana mine in Rustenburg.

"To date no officers have been brought to justice … This situation will not be tolerated," the hacker posted on Twitter on Friday.

Sita executive for ICT services Mmakgosi Mosupi said the breach was discovered on Monday.

She declined to give figures on the actual number of people whose details were downloaded from the police website.

Media reports stated that nearly 16 000 whistle-blowers had their personal details downloaded and published online after the cyber-attack.

The South African Police Service assured South Africans that information on crime cases was not accessed during the cyber-attack on the police website.

'Regrettable'
Police divisional commander for technology management services Lieutenant-General Bonginkosi Ngubane said vital systems of the police were hosted at a secure national key point, unlike the website.

Ngubane said the information which was obtained by the hacker was already in the public domain. He said the hacking into the details left by internet users was regrettable.

"It has to be emphasised the information on the website is in the public domain. Until the information is picked up and a case is opened [relating to crime details left by a user], that information will no longer be in the public domain," he said.

"I really do not believe that the situation has gone out of hand. The information [downloaded from the SAPS website] will have to be withdrawn from the sites where it was illegally posted as soon as possible. We have closed the leak on our site."

The crime intelligence unit was conducting an intensive probe into the security breach, working with Sita. – Sapa