/ 8 March 2019

Matjila on a witch-hunt

A former executive told the commission of inquiry into the PIC that Dan Matjila had hired a cybersecurity company
A former executive told the commission of inquiry into the PIC that Dan Matjila had hired a cybersecurity company, which had tried to hack into the entity’s IT system. (David Harrison/M&G)

Former Public Investment Corporation (PIC) chief executive Dan Matjila turned the organisation inside out with his single-minded attempts to uncover “James Nogu”, the anonymous whistle-blower who accused him of corruption.

Giving testimony at the commission of inquiry looking into issues of PIC impropriety, former IT executive Vuyokazi Menye described how Matjila stopped at nothing in his witch-hunt.

“Hacked by our own people, our systems have been hacked by our own,” a furious Matjila told executives in a meeting shortly after the Nogu emails surfaced.

In the main, Matjila was accused of corruptly providing R21-million in PIC funding to MST, a company operating mobile medical and educational units, which was linked to an alleged girlfriend. Matjila has denied a relationship with the woman.

Nogu also claimed Matjila had asked a recent beneficiary of PIC funding to help the woman with R300 000.

A forensic investigation by advocate Geoff Budlender found that proper processes were followed for the MST loan but Matjila had acted inappropriately when he facilitated the R300 000 payment.

Matjila told Budlender that he had felt pressured to assist the woman after the former state security minister, David Mahlobo, had asked him to.

Menye said corporate governance specialist Deon Botha had told Matjila that he did not think the emails were the result of a hack, although it might have appeared to be so because the person sending the emails had the information about MST.

She said she also clarified in the meeting called by Matjila that the PIC’s systems do not store personal information about girlfriends and their financial problems.

“I indicated that the information that was contained in the email by the looks of things appeared to come from someone who has been drinking from the same cup and eating from the same plate with Dr Dan,” Menye said.

Matjila appointed forensic investigators Naledi Advisory Services to investigate the presumed leaks. He also appointed information and telecoms company BCX and information security firm Sensepost to conduct an information security assessment of the PIC.

Menye said, at an introductory meeting arranged by then chief financial officer Matshepo More with BCX project leader Eric McGee and two Sensepost representatives, McGee could not say what procurement process was followed when they were appointed and whether they had been vetted.

At the same meeting, she learnt that Sensepost had attempted to hack into the PIC’s IT systems on instruction from Matjila and More, which she found “seriously concerning” because, as the IT head, she was not informed about this and the attempted hack exposed the PIC’s systems to risk.

When Menye raised her concerns with Matjila by email, he arranged a meeting with her the next day, at which he told her “the information security assessment was an instruction of the board”.

He told her not to communicate with him by email but rather in meetings or telephonically.

Menye said Matjila exposed the PIC to further risks when he granted permission for an investigator from Naledi to have an email account with “super-admin rights”.

Another witness described the rights as “keys to every lock to the PIC’s email system”.

Menye added that she was shocked to learn from the company that hosts the PIC’s web server that Matjila had created the account for the purpose of “spying” on her and other executives — Paul Magula, Bongani Mathebula, Pamela Phala and Lufuno Nemagovhani.

She told Matjila that he was in serious breach of IT governance at the PIC and that the recent decisions he had made about the IT department without consulting her or her team were also concerning. “He responded by saying PIC is his organisation and he will do as it pleases him.”

Menye told the commission that the companies were clearly appointed to identify the whistle-blower, which was contrary to PIC policy, which calls for the protection of whistle-blowers, as well as the Prevention and Combating of Corrupt Activities Act and the Protected Disclosures Act, which protects whistle-blowers.

Tebogo Tshwane is an Adamela Trust business journalist at the Mail & Guardian