Hackers
steal SAPS whistle-blower info
Whistle-blowers' information on crime has been downloaded when the
official South African Police Service website was hacked into, says Sita.
The police website, like other government
entities, is hosted by the State Information Technology Agency (Sita).
Divisional head responsible for government
solutions, Daniel Mashao, said information posted by citizens alerting police
about crime had been left on the police site by mistake.
"The data is collected on that public
server. There was a little bit of an oversight, because it should have been
removed afterwards," he said in Pretoria.
"We increased the functionality [of the
police website] to allow people to be able to report further information.
When we did that we should have also decided to move it to the secure
site."
The hacker reportedly performed a data dump on
Friday when complainants and whistle-blowers' details were downloaded from the
South African Police Service website's email server and uploaded onto
another site.
Mashao said the information obtained by the
hacker comprised about 15 000 lines.
"Most of the information was submitted
anonymously. We are concerned because there is information [within the
15 000 lines] where people have given [their] further details to
say ‘I know about such and such [a crime]."
Hacker with a cause
Posting anonymously on social media, the hacker "DomainerAnon" raised questions regarding the lack of arrests for the August 2012 shooting of 34 protesting mineworkers at Marikana mine in Rustenburg.
Posting anonymously on social media, the hacker "DomainerAnon" raised questions regarding the lack of arrests for the August 2012 shooting of 34 protesting mineworkers at Marikana mine in Rustenburg.
"To date no officers have been brought to
justice ... This situation will not be tolerated," the hacker posted on
Twitter on Friday.
Sita executive for ICT services Mmakgosi
Mosupi said the breach was discovered on Monday.
She declined to give figures on the actual
number of people whose details were downloaded from the police website.
Media reports stated that nearly 16 000
whistle-blowers had their personal details downloaded and published online
after the cyber-attack.
The South African Police Service assured
South Africans that information on crime cases was not accessed during the
cyber-attack on the police website.
'Regrettable'
Police divisional commander for technology management services Lieutenant-General Bonginkosi Ngubane said vital systems of the police were hosted at a secure national key point, unlike the website.
Police divisional commander for technology management services Lieutenant-General Bonginkosi Ngubane said vital systems of the police were hosted at a secure national key point, unlike the website.
Ngubane said the information which was obtained
by the hacker was already in the public domain. He said the hacking into the
details left by internet users was regrettable.
"It has to be emphasised the information on
the website is in the public domain. Until the information is picked up and a
case is opened [relating to crime details left by a user], that information
will no longer be in the public domain," he said.
"I really do not believe that the situation
has gone out of hand. The information [downloaded from the SAPS
website] will have to be withdrawn from the sites where it was illegally
posted as soon as possible. We have closed the leak on our site."
The crime intelligence unit was conducting an
intensive probe into the security breach, working with Sita. – Sapa
