Cops lost whistle-blower
info
By Sapa | May 23, 2013 |
Information on crime
supplied by whistle-blowers was downloaded when the official SA Police Service
website was hacked into, Sita said.
The data is collected on
that public server. There was a little bit of an oversight, because it should
have been removed afterwards
The police website, like other government entities, is hosted by the
State Information Technology Agency (Sita).
Divisional head responsible for government solutions, Daniel Mashao,
said information posted by citizens alerting police about crime had been left
on the police site by mistake.
"The data is collected on that public server. There was a little
bit of an oversight, because it should have been removed afterwards," he
said in Pretoria.
"We increased the functionality (of the police website) to allow
people to be able to report further information. When we did that we should
have also decided to move it to the secure site."
The hacker reportedly performed a data dump on Friday when complainants
and whistle-blowers' details were downloaded from the SAPS website's e-mail
server and uploaded onto another site.
Mashao said the information obtained by the hacker comprised about
15,000 lines.
"Most of the information was submitted anonymously. We are
concerned because there is information (within the 15,000 lines) where people
have given (their) further details to say ‘I know about such and such (a
crime)."
Posting anonymously on social media, the hacker "DomainerAnon"
raised questions regarding the lack of arrests for the August 2012 shooting of
34 protesting mineworkers at Marikana mine in Rustenburg.
"To date no officers have been brought to justice.... This
situation will not be tolerated," the hacker posted on Twitter on Friday.
Sita executive for ICT services, MmakgosiMosupi, said the breach was
discovered on Monday.
She declined to give figures on the actual number of people whose details
were downloaded from the police website.
Media reports stated that nearly 16,000 whistle-blowers had their
personal details downloaded and published online after the cyber-attack.
The SA Police Service assured South Africans that information on crime cases
was not accessed during the cyber-attack on the police website.
SAPS divisional commander for technology management services, Lt-Gen
BonginkosiNgubane, said vital systems of the police were hosted at a secure
national key point, unlike the website.
Ngubane said the information which was obtained by the hacker was
already in the public domain. He said the hacking into the details left by
internet users was regrettable.
"It has to be emphasised the information on the website is in the
public domain. Until the information is picked up and a case is opened
(relating to crime details left by a user), that information will no longer be
in the public domain," he said.
"I really do not believe that the situation has gone out of hand.
The information (downloaded from the SAPS website) will have to be withdrawn
from the sites where it was illegally posted as soon as possible. We have
closed the leak on our site."
The crime intelligence unit was conducting an intensive probe into the
security breach, working with Sita.
