So there I was, enjoying my Monday at work (okay, so I was not enjoying it that much... I was more sliding into the week as slowly as possible) when all of a sudden an interesting thread pops up in South Africa`s most popular online forum, MyBroadBand.co.za):
http://mybroadband.co.za/vb/showthread.php/278603-Mweb-business-accounts-hacked?highlight=
The thread was about a major hack that happened to one of our largest ISP (Internet Service Providers) MWEB. The hack was posted on the security website Seclists.org which is part of Insecure.org. Both are security based websites.
Now there have being a couple of hacks lately so I was not at all surprised about this one. Sure it was a big hack but the data contained in it was not too sensitive. What caught my attention on this was in the different ways the big corporations that got hacked went about handling this.
Recently a major hosting company called Heztner was hacked in South Africa. Thousands of clients had to change tens of thousands of passwords after a major security breach at their company. The company was pretty responsible in its response. The first their clients knew of this was when Hetzner contacted their clients and informed them of the hack and what changes needed to happen. They explained how the hack happened and dealt with it maturely.
The way the Mweb hack was handled was terrible. The first Mweb Business customers heard of the hack was through the MyBroadBand thread linking back to Seclists.org. Mweb`s first reaction was to have the link removed. Then according to some MWEB users on the MyBB forums... access to Seclists.org was temporarily terminated. Shortly after that MyBroadBand released the first news article about the hack:
http://mybroadband.co.za/news/adsl/16073-MWEB-Business-ADSL-Hacked.html
Shortly after that NEWS24 (Napsters owns NEWS24 and MWEB) released a news report:
http://www.news24.com/SciTech/News/MWEB-hacked-20101025
However, this is where things go wrong. Duncan Alfreds interviews MWEB CEO Rudi Jansen about the hack and Rudi Jansen is less than honest about the hack. First off he tries deflection. In the News24 article you see him blaming Internet Solutions (one of MWEBs upstream bandwidth providers) , then the interview goes on where Rudi Jansen tries to speculate at the origin of the hacker. The hacker uses the word, "negroland" so Rudi`s assumption is that he must be American.
"These guys are linked to WikiLeaks and they just post things as they come - it's probably American."
Rudi does not stop there, he goes on to say that Seclists.org and hackers are associated with Wikileaks. This is absolutely not true. MWEB CEO Rudi Jansen lied. Its as simple as that. Seclists.org and Insecure.org are in no ways associated with Wikileaks.org. Why the lie Rudi? Why the attempt to blacken Wikileaks name at such a sensitive time?
Whats also interesting about the NEWS24 article is the downplaying of how many accounts were actually compromised. According to NEWS24 there were several accounts compromised and I quote:
"Cape Town - ISP MWEB has been hacked and the details of several of their business clients have been posted online."
What we see here is MWEB and NEWS24 being dishonest and trying to downplay the event. Its pretty clear by visitng the Seclists.org site showing the hack that it was not several accounts that were hacked, but several hundred:
http://goo.gl/ELIx
Well for me personally. I wont be using or recommending MWEB again. The whole way the handled this was dishonest and deceitful.
To my readers. Be careful of the company you trust with your personal data and be sure to research the integrity of Internet providers in South Africa. For the majority of them the bottom line is more important than honest.
UPDATE: It looks like one of the compromised accounts belongs to the South African National Defense Force:
"mweb-bussol-pta-279 () busdsl mweb net kyztrnvb s4096 Joint Operational HQ / SANDF"
