While writing this I am honestly shocked. Lieutenant General Bonginkosi Solomon Ngubane of the South African Police Service (SAPS) as come out and (what looks like)...directly lied to the public of South Africa. I am using harsh words like, "lie" because this is something I can directly and empirically prove.
Mr Ngubane tries to pretend the data is not sensitive by saying:
UPDATE: Annelize van Wyk Parliament's Police portfolio Committee Acting Chairperson has since responded to this article:
First some context. Yesterday I wrote about the hacker @DomainerAnon hacking the SAPS website. At the time the hacker thought he was just going after SAPS data but he inadvertently dumped a lot of sensitive whistleblower information which has put the lives of many innocents at risk.
So this afternoon I am busy reading my news feeds and a headline comes up stating that Lieutenant General Bonginkosi Solomon Ngubane of the South African Police Service has said that no sensitive data was leaked. I will quote verbatim from the popular MyBroadBand website:
“No criminal information or case information was compromised at all,” Lieutenant General Bonginkosi Solomon Ngubane told journalists."
Anyone with half a technology wit can prove that Mr Ngubane is misrepresenting the truth. Let me make the case. I have visited one of the mirrors where the hacked data is stored and will quote some heavily retracted comments from it.
The above person is a prostitute who will be travelling with 2 men between Johannesburg, South Africa and CENSORED. She is a drug mule and will be carrying a large amount of cocaine. This will happen within the next 30 days. Her ID number is CENSORED.
There's a gentleman staying in CENSORED who sells drugs. Mostly dagga and cocaine. He runs CENSORED and also trains kids at his house. His name is CENSORED. ADDRESS CENSORED his phone number is CENSORED
Drugs is being sold from this address from the CENSORED in the back yard at this address. the suspect is also known to walk around with a fire arm a 38 special revolver.tik,dagga and heroin are his drugs that he sell to the young people of the area
On the above mentioned date my younger sister age 16 was nearly rape and she was rescured by member of the public, when we went to the police station to open a case of attempted rape constable CENSORED and her superior inspector CENSORED told us that there was no panty torn so there is no way they can open a case,
All the quotes above represent but a tiny portion of the 16 000 reports and complaints of the hacked database. All the records come with additional information like telephone numbers, addresses and ID numbers (which for obvious reasons I have not included).
Mr Ngubane tries to pretend the data is not sensitive by saying:
Furthermore, the information that was accessed was the following;
o Information that is published usually, and
o Names and contact details of divisions and provinces, which is made public on the website in any case.
It does not take a rocket scientist to see that Lieutenant General Bonginkosi Solomon Ngubane is deceiving the public about the scope of the hack. A lot of very sensitive information was released and I would assume that in the 16 000 records... more than a few of those are open criminal investigations.
I have lost a lot of faith in the South African Police Force since this incident. An investigation into the SAPS and their inability to protect sensitive data should be started immediately.
UPDATE: The hacker has since read this article and responded with;
UPDATE: The hacker has since read this article and responded with;
@safrikaan and I thoroughly agree with your article...
—Domainer V2 (@DomainerAnon) May 22, 2013
UPDATE: This is the full press released by SAPS
MEDIA STATEMENT MEDIA STATEMENT ISSUED BY THE DIVISIONAL COMMISSIONER OF TECHNOLOGY MANAGEMENT SERVICES, LIEUTENANT GENERAL BONGINKOSI SOLOMON NGUBANE ALLEGED HACKING OF THE WEBSITE OF THE
SAPS At about 10:00 on Tuesday, 21 May 2013, the State information Technology Agency (SITA) informed the SAPS that the website of the SAPS had been breached and that information had been obtained unlawfully.
SITA hosts and manages the website of the SAPS separately from the rest of the corporate systems of the SAPS. For this reason, no criminal information or case information was compromised at all. In fact, the corporate systems of the SAPS are hosted in a building in the Pretoria CBD, while the website of the SAPS is hosted in the data centre of SITA in Centurion. They are, therefore, hosted in completely different buildings with no link between the two.
The SAPS can state that no case information or classified information was compromised as this information resides in the mainframe systems of the SAPS, which is hosted separately from the website.
The SAPS has made a facility available on the website where a person may log a request to be addressed by a specific station or division or merely give a compliment. The person may log the request either with a name and contact detail or anonymously, depending on his/her choice. The persons who submitted their names and contact details made it available in order for a representative of the SAPS to contact them. This list was also available for the people who hacked into the website.
SITA has since addressed the security on the above details.
Furthermore, the information that was accessed was the following;
o Information that is published usually, ando Names and contact details of divisions and provinces, which is made public on the website in any case.
Hacking the website of the SAPS will always be a matter that the hacker community will strive to achieve and therefore the website of the SAPS and the corporate systems of the SAPS are hosted on completely different networks and therefore no corporate information of the SAPS will be compromised if and when the website is accessed unlawfully.
UPDATE: Annelize van Wyk Parliament's Police portfolio Committee Acting Chairperson has since responded to this article:
@safrikaan Thanks David - I agree with your article and believe SAPS should do something about their security as well.
— Annelize van Wyk (@annelizevanwyk) May 22, 2013
