Durban- Cyber-security experts have raised concerns at the lack of security measures on government websites in the wake of a cyber attack on the official Presidency website at the weekend.
Pieter Erasmus, an information technology security specialist, said if it was so easy to attack a website like that of the Presidency then one had to ask about other computer systems that contained sensitive information.
Reputational damage was another aspect that needed to be considered. Erasmus said people would think twice before they shared information with government entities online. Citing the example of the hacking of Liberty Life which compromised its clients’ sensitive information, he said it would take a long time to regain the clients’ trust.
Another problem was that some of the websites used basic “out of the box” templates and these platforms were not regularly updated, he said.
To crack the websites, hackers often used vulnerabilities that were posted on the dark web, Erasmus said. South Africa was not a big target for hackers currently, but this could change depending on the country’s policies.
According to Independent Online, the Presidency’s website was hacked on Saturday by an unknown group who posted: “Hacked by Black Team. Sahara is Moroccan. And Morocco is ur Lord!”.
South Africa has in the past had frosty relations with the Maghreb region country over the Western Sahara which Pretoria recognised as an independent state and Morocco claimed was a part of the country. Relations have recently thawed between the countries.
There have been previous hacks of government websites. Last year, the departments of Education and Home Affairs were attacked.
The Home Affairs attack exposed the data of more than 30 million South Africans.
Professor Basie Von Solms, director of the Centre for Cyber Security at the University of Johannesburg, said websites such as that of the SAPS had been hacked and sensitive information, including that of whistle-blowers, had been compromised.
He said the cybercriminals were getting more advanced and had all the time in the world to find ways to hack websites. There were always vulnerabilities in software.
“You will be hacked,” Von Selms said.
He said there were two types of organisations - those who knew they were hacked and others who did not.
“What could help was the implementation of the Protection of Personal Information Act which required organisations to put in measures that would ensure people’s data is kept safe and follow international best practices,” he said.
One of the measures to secure data would be to ensure that data be stored away from the website.
Juan Furmie, co-founder of ThisIsMe which provides data verification services, felt there should be announcements when data breaches were made.
He said it was fortunate that there was not a large amount of sensitive information on the presidency’s website.
“However, it could easily have been much more serious, if a site containing sensitive information was hacked or they left a message impersonating the president which caused an international political scandal,” he said.