State departments easily infiltrated

Published Mar 2, 2015

Share

Johannesburg - A document posted on Al Jazeera’s Spy Cables website shows just how vulnerable government departments are to both foreign intelligence threats and criminal syndicates.

In the document, entitled “Security vulnerabilities in Government October 2009”, it seems obvious that government institutions need to beef up their internal security measures.

The security deficiencies make state departments vulnerable to fraud and corruption, and worse, to espionage and malicious infrastructure disruption, the document said.

Some of these deficiencies were: insufficient lock-up facilities to store classified information, no control measures for the destruction of classified documents, limited vetting of senior officials, no encryption facilities on landlines or cellphones, a general lack of skilled personnel to implement and maintain effective information and communications technology, and no password protection on laptop computers.

The report said prospective job applicants in the public sector were not properly screened and foreigners were being appointed in sensitive positions, without the required security clearances. It also said private security companies, many of whom have connections with foreign intelligence services, were recruiting former intelligence members.

“There is a proliferation of private security and intelligence companies who provide services, and thereby have access, to sensitive government, parastatals and private institutions… At present these private intelligence organisations and groups sell their services to whoever is willing to buy them. Apart from possible access to sensitive information, those involved in physical security have access to CCTV footage,” the report said.

While the document indicates that the biggest threat was espionage from foreign intelligence services, criminal syndicates had made certain departments the target of the actions.

Some of these cases were in:

* The former Department of Foreign Affairs’ (DFA) investigation - operation Phantom - a scam involving unauthorised access to and fraudulent access to ICT systems to register ghost workers on the DFA system, whereby the state was defrauded of millions of rand. Since then, numerous similar cases had been reported.

* Gauteng Shared Services Centre (GSSC). In June 2009, a security breach occurred where 15 people intended to defraud the GSSC. Five were GSSC employees. The plot included the unobtrusive, remote accessing of the Basic Accounting System, which processed all the payments in Gauteng.

* Department of Public Enterprises (DPE) in April 2009. A forensic analysis conducted by the National intelligence Agency on a laptop of a DPE official revealed the presence of eight malicious software applications downloaded that constituted a threat not only to optional functioning of business processes, but also to the intellectual property residing in the department as it related to parastatals such as Eskom, Denel, South African Airways and Transnet.

* Department of Sport and Recreation. An employee tried to fraudulently transfer R13 million into his personal bank account. The systems time-delay default prevented the transmission of the full amount, resulting in only R955 000 being transferred successfully.

* Companies and Intellectual Property Registration Office (Cipro). A two-year investigation revealed widespread corruption in Cipro.

One incident involved the fraudulent utilisation of Cipro’s website by unidentified syndicates, assisted by Cipro employees, who set up and/or registered duplicate or counterfeit companies.

In some instances, directors of companies are fraudulently replaced by individuals using stolen identities. The duplicate companies or fake directors are then used to reroute money in-tended for the legitimate company by informing clients the bank details had been changed. A total of 114 companies were set up.

* Civil Aviation Authority. The August 2009 theft of pilot exam papers through unauthorised electronic access was another security breach.

[email protected]

The Star

Related Topics: