City of Joburg hacking: How it happened
Share this article:
Johannesburg - The City of Joburg has stated that they constantly upgrade their system to strengthen it but "something unfortunately went wrong" this time and hackers accessed it on Thursday.
The City was forced to shut their network after it was hacked, leaving millions of Joburgers unable to pay their bills, query them or even make inquiries about their water and electricity consumption.
They had to shut down the website too.
Spokesperson Nthatisi Modingoane said the hacking was done at user level and that hackers did access applications where critical information is stored.
"We realised that something was wrong when one employee's computer's screen turned blue on Thursday afternoon. She tried to refresh and reboot the computer and then her neigbours screen also turned blue as well as other people's.
"We quickly spotted that we were being hacked and shut down the system. The target was at user level which means everything in people's computers was corrupted.
"We are yet to check if people lost their documents in the process."
Modingoane said there have been speculations as to who the hackers were and that we rumours that they had wanted bitcoin as ransom.
"Speculations are that they are from Europe and that they demanded ransom but there has been nothing formal to confirm that and I don't want to entertain these rumours.
Modingoane said they were investigating those allegations and the plan was to have the system up and running over the weekend and stablise them.
So far, he said Thuso House in Braamfontein was already up and running but systems in other regions were still down.
Modingoane said the latest incident did not mean that their security was lax despite the fact that City Power was also attacked by a virus three months ago.
"We constantly upgrade pour stems unfortunately something went wrong this time. We will look at tightening the system. Engineers have been at work since yesterday, people did not sleep," he said.
According to Anna Collard, Managing director from at Popcorn Training, a company that created security awareness content security breaches occur on a regular basis and while large ones hit the headlines, small ones are continuous like a dripping tap.
She said the full scale of these breaches could not be fully appreciated until looked at in totality as this breach shows.
"For companies of all sizes, having good security control is absolutely vital. For the most part, this would mean having the fundamental security controls which can prevent, protect, and respond to threats. Beyond that, companies should look at what the biggest threats to them are, and how those threats materialise.
In the majority of cases, this will boil down to social engineering attacks, taking advantage of unpatched sofware, or authentication attacks. By investing in these controls, most companies can reduce the likelihood of being successfully compromised," Collard said.