Cape Town - The City of Cape Town has scrambled to upgrade its cybersecurity after a “heightened number of cyber attacks”, causing its IT department to temporarily bar 231 councillors from accessing their work emails on their mobile phones.
City spokesperson Luthando Tyhalibongo on Friday said the City was forced to take action after the security breaches.
“Over the past few weeks, our Information Services and Technology Cybersecurity (IS&T) staff noted a heightened number of cyber attacks. We have, therefore, temporarily disabled access to email via unauthorised personal devices,” said Tyhalibongo.
“However, no emails, incoming or outgoing, have been stopped as users still had full access to their emails via their City-issued devices. Still, access via a mobile device was only impacted temporarily and has been fully restored. Once we completed our implementation of more stringent controls, normal access was again allowed from personal devices,” he said.
Who or what the cybercriminals exactly targeted remains unclear.
“It is not in the public’s interest to disclose detailed information about how the City secures its IS&T assets, as this will in itself expose the City to further attacks,” said Tyhalibongo.
City councillors told Weekend Argus they “were not even informed” of the cyber attacks.
“They didn’t tell us about the cyber attacks. We couldn’t access our mails on our phones. The IT guy plugged a weird cable into my PC to restore my access,” an insider said.
“I’ve been asked to update and restart my computer every 20 minutes for an hour. I assume that’s the security upgrades you’re talking about,” said another source.
Cape Town Mayor Geordin Hill-Lewis told Weekend Argus the public could rest assured, knowing their data was safe.
“No data was stolen. It ws just phishing scam attempts, but the system worked and stopped them,” said Hill-Lewis.
The ANC leader of the opposition in the City Council, Banele Majingo, called for action to be taken against those responsible with safeguarding residents’ data.
“Heads should roll because you can’t invest so much money protecting the system – which involves so many people and other assets of the City – and allow something like this to happen.
“I noted some glitches in work virtual meetings, too,” Majingo said.
“They’re very dishonest as well. If your publication (Weekend Argus) didn’t pick this up, they would have kept quiet.
“Nobody can hack your system just to scare you. There might have been something they were looking for. Some information might have been taken, for all we know,” he said.
The GOOD Party’s Brett Herron said the City’s leadership was obliged to inform ratepayers and residents whether their private and personal data had been accessed.
“The City holds all our data – our banking details, our addresses, our car registration details, our property ownership details.
“If we participate in public consultations, they have our contact details,” a perturbed Herron said.
“If we’re on the supply chain database as a supplier, they have our company data. If hackers have accessed any or all of that data, then the City’s leadership has a public duty and a legal obligation to inform us.
“If our data has been hijacked and is being held for a ransom, then all of our personal finances are at risk, and the City’s leadership needs to clarify that, too,” he said.
“The City should explain whether a hack and a ransom was on the risk register and what steps they took to mitigate that risk.”
On Friday morning, the City’s website was down, something it said had “nothing to do with security”.
“The City’s website was down for a short period of time (on Friday) morning, 11 November 2022, due to an internal technical issue. We can confirm that the website has been restored just after 10am. This is not unusual and has nothing to do with security,” said Tyhalibongo.
Statistics from WonderNet reveal that in 2021 an average of 97 South Africans fell victim to cybercrime every hour.
Tech expert and founder of World Wide Worx, Arthur Goldstuck, said: “Local authorities are the easiest targets because their defence is so weak … security tenders are being given to friends and then they can't properly implement security protocols.”
Goldstuck said hackers often targeted institutions to try to obtain data and make ransom demands.
“There are different types of attacks … they get in the system and steal data for identity theft or they encrypt data and demand a ransom,” Goldstuck said.
“Then you get a distributed denial of service (DDoS) attack. That involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.”
The South African Banking Risk Information Centre this week in a report decried the “limited capacity of the police to prevent, detect, investigate, and prosecute cybersecurity breaches” and urged the introduction of a “substantial investment” into online security.
Weekend Argus.