2016 was a big year for information security in South Africa. Hacktivists Anonymous took an interest in the country after launching #OpAfrica, aiming to draw attention to child labour and Internet censorship on the continent. It was also a year with security stories which would make several good movies, complete with the ruler of a drug empire who was also a hacker.
Below are South Africa’s biggest security stories of 2016.
Hackers from Anonymous announced Operation Africa at the start of 2016. “The focus of the operation is a disassembly of corporations and governments that enable and perpetuate corruption on the African continent,” it said. Anonymous hacked an old GCIS database and dumped the usernames and passwords it contained online.
The passwords were weighed, measured, and found wanting. A different Anonymous hacker also attacked and defaced thousands of websites hosted on Webafrica’s shared hosting infrastructure. Several other websites were also hacked, including a Water Affairs site and the website of Armscor.
Anonymous denial-of-service attacks
A separate Anonymous operative – @zim4thewin on Twitter – also launched a series of DDoS attacks against South African websites this year. Targets included the SABC, the EFF, and several Gupta-owned properties: ANN7, The New Age, and Sahara. Vox Telecom said it was able to mitigate the 2Gbps – 10Gbps attack levelled at the ANN7 website.
Kudos to the folk at datapro, they are mitigating a huge attack!
South Africans compromised in Brazzers hack
Porn site Brazzers was hacked and the details of almost 800,000 user accounts were leaked in 2016. Of these, 519 contained email addresses from South African domains – with four South African government departments listed.
Websites leaking private data
A flaw in MTN’s website caused subscribers’ bills to be visible to one another this year. The eThekwini municipality website also slipped up, leaking street addresses and ID numbers for all to see.
Standard Bank ATM fraud in Japan
About 100 people used forged Standard Bank credit cards to withdraw ?1.8bn from 1,400 ATMs in Tokyo and other areas in Japan in under three hours. No customers suffered financial losses as a result of the “sophisticated, coordinated fraud incident,” said Standard Bank.
New biometric standard for card payments
The Payments Association of South Africa (Pasa) launched a national biometric standard for card payments in 2016.
An FNB and MTN client was defrauded out of R200,000 after criminals performed a SIM-swap this year. The Hawks also stated it was investigating a criminal syndicate which had infiltrated mobile operators, while a woman took legal action against Vodacom and ABSA to get information on who was responsible for a R2-million SIM-swap fraud incident on her account.
Hacked South African servers for sale
Access to compromised South African servers was found in the xDedic marketplace and South African IPs were implicated in attacks launched from vDOS – a distributed denial of service platform for hire.
The drug-dealing, briefly-South-African crypto king
After hearing the story of Paul le Roux, you would be forgiven for thinking he was a villain from a James Bond movie. Called “probably the most dangerous man in the world”, Le Roux comes complete with a tenuous link to Edward Snowden through TrueCrypt, software he was rumoured to have a hand in.
He was also charged for international gun running and murder.
- ^ Anonymous hacked an old GCIS database (mybroadband.co.za)
- ^ and found wanting (mybroadband.co.za)
- ^ attacked and defaced thousands of websites (mybroadband.co.za)
- ^ Water Affairs site (mybroadband.co.za)
- ^ Armscor (mybroadband.co.za)
- ^ SABC (mybroadband.co.za)
- ^ EFF (mybroadband.co.za)
- ^ ANN7, The New Age, and Sahara (mybroadband.co.za)
- ^ mitigate the 2Gbps – 10Gbps attack (mybroadband.co.za)
- ^ https://t.co/GE8yXL7V66 (t.co)
- ^ #Gupta (twitter.com)
- ^ June 15, 2016 (twitter.com)
- ^ Porn site Brazzers was hacked (mybroadband.co.za)
- ^ A flaw in MTN’s website (mybroadband.co.za)
- ^ eThekwini municipality website also slipped up (mybroadband.co.za)
- ^ R300m ATM fraud hit in Japan (mybroadband.co.za)
- ^ defrauded out of R200,000 (mybroadband.co.za)
- ^ criminal syndicate which had infiltrated mobile operators (mybroadband.co.za)
- ^ R2-million SIM-swap fraud (mybroadband.co.za)
- ^ xDedic marketplace (mybroadband.co.za)
- ^ vDOS (mybroadband.co.za)
- ^ Paul le Roux (mybroadband.co.za)