SAPA is reporting that the South African Police Service have yet to identify the hacker behind last month’s attack on a SAPS database which resulted in over 15 000 submissions to an online feedback form being published on the internet. Responding to a parliamentary question posted by Freedom Front Plus MP Anton Alberts, Police Minister Nathi Mthethwa told parliament that the investigation was still underway.
The hack was carried out by someone using the Twitter handle DomainerAnon and claiming to be part of the online group Anonymous – although other South Africans who claim to represent Anonymous disowned Domainer during a conversation with htxt.africa because they didn’t redact sensitive personal details submitted by innocent members of the public.
DomainerAnon claims to be in Australia, and their Twitter account is still very active.
While the attack was very serious, there has been a vast level of misunderstanding in the press as to exactly what was taken from the police site. Contrary to many reports, the leaked data wasn’t from the anonymous whistleblowers service Crime Line, but rather it came from the general comments feedback form here. Quite why SAPS included options to report child abuse and other crimes via this form is unknown, but many people had submitted their ID numbers and contact details in connection with very serious offences of a violent and sexual nature over a period of several years, as well as the praise or complaints about police behaviour for which it was intended.
The feedback form in question has since been taken down. A separate database of active officers addresses and cellphone numbers was also leaked at the same time. The State IT Agency (SITA) was responsible for maintaining and securing the site, which is still “best viewed in 1024×768” resolution and Internet Explorer 4, apparently.
According to The Star, in a written reply to Alberts yesterday Minister of Public Service and Administration, Lindiwe Sisulu, said: “After the attack, a team of experts were put together and the following actions were performed on the SAPS web server environment: security architectural review; security standards review; high-level vulnerability assessment on hosting infrastructure; technical assessment on SAPS website; and security configuration review for the firewalls.”