SA's top military secrets stolen
Top secret information about how South Africa acquires its military equipment has been hacked in a breach of Armscor's computer systems.
The hack began on Sunday and ended on Tuesday. Sensitive tender information was stolen from Armscor computers and hidden in the internet's dark web.
The dark web is part of the World Wide Web but special software and expertise is needed to gain access to it. It is often used by criminals.
Armscor's objective, says its website, is to meet the needs of the defence force for equipment and technology, research, development, analysis, testing and evaluation.
The hacktivist group Anonymous posted pictures of its logo, a Guy Fawkes mask, on several Armscor internal computer systems.
Anonymous is an online activist group targeting governments and organisations it alleges are corrupt.
It has been suggested that the Anonymous hack attack on Armscor centres on the parastatal's involvement in the multimillion-rand leasing of a new jet for President Jacob Zuma, and its role in multibillion-rand arms procurement deals.
Armscor said the hack was "not serious".
Anonymous recently crashed the online presence of Zimbabwe's ruling Zanu-PF party after the government shut the country's internet access because of protests about public servants' pay and import restrictions.
The Armscor information was taken from its settlement and invoicing systems.
It relates to payments to international and local military manufacturing companies, such as Denel, Thales and Airbus.
According to an interview with Anonymous by Hackread.com, hackers stole passwords and identity details of nearly 20 000 Armscor suppliers, which can be used to allow people to represent themselves as suppliers or Armscor managers and log into Armscor systems.
The breach is, say cyber crime security experts, a sign of the increased sophistication of online attacks in South Africa.
Last year hackers stole 400GB of data from the police witness protection programme. There have been hacks of the Gautrain and Eskom computer systems.
Cyber security expert Danny Myburgh, of Cyanre, The Computer Forensic Lab, said the Armscor attack is "up there with some of the world's biggest hacks".
He said what could be done with the information depended on what it was.
"It could compromise strategic defence plans in terms of highly confidential tenders.
"On a scale of one to 10, with 10 being catastrophic, this is a 10."
He said of concern now would be what the hackers had left behind in terms of tampering with Armscor computer infrastructure.
"They might have left behind remote-controlled spyware and logic bombs — files that lie dormant until a timer instructs them to either delete databases or distribute further information.
"From what we know [about the passwords dump] anyone [with access to the dark web] can log into Armscor's computer systems with the required security credentials."
He said the information released could never be retrieved.
"It's clear that as organisations' security systems are strengthened, hacks become more sophisticated.
"Increased computer security systems are no longer deterrents."
Myburgh said the attack was like the Wikileaks dumps.
"It's not done for the money but for so-called ethical reasons to expose perceived injustices."
Cyber crimes expert Jacques van Heerden said this was the second recent cyber security breach against government departments.
He is investigating a breach of a government department in which information on employee salaries was stolen and the hackers threatened to make the data public.
Describing the Armscor breach, he said the hackers would have created a special database behind the Armscor website and used it to steal sensitive information from parastatals' databases, including security codes.
"This is not an entry-level hack. The expertise levels of hacks are increasing, especially as the commodity value of data increases."
He said South Africa's biggest IT security threat was its lack of IT security skills.
"I teach IT administrators how to prevent and protect their organisations from hacks, but unfortunately what they learn is not implemented because their companies simply don't understand IT security.
"These two attacks are just the tip of the iceberg in terms of what is occurring in South Africa."
Defence analyst Helmoed Heitman said military counter-intelligence experts would be involved in the investigation.
"This is concerning, but rather than being a strategic security threat, it appears to have caused more commercial and reputational damage."
He said investigators would have to work thoroughly to close weak points in Armscor's computer systems.
Armscor spokesman Lulu Mzili said the attack did not appear to be serious. "Our investigation will determine exactly what has been taken. The implications are still unknown. If the matter is really serious it will be escalated." — The Times