City of Joburg website security whistleblower responds

I'm sure the COJ already uses the best Sangoma in the business to protect their website from people altering query strings.

They have all their bases covered, it cannot possibly be their fault!

BWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!!!

Yea.. COJ is just passing the buck (nothing will happen because no hacking was involved)
 
COJ technically made the information freely available by not securing their site! - ergo it did not require a hacker to access it

they should of posted a warning saying: "DUE TO OUR INCOMPETENCE - OUR SITE IS EASILY HACKED! - PLEASE DO NOT HACK US!"
 
It's clearly the dev house convincing CoJ of the supposed hack to save face and save/retain business...
 
When will the COJ be sued for this breach?It should be the other way round.
 
Something is not right. Been in contact with Hillbrow SAPS a couple of times this morning. They cannot find any case reported by the COJ in terms of the ECT act. They had 3 computer crime-related cases the past 2 weeks, but none of them were reported by the COJ or are remotely connected with this incident. The detective branch also has nothing. The commercial branch in Johannesburg has no case with them either, but do know about the incident and have been waiting for the case docket.

So, unless the COJ perhaps gave the case docket to a police officer who are still driving around and forgot to register it, I think they have not yet opened a criminal charge.
 
Wouldn't surprise me at all. All that thunder from CoJ was nothing more than small boys' farts in a room full of adults.
 
So, unless the COJ perhaps gave the case docket to a police officer who are still driving around and forgot to register it, I think they have not yet opened a criminal charge.

That's exactly what I was implying in my earlier post. It's unlikely that anything was filed, they're just covering up.
 
COJ web admins: malicious hacking robots have stolen all the invoices and all the pin numbers and are holding them hostage on Google's website, but don't worry only people's names and addresses and how rich they are were exposed (only house robbers and fraudsters want that sort of information), no personal information was ever available

COJ managers: eish these robots are always causing problems, what is the address of these robots?

CoJ web admins: after extensive investigations we have concluded that the IP address used by these malicious hacker robots is 127.0.0.1.

CoJ managers: eish that is a strange address but if the Metro Police get lost looking for these robots there are lots of taxi drivers they can drag the directions out of

FIFY.
 
The City of Joburg (COJ) said on Monday that it has opened a criminal case at the Hillbrow police station against the person who “hacked into its billing system” last week.

“Criminal acts of this nature will not go unpunished and the city intends to send out a strong message that a deliberate and malicious breach of this nature will not be tolerated,” said spokesman Gabu Tugwana.
Bloody politician with his cheap talk
 
BSv3E9rCIAAbZFq.png

lol from MagicDude4Evas Twitter (@gerdnaschenweng)
 
I also re-tweeted an easy guide for HTTP-status codes the other day:

HTTP status ranges in a nutshell (handy for anyone hosting a web-server):

1xx: hold on
2xx: here you go
3xx: go away
4xx: you ****ed up
5xx: I ****ed up
 
http://www.itweb.co.za/index.php?op...e&id=66979:No-one-charged-in-COJ-billing-case

The City of Johannesburg (COJ) says the criminal case it has opened with the police after its online system was breached is not against a specific individual, and it is up to the prosecutor to decide if anyone should be charged.

Last week, it was revealed that the COJ's online services system, which allows residents to view their account statements online, also allows residents' names, addresses, account numbers, PIN codes and financial details to be available to anyone with an Internet connection. The flaw was revealed by Bid or Buy CTO Gerd Naschenweng.
COJ spokesperson Nthatisi Modingoane says the city became aware of the security flaw after it was reported in the media. "As such, the city immediately conducted investigations and found there had been numerous unauthorised downloads by persons other than the account-holders. As a precaution, the city immediately shut down the Web site."

Mondingoane reiterated that at no stage was any of the city's residents' personal information compromised. "The information that was accessed was not from the transactional engine of the billing system of the City of Joburg and the perpetrators were not able to transact on any of the information they have accessed."

As to whether the flaw was not merely a simple security oversight, Modingoane says the city believes that offences had been committed under the Electronic Communications and Transactions Act relating to unauthorised access or access without permission, as well as assisting others to gain access. "The City of Johannesburg has an obligation to protect its citizens and will let the law take its course," he says.


Meanwhile, whistleblower Naschenweng has appointed a legal team as a precautionary measure. "[I appointed lawyers] to protect my rights. Although I have not been named by the COJ or media, this has been implied in various ways since I attempted to notify COJ about the security issues and data-leaks on their Web site," says Naschenweng.

He says the COJ has been informed of his legal representation. "We have also offered to assist the COJ if necessary to resolve their issues and consult with their IT team in order for COJ to fix the security flaw."
However, says Naschenweng, to date neither he nor his legal team have received any correspondence from the city. "I still maintain that allegations of the COJ Web site being ‘hacked' and that no ratepayer information was compromised is incorrect."

Modingoane confirmed the city's online system is still down, and was unable to indicate when it is expected be back up again.

"The security of the city's IT systems is of utmost importance. The system can only be restored when the city is satisfied that there are no security concerns. The city is working around the clock and will keep the residents informed of the development."

The City of Johannesburg has an obligation to protect its citizens

But it didn't.
 
Top
Sign up to the MyBroadband newsletter