SAPS website hack: DA blows a gasket

“It is beyond belief that 16,000 whistle-blowers are today in fear for their lives because the SAPS promises of anonymity are worthless,” Dianne Kohler Barnard, DA Shadow Minister of Police wrote on Thursday (23 May 2013).

This followed a recent leak by an Anonymous hacker going by “Domainer”, who published just under 15,800 comments obtained from the database of the South African Police Service (SAPS) website.

Some of these records contained the ID numbers, full names, and contact information of people who used the feedback feature on the SAPS website.

A subset of the comments with personally identifying information described criminal activity, naming people and places where they might be occurring.

Sensitivity of leaked data downplayed

In an interview with MyBroadband and in responses to critics on Twitter, Domainer has downplayed the concerns over the safety of so-called whistle-blowers whose information was leaked.

The SAPS also told press that the hacker didn’t access truly confidential information as criminal and case data are stored in a completely separate location from the website.

“I laughed when I was accused of ‘blowing’ covers of so-called whistle-blowers,” Domainer said. “I read one e-mail which complained to the police of their lack of service. Another mail reported their missing cat!”

Compromising information

Domainer’s examples aren’t representative of the entire body of data released, however.

MyBroadband forum member, David Viaene, has posted a few (censored) examples on his blog of messages posted by people who were under the impression that they were giving the police tip-offs through a secure channel.

The above person is a prostitute who will be travelling with 2 men between Johannesburg, South Africa and CENSORED. She is a drug mule and will be carrying a large amount of cocaine. This will happen within the next 30 days. Her ID number is CENSORED.

There’s a gentleman staying in CENSORED who sells drugs. Mostly dagga and cocaine. He runs CENSORED and also trains kids at his house. His name is CENSORED. ADDRESS CENSORED his phone number is CENSORED

Drugs is being sold from this address from the CENSORED in the back yard at this address. the suspect is also known to walk around with a fire arm a 38 special revolver.tik,dagga and heroin are his drugs that he sell to the young people of the area

On the above mentioned date my younger sister age 16 was nearly rape and she was rescured by member of the public, when we went to the police station to open a case of attempted rape constable CENSORED and her superior inspector CENSORED told us that there was no panty torn so there is no way they can open a case,

The above examples show that there is information which might endanger the very people who sought to inform the police of possible criminal activity mixed in among the more mundane messages highlighted by Domainer.

When challenged about their statement regarding the data that was leaked the State Information Technology Agency (SITA), who is responsible for the SAPS website, conceded that there was an oversight on their part and admitted that leaked reports such as those above are of concern.

Diane Kohler Barnard
Diane Kohler Barnard

Isn’t it bad enough?

Barnard has, quite understandably, called for the SAPS to protect those whose personally identifying information may be linked to messages such as those above.

Along with it, however, she has also taken the extreme opposite stance to the hacker in claiming that every single one of the almost 15,800 comments leaked corresponds to a so-called whistle-blower.

Even when presented with the facts as they were known at the time, Barnard declined to amend her statement.

It is bad enough that the ID numbers, full names, and contact numbers of the thousands who chose to give it to the police were so easily obtained by Domainer.

This data on its own is a treasure trove for identity thieves and SIM swap scammers, given the feedback from Absa to questions about the recent spate of Internet banking fraud.

When one adds to this that hundreds of these people may have posted information that could place them at physical risk, that should be enough to evoke fury.

There is no need for Barnard to exaggerate the numbers. The situation is bad enough as it is.

Personal info exposed through SA bill website

SAPS website hacker interviewed

No confidential data leaked in website hack: SAPS

SAPS website hacked, sensitive info leaked: reports

Spyware servers in South Africa: the plot thickens

How scammers hack your bank account

Latest news

Partner Content

Show comments


Share this article
SAPS website hack: DA blows a gasket