Biggest security news in South Africa in 2016
2016 was a big year for information security in South Africa.
Hacktivists Anonymous took an interest in the country after launching #OpAfrica, aiming to draw attention to child labour and Internet censorship on the continent.
It was also a year with security stories which would make several good movies, complete with the ruler of a drug empire who was also a hacker.
Below are South Africa’s biggest security stories of 2016.
#OpAfrica hacks
Hackers from Anonymous announced Operation Africa at the start of 2016.
“The focus of the operation is a disassembly of corporations and governments that enable and perpetuate corruption on the African continent,” it said.
Anonymous hacked an old GCIS database and dumped the usernames and passwords it contained online. The passwords were weighed, measured, and found wanting.
A different Anonymous hacker also attacked and defaced thousands of websites hosted on Webafrica’s shared hosting infrastructure.
Several other websites were also hacked, including a Water Affairs site and the website of Armscor.
Anonymous denial-of-service attacks
A separate Anonymous operative – @zim4thewin on Twitter – also launched a series of DDoS attacks against South African websites this year.
Targets included the SABC, the EFF, and several Gupta-owned properties: ANN7, The New Age, and Sahara. Vox Telecom said it was able to mitigate the 2Gbps – 10Gbps attack levelled at the ANN7 website.
https://twitter.com/zim4thewin/status/743038589039222784
South Africans compromised in Brazzers hack
Porn site Brazzers was hacked and the details of almost 800,000 user accounts were leaked in 2016.
Of these, 519 contained email addresses from South African domains – with four South African government departments listed.
Websites leaking private data
A flaw in MTN’s website caused subscribers’ bills to be visible to one another this year.
The eThekwini municipality website also slipped up, leaking street addresses and ID numbers for all to see.
Standard Bank ATM fraud in Japan
The Japan News reported that a Standard Bank computer system was hacked in a R300m ATM fraud hit in Japan.
About 100 people used forged Standard Bank credit cards to withdraw ¥1.8bn from 1,400 ATMs in Tokyo and other areas in Japan in under three hours.
No customers suffered financial losses as a result of the “sophisticated, coordinated fraud incident,” said Standard Bank.
New biometric standard for card payments
The Payments Association of South Africa (Pasa) launched a national biometric standard for card payments in 2016.
Pasa said the standard, developed in partnership with MasterCard and Visa, was the first of its kind.
SIM-swap fraud
An FNB and MTN client was defrauded out of R200,000 after criminals performed a SIM-swap this year.
The Hawks also stated it was investigating a criminal syndicate which had infiltrated mobile operators, while a woman took legal action against Vodacom and ABSA to get information on who was responsible for a R2-million SIM-swap fraud incident on her account.
Hacked South African servers for sale
Access to compromised South African servers was found in the xDedic marketplace and South African IPs were implicated in attacks launched from vDOS – a distributed denial of service platform for hire.
The drug-dealing, briefly-South-African crypto king
After hearing the story of Paul le Roux, you would be forgiven for thinking he was a villain from a James Bond movie.
Called “probably the most dangerous man in the world”, Le Roux comes complete with a tenuous link to Edward Snowden through TrueCrypt, software he was rumoured to have a hand in.
He was also charged for international gun running and murder.