Shadow Kill Hackers, the group which has claimed responsibility for the attack on City of Joburg’s computer systems, has stated that it was not involved with the DDoS attack on South African banks.
The group also responded to reports that it may be bluffing about exfiltrating sensitive data from the City of Joburg’s servers.
“Well, we have read some of the news. Many lies. They say no data compromised, yes we DO have their sensitive finance data offline,” Shadow Kill Hackers said in a post on Twitter.
“We did not hacked your website, we just turned it’s DNS off lol from internal server lol.”
The attack on City of Joburg’s systems caused a media storm this week when news emerged that South African banks had also been targeted by an attack.
The South African Banking Risk Information Centre (SABRIC) later revealed that banks were targeted by distributed denial of service (DDoS) attacks, and were not hacked.
DDoS attacks refer to flooding a network or computer with junk traffic, causing them to appear offline to the rest of the Internet.
South African banks have mitigated the effects of the DDoS attacks, and emphasised that they suffered no security breach.
Standard Bank, Capitec, Absa, and Nedbank have all indicated that there is no link between the DDoS attacks on their networks, and the attack on City of Joburg.
Extorting City of Joburg
Part of the confusion is the fact that the banks and City of Joburg all received ransom demands from their attackers.
However, in the case of the banks the demand was more like “protection money” — where the attackers said they would stop flooding the banks’ systems with traffic if they pay up.
Shadow Kill Hackers, on the other hand, said that they have downloaded sensitive data from the City of Joburg’s servers and will upload it to the Internet if the government doesn’t pay.
“Our main goal is to find security holes on companies and make them pay for us in order to recieve a full detailed scenario attack report [sic],” Shadow Kill Hackers said on its Twitter profile.
The group posted the following screenshots on Twitter to prove that it has data from City of Joburg’s servers:
The City of Joburg said that it is busy investigating the attack and that the investigation will take 24 hours.
“As a result, several customer-facing systems — including the City’s website, e-services; billing system (SAP ISU and CRM) — have been shut down as a precautionary measure.”