Security15.09.2024

South African military data potentially exposed by security flaw

The South African National Defence Force’s (SANDF’s) computer management system was reportedly left exposed after a contractor installed SIM cards and open access Wi-Fi on the nationwide relay systems.

The system is responsible for backing up all the military’s internal databases, from the Persol personnel database to its logistics systems.

According to a City Press report, defence intelligence officers recently raided relay stations in Gauteng, KwaZulu-Natal, and the Free State to remove the equipment.

Defence Intelligence (DI) started investigating after repeated issues with the operation of one site.

One of the dodgy relay stations was then opened under military supervision, leading to the discovery of the SIM cards and data chips with open access.

According to the report, the installation of these SIMs and Wi-Fi goes against all the SANDF’s computer security regulations.

As a result, the DI reportedly wrote to the SANDF’s command and management information systems (CMIS) division and Armscor to demand no further contracts and cooperation with the involved company, NEC XON, which “has already compromised the military’s security”.

The situation could have major implications for the stability of the military’s most confidential information systems, and the decision comes at a critical time with a further R1.4 billion tender on the horizon.

However, in feedback to the City Press, NEC XON CEO Carel Coetzee denied that his company had installed any open-access Wi-Fi at the stations.

MyBroadband asked NEC XON for further comment but it didn’t immediately respond to our request.

Scrutiny of South Africa’s most sensitive communications systems comes in the wake of several high-profile compromises.

This included an attack on the National Health Laboratory Service (NHLS) earlier this year.

The attack took down the NHLS’ emails, website, and system for retrieving and storing patients’ lab test results.

It also crippled South Africa’s already overburdened lab testing capabilities for public healthcare facilities.

Dean Macpherson, South Africa’s Minister of Public Works and Infrastructure

In July 2024, public works minister Dean MacPherson revealed that cybercriminals have stolen R300 million from South African taxpayers over the past decade thanks to security flaws within the department.

He indicated that insiders at the department may have been involved, describing it as “an elaborate scheme by cyber-hackers, and potentially officials within the department”.

Following an incident in May 2024 where attackers stole a further R24 million, the department launched a full forensic investigation with the Hawks, South African Police Services, State Security Agency, and ICT and cyber security experts.

“To build trust with South Africans, we must be transparent about the problems we face,” said Macpherson.

“We will ensure that financial controls are tightened, and we hold those responsible accountable for their actions.”

Four officials have been suspended, and investigators have seized 30 laptops.

SIM card fraud also poses a significant threat in South Africa, with authorities arresting 48 suspects in Gauteng and the Free State in July.

The Communication Risk Information Centre (COMRiC) assisted in the operation, which led to their arrest. The individuals are all foreign nationals, six of whom are Chinese and believed to be the kingpins of the operation.

Authorities seized more than two million illegally obtained SIM cards from multiple service providers and bulk SMS messaging machines in the arrest.

The bulk SMS messaging machines were used to send large volumes of text messages.

“The Bloemfontein arrests followed a comprehensive operation by a multi-faceted team comprising various police units, government departments, private security, and forensic investigators,” COMRiC said.

“In that specific operation, police investigators acted on information regarding two houses in Woodlands, Bloemfontein. The search and seizure operation resulted in the recovery of SIM cards from different service providers.”

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter