Joburg online billing system maliciously hacked: CoJ

The City of Joburg’s (COJ) Abraham Mahlangu says that they have opened a police case to investigate how their online billing system was “maliciously hacked”.

Speaking on Radio 702, Mahlangu said that a COJ website user was behind the hack, and after accessing the system “went on to look for access to other accounts”.

Straight from the horse’s mouth

The person who blew the whistle on the security problem with the City of Joburg’s online billing system, BidorBuy CTO Gerd Naschenweng, tells a very different story.

Naschenweng said that he discovered the COJ billing system problem at 11:00 on Tuesday 20 August 2013.

“I wanted to print my Joburg statement, and when I clicked on the link to view the statement, I noticed the URL parameter being the same as my invoice number,” said Naschenweng.

“I then incremented my number by 1 to see what will happen, and was surprised to see that some other person’s statement was displayed.”

He said he then tested the same link in another browser where he was not logged in, and he could still view someone else’s statement.

Naschenweng became concerned about this security vulnerability, and phoned the COJ call-centre and asked the agent to connect him with IT or anyone who is responsible for the website.

However, Naschenweng said he was told by the agent that they could not connect him. “I then asked to speak to a supervisor as the agent could not comprehend the urgency of the problem and the call-centre agent refused and put the phone down,” he said.

“I then submitted an email to COJ, but I did not expect an urgent response,” said Naschenweng.

After he failed to raise the alarm directly with the COJ, Naschenweng highlighted the problem on the MyBroadband forums.

Other MyBroadband members quickly validated the findings, and a MyBroadband news article followed.

Gerd Naschenweng
Gerd Naschenweng

Naschenweng not happy

Naschenweng is not happy about the COJ’s allegations that a malicious attack was to blame for the COJ’s online billing security woes.

“The COJ is now attempting to discredit my honest attempt as a concerned citizen to assist in resolving one of their data-leakage issues, and by the sounds of it are now pursuing criminal charges against this,” said Naschenweng.

“This is quite shocking as one would have expected more transparency instead of a witch-hunt, but I am completely open to challenge COJ if their accusations are directed at me.”

More on security

Massive security flaw exposes Joburg residents’ private info

CoJ statement security problem discussion

City of Joburg exposes private information again

Latest news

Partner Content

Show comments

Recommended

Share this article
Joburg online billing system maliciously hacked: CoJ