Subpoenas for ISP info issued in City of Joburg “hacking”: source

In the latest development in the City of Joburg (CoJ) website security case, the police issued subpoenas to Internet Service Providers (ISPs) to hand over information which may assist them with the case.
In August 2013 a security vulnerability was discovered in the City of Joburg’s (CoJ) online e-statements system which exposed residents’ and business’ personal details.
BidorBuy CTO Gerd Naschenweng unsuccessfully tried to alert the CoJ about this flaw, and then went public with the information to ensure the problem was fixed.
The City of Joburg subsequently shut down its e-statements system, and said that they regarded the breach of their system as a criminal act.
The city also opened a criminal case against “a suspected perpetrator” after a “thorough forensic investigation by the city and its private IT experts”.
The Hawks started to investigate the case, but progress is very slow and questions have been raised about the merits of the case.
In the latest development the police issued subpoenas to Internet Service Providers (ISPs) to get information which may point to a person/people who accessed unprotected yet sensitive information on the CoJ’s website. This is after ISPs were uncooperative without subpoenas.
According to information received by MyBroadband the police requested details about “log on times”.
It is currently not clear whether the ISP information was only requested for one person or numerous subscribers.
It is also not clear whether the investigation may have been extended to anyone who exposed information from the CoJ website.
More on the City of Joburg security issue
Hawks investigating City of Joburg billing security issue
City of Joburg opens criminal case against “hacker”
True story behind Joburg’s online security problems