The eNaTIS website was hacked yesterday. At first only one section of the eNaTIS website was hacked, but later in the evening another group of hackers returned and defaced the entire eNaTIS website. The Department of Transport (DoT) however downplays the incident.
“Some media hype has suggested that the eNaTIS system was hacked recently. This was apparently due to someone leaving a comment on a page of a section of the eNaTIS public web site. The suggestion that eNaTIS was hacked is actually laughable,” the DoT said in a statement on the eNaTIS website.
They pointed out that the eNaTIS public web site is in no way connected to the eNaTIS system and that ‘this choice was a deliberate design choice.’ “The eNaTIS system and database is still secure and cannot be accessed via this web site,” the statement said.
DoT Statement: eNaTIS "Hackers" on wrong track
“The truth is that the eNaTIS web site is running on a public hosting area on a public hosting service. The hosting service is not inside the eNaTIS data centre at all. There is also no connection of any kind between this web site and the eNaTIS system.”
“The Department of Transport deliberately decided to host the web site on a completely different server than the eNaTIS system servers to ensure that any hacking attempts would be fruitless.”
“Any attempt to hack this web site (www.enatis.com) is totally fruitless in respect of the eNaTIS system. The eNaTIS system can only be accessed by work stations that are authorised to access the system and all communication with the eNaTIS system is encrypted.”
“In addition, a pre-defined user name and password is needed to connect to the eNaTIS system. An eNaTIS user will only be given access to the system after signing a confidentiality agreement regulating the security of passwords. The South African public can rest assured that the eNaTIS system is not open to the public and hackers of the web site will not get one millimeter closer to the eNaTIS database by doing this.”
While the DoT does not seem too perturbed about the defacing of their eNaTIS website, security breaches should be of concern to any company and specifically a Government institution.
The eNaTIS website is built on the popular open source content management system Joomla, and is hosted in the United States.
It is not clear exactly what vulnerability the hackers exploited to deface the eNaTIS website.