Cyber Breach SA – is that possible? On Monday morning Fin24 discovered that the hub – which acts as a portal for reporting cyber issues and falls under the Department of Telecommunications and Postal Services – was down and when checked on Thursday evening the site was still down. In response to a request for comment, a department spokesperson told Fin24 that it had no reports of issues plaguing the website and could not say how long it had been down for. The website was again online by 14:30 on Wednesday. (According to Fin24.com).
“The National Cybersecurity Hub has been established to serve as a central point for collaboration between industry, government and civil society on all Cybersecurity related incidents in South Africa.” Honourable Dr. Siyabonga Cwele, Minister of Telecommunications and Postal Sevices.
The Cybersecurity Hub is mandated by the National Cybersecurity Policy Framework (NCPF) which was passed by Cabinet in March 2012. The Cybersecurity Hub is South Africa’s National Computer Security Incident Response Team (CSIRT) and strives to make Cyberspace an environment where all residents of South Africa can safely communicate, socialise, and transact in confidence. It achieves this by working with stakeholders from government, the private sector, civil society and the public with a view to identifying and countering cybersecurity threats.
The Cybersecurity Hub enhances interaction, consultations and promotes a coordinated approach regarding engagements with the private sector and civil society. As a key point of contact for cybersecurity matters, it coordinates cybersecurity response activities, and facilitates information and technology sharing.
The Cybersecurity Hub also provides information that creates awareness on cybersecurity as well as information that encourages South African citizens and organisations to be secure online.
According to security reseracher Troy Hunt, the database leak that exposed the private information of 30 million South Africans cyber breach that has been linked to websites operated by Jigsaw holdings, reported iAfrikan. Hunt revealed that a 27.2GB database file with the name “masterdeeds” contained the private details of millions of South Africans. This included ID numbers, addresses, contact details, employer information, and estimated income. Hunt said his attempt to import the database backup file failed after 31.6 million records.
Linking the leak
With the help of self-professed “data and crypto addict” Flash Gordon, iAfrikan CEO Tefo Mohapi connected the leak to GoVault. GoVault is a platform operated by Dracore, and is billed as a “goldmine of information” which offers access to the contact details of South African consumers and homeowners. Counted among Dracore’s clients is TransUnion and real estate industry players. A lookup of GoVault.co.za shows Hano Jacobs as the domain’s owner, and Mohapi’s search for him resulted in a Twitter page that points to realty1ipg.co.za.
However, this morning in an article written by Jan Vermeulen, iAfrikan CEO Tefo Mohapi states the database has been removed from the Jigsaw webserver.
Dracore also published an email which it said was from a former employee at Jigsaw, who confirmed the IP address corresponds to Jigsaw’s main web server at Hetzner.
The data in question was hosted in a MySQL database running on an Apache web server. Dracore said it uses Microsoft SQL servers and Microsoft’s IIS web server, which means the leak could not have originated from its servers.
On the question of Dracore’s relationship with Hano Jacobs, to whom the GoVault.co.za domain is registered, Fraser said they were exploring business avenues involving software development in 2013.
“However, [we] ended this exploration in early 2014 as we did not have the capacity or time to fulfill on our ideas,” said Fraser.
Fraser said Jigsaw used to be a client of Dracore Investments. The companies signed an agreement on 3 July 2014 to enrich their deeds database over a period of six months.
Their agreement terminated at the end of the six months, and that arm of Dracore was subsequently liquidated.
As part of the agreement, Jigsaw signed a clause taking responsibility for the security and integrity of the data, said Fraser.
“Today has been a really tough day for my team. I started my journey into entrepreneurship in 2013 and have always operated my business on the premise of integrity,” said Fraser.
“We conclusively know that we are not the source of the data leak.”
Check if you have an account that has been compromised in a data breach
Who is behind Have I been pwned?
I’m Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.
I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today’s modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!