For business leaders in South Africa, corporate cybercrime is taking center stage as a major risk to the enterprise. The ‘hacking economy’ is now thriving worldwide, and local businesses and organisations are starting to fall prey to sophisticated attacks. These often come in the insidious forms of encryption and ransomware.
Worryingly, for businesses that are already being challenged by a fragile socio-political environment, targeted cyber attacks can prove to be crippling. Often, the reputational damage cannot even be properly quantified.
We have already seen major SA businesses and media organisations come under attack: here are five examples of hackers wreaking financial and political havoc…
Ster-Kinekor springs a leak
According to reports, up to 7 million South Africans were affected by a data leak via a website belonging to local movie theatre chain Ster-Kinekor.
In March 2017, an online resource called ‘haveibeenpwned.com’, which helps users find out if any of their accounts have been compromised, tweeted about the breach – saying that “Ster-Kinekor had 1.6 million accounts exposed in 2017.”
The tweet came after Durban-based software developer Matt Cavanagh announced that he had discovered a flaw in the Ster-Kinekor booking website and had reported it to the company. Although he notified Ster-Kinekor in late 2016, the extent – and consequences – of the flaw have only recently been made public.
Gupta-linked media & the SABC get singled out
In 2016, hacktivist group Anonymous Africa reportedly hacked the websites of Gupta-linked media outlets and companies. The M&G reported that the websites of the Gupta-owned newspaper The New Age, news channel ANN7, and companies Sahara and Oakbay Investments were forced offline for a short period.
During the same week, Anonymous Africa linked itself to attacks on other South African websites – most notably the SABC’s. The public broadcaster later confirmed to Fin24 that it was ‘the subject of a hack attack that resulted in several of its websites going down for hours…’
Anonymous Africa claimed responsibility for the attack while the SABC said it was investigating the matter. The hacktivist group said it attacked in light of allegations of censorship at the SABC.
Top SA banks take a sustained hit
Given the sensitive financial data they hold, banks are often the most highly prized targets for sophisticated cybercriminals. In 2006, three of SA’s major four banks – FNB, Standard Bank and ABSA – fell victim to several attacks. The fallout was estimated to have cost around the US $80.000, although banking officials noted that further intrusions were detected after the initial hits. As a result, a more accurate estimate of the total amount stolen (and total damages) could not be provided at the time.
Three years later, in 2009, the infamous WikiLeaks group hacked South African banks and released the uncensored Competition Commission report. Their purported mission was to make consumers aware of why banking fees are so high and why these institutions do not serve low-income segments in the country. The Commission stated that the decision to blackout certain information in the report was taken by the banking institutions themselves.
Telkom’s teenage blush
In 1998, South African police arrested a teenage boy from Rondebosch who had hacked through all the security features of the South African telecommunications company’s computer system. The boy did no damage, although he could move large amounts of money around using the system.
Stats SA becomes an unwilling mouthpiece
In 1999, hackers attacked the Stats SA website, replacing statistics about the country with mockery of (ironically) Telkom. The Reuters news agency reported that visitors to the site who normally see the latest consumer price index and GDP figures were instead faced with comments such as “Telkom stop your … lame-ass monopoly or we will disconnect you.”