Earlier this week, online hacking collecctive Anonymous proclaimed that under the handle of Operation Africa, it will be targeting African governments over corruption, internet censorship and child labour.
Starting in Uganda and Rwanda, several government websites were attacked. The threat that followed claimed that South Africa would be next.
The threat seems to have materialised, after South Africa’s State Security Agency (SSA) released a warning and advisory today in an email statement.
In the mail sent to subscribers, the Computer Security Incident Response Team said that “Hacktivists Anonymous hacked a South African Government Department under the operation #OpAfrica and publicised the information from their database to a website.”
A hacker going by the Twitter handle
@TobitowTHA has released a rather extensive list of websites he/she claims to have hacked on the microblogging service.
The hacker posted a list websites in alphabetical order, starting with ‘A’ and getting as far as ‘C’. More names have been promised. The websites listed are private in nature, and don’t seem to have any connection to the government. In total, @TobitowTHA claims to have access to over 2 500 sites. As pointed out on Twitter by Obakeng Molebatsi, all the sites listed appear to be hosted by Web Africa.
— Obakeng (@molebatsi_o) February 12, 2016
Softpedia, however, is reporting that Anonymous members also claim to have hacked a local site called V-Report and procured data on government employees who had signed up for the service, which they then posted online. V-Report does not appear to be hosted at Web Africa, rather by AIT Online.
“We had information about 33,000+ job seekers,” the hackers told Sofpedia. “But we just prefer to publish government officers data.”
ID numbers and email addresses have been posted from this leak.
In a separate leak, email addresses, phone numbers and hashed passwords from the following departments were also dumped following a breach of the Government Communications and Information Services (GCIS) website. Local system architect, Evan Knowles, is critical of the security in place on GCIS’ database and points out that the encryption used to store the passwords was trivial to break.
Knowles demonstrates that the password policy at GCIS needs work too. From his blog (which you should read here):
All in all, in the collection of 1116 passwords, there were only 549 unique passwords. This included 9 passwords which were only one letter long, and 53.1% of the passwords failed a standard, very basic test (contains at least one number, and a minimum length of 6). 29.8% of the passwords contained the word ‘password’.
The top 10 passwords were:
//Story updated to add details about site hosts & GCIS hack