‘Human factors’ exposed SA government to espionage

By Staff WriterFebruary 25, 2015
 

 

 A report by the National Intelligence Agency (NIA) found ‘human factors’ to be the primary cause of security vulnerabilities at government institutions, including spyware infection resulting in fraudulent activity.

 

This is according to a document that was leaked as part of Al Jazeera and The Guardian’s recent release of the so-called “Spy Cables”, which is dated October 2009.

 

The NIA was the previous name of an intelligence agency of the South African government, and has since 2009 become a division of the State Security Agency.

 

Investigations concluded by the NIA exposed “serious deficiencies” in the security integrity of the information and communication technology systems at a number of government offices.

 

The document titled ‘Security Vulnerabilities in Government’ pointed to trends associated with security deficiencies in government including:

• Non existence of control measures and/or procedures for the destruction of sensitive/classified documents;

• Recommendations during security audits at departments were not being implemented;

• No approved encryption facilities on landlines and/or mobile phones;

• Virtually uncontrolled access to ICT and communication equipment;

• A general lack of proper ICT personnel to implement and maintain effective ICT security;

• Most government institutions outsourced their ICT functions to private companies of which only a few underwent record checks;

• No password protection of laptop computers.

“Such deficiencies render statutory institutions vulnerable to fraud and corruption, and worse, to espionage and malicious infrastructural disruption,” the report said.

 

As a result, the NIA found all the computers it analyzed from the Department of Public Enterprises (DPE) and former Department of Foreign Affairs (DFA) to be infected with spyware of some kind.

“The high prevalence of [intrusive software agents] was illustrated by the result of a sampled audit at former DFA,” the document stated.

 

“All Personal Computers sampled were found to contain spyware and remote access software. Similar software was also identified as part of the investigation at DPE.”

 

Investigations conducted by the NIA signaled a ‘disconcerting trend of breaches’ including:

• In 2009, a security breach occurred at the Gauteng Shared Service Centre (GSSC) whereby 15 individuals attempted to defraud the government department.Five of whom were GSSC employees. The plot entailed the unobtrusive, remote accessing of the Basic Accounting System.

• The NIA conducted an analysis on the laptop of a Department of Public Enterprise, revealing the presence of 8 malicious software applications downloaded which posed a threat to the intellectual property residing in the department as it related to parastatals including Eskom, Denel and Transnet.

• An employee of the Department of Sport and Recreation attempted to fraudulently transfer R13 million from the DSR, to his personal bank account.
   

The system’s time delay default prevented the full transaction, resulting in only R955,000 being successfully transferred.


Source
http://businesstech.co.za/news/general/80737/human-factors-exposed-sa-government-to-espionage/