Hacked or not? Defence dept’s security measures under the spotlight

In an attempt to quell anxieties surrounding the alleged hacking of the Department of Defence’s (DoD) systems, the SANDF released an official statement.

As per the statement, they assert their network has not been hacked by external individuals, but acknowledge that a “criminal syndicate operating in cyberspace” was behind the leak of classified information.

Was the department hacked?

According to preliminary investigations, the leak of sensitive data was the work of criminal organisations, assisted by information leaked from within the department itself.

The Department of Defence maintains that stringent policies are in place to prevent unauthorised access and dissemination of classified data.

As the investigation unfolds, those found guilty will be prosecuted, the statement concludes.

Criticism

Darren Olivier, Director at African Defence Review, however, critiqued the DoD’s response as “messy, inadequate and not entirely convincing.”

“This is a messy response from the DoD and not entirely convincing. […] I’d expect there to have been arrests already”.

He points out that sufficient public evidence suggests the leak is both extensive and real.

Olivier goes on to explain that even if the breach came from an insider, it is still deeply concerning.

“Even if this was an insider attack, that’s not much better than an external attack. There should be no way for any individual on the inside to have this much access and be able to send so much data to Russian servers without being detected.”

What was compromised?

According to security researchers, the data leak largely consisted of information from the department’s intranet.

These internal networks house a variety of documents with varying levels of classification but do not hold key operational systems or highly classified material.

Olivier said the leak, while potentially embarrassing, is probably not devastating unless it can be confirmed that critical ‘Red’ networks were compromised during the breach.

Oliver said: “A Red network is typically only accessible by specialised computers with cryptographic modules installed using symmetric or asymmetric keys.

“If data must go between the networks, it’s via specialised firewalls or one-way data diodes, or ‘Grey’ intermediaries.”

Better cybersecurity measures needed

The incident sparked concern over the lax cybersecurity protocols across various South African governmental departments.

Olivier said the department’s response and measures to prevent a recurrence is critical.

He also warns that if such a breach can happen at the department of defence, then other pivotal departments are equally at risk.

“If this kind of attack can happen at the DoD it can happen at Home Affairs, DIRCO, Energy, Public Enterprises, the Presidency, the SAPS, and a host of other crucial departments too”.

Moving forward

While the department said their systems are secure and robust measures are in place to prevent further compromise, experts like Olivier say the breach must not be underestimated.

He urges government to take immediate steps to fortify cybersecurity infrastructures.

“The one thing neither we nor government should do is bury our heads in the sand and pretend that things are okay as long as the files aren’t reported on.

“The data is out there now, our adversaries already have it. What matters is how the DoD recovers and prevents a recurrence.”

READ: Going beyond ‘Nigerian Prince’: SA turning into Africa’s cybercrime capital

It’s time to take the cybersecurity of our national departments much more seriously. If this kind of attack can happen at the DoD it can happen at Home Affairs, DIRCO, Energy, Public Enterprises, the Presidency, the SAPS, and a host of other crucial departments too.

— Darren Olivier (@darren_olivier) September 2, 2023