Ndabeni-Abrahams’ data breach is a lesson to us all – expert

Lessons for all South Africans can be learned from the recent data breach suffered by Minister of Communications and Digital Technologies, Stella Ndabeni-Abrahams, says a cyber security expert.

On Monday, the minister announced her WhatsApp account had been hacked and someone gained access to her personal information, including messages, from the app.

Responding to the news, cyber-security company reached out to The Citizen to offer some pointers which everyone should know about protecting their personal data from hackers and other types of data breaches.

Regarding WhatsApp messages themselves the company suggests users take heed of the following:

When using any public Wi-Fi, including a shopping centre or hotel, even with encrypted WhatsApp, WhatsApp messages are not secure, says French. The solution is to use a virtual private network (VPN) on a mobile device or a cyber protection solution.

French stated that without any more information about the nature of the data breach, it was not possible to comment on Ndabeni-Abrahams’ specific incident, but he had a few ideas of how hackers could have accessed her WhatsApp account, as a number of methods are commonly used.

“WhatsApp messages are infiltrated or attacked or breached, it could be a number of approaches. What I think would be the most likely approach or almost the simplest approach which is sim-swapping which will have been much easier than hacking their WhatsApp,” he said.

According to Ndabeni-Abrahams’ spokesperson, Mish Molakeng, Cybersecurity issues were becoming a day-to-day struggle for businesses.

“Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.”

WhatsApp communications have end-to-end encryption, meaning either the victim’s mobile device or that of the recipient of a message from the victim could have been used to gain access to their account. A sim-swap hack was far easier to carry out, he added. Otherwise it could have been compromised cloud backups wherein either the iOs or Android backup database was extracted from the cloud backup account. Being that these too are heavily encrypted, this would be a less likely occurrence.

It seems sim-swapping is a favourite among those who either want to access a victim’s WhatsApp or their banking services, including access to one’s e-wallet. All one has to do, explains French, is go to their nearest shop.

“I say I am you, and use whatever letter to fool the cell-shop employee to give you a new cellphone number. That is a sim-swap hacker. I will then have a valid sim card connected to your number. I will then receive SMSs for your number so I can install WhatsApp and get a verification through my phone. Or I could receive your banking one-time passwords (OTP) to my phone. You, of course will know sooner or later about this because your phone will seize to work. But by the time that happens the hacker will already have carried out his work.”

Other common weak points used by hackers included access to their WhatsApp account through WhatsApp Web, although this would have to be done with the victim quite nearby and logged onto their account on the computer as well as the mobile device.

The other came in the form of screen recording applications which give apps access to their device, creating a weak point for a data breach to occur. While companies and government entities are often held to higher standards in terms of cyber security, hacking can happen to anyone.

“So when you go into public officials who are dealing with extremely sensitive data in the interest of the public, a very baseline standard of security is essential and then additional tools and measures beyond just the user’s behaviour will be required,” he said.

But the main take-away French wants South Africans to have from this incident is that cyber-security relies on user behaviour, which is everyone’s responsibility. While there were no devices or applications which were completely unhackable, users had more control than they made use of when it came to protecting their data. Acronis calls it cyber-fitness, likening it to a gym regime, in which people practice daily security measures with enough consistency until they were fully ‘cyber-fit.’

According to an Acronis survey conducted among 3,400 IT managers in 17 countries including South Africa, this year:

• Singapore, South Africa, UAE, Bulgaria and India each reported almost twice as many malware attacks than the global average.
• 39% of companies have encountered videoconferencing attacks. India, Switzerland, Canada and the UK were among the most affected.
• Phishing, DDoS & video conferencing attacks plaguing companies the most – phishing campaigns reached a peak during the pandemic.
• 88% of employees indicated they’d like to continue working remotely to some extent.
• Employees in South Africa, India, the UAE, France, and Japan reported favouring even higher levels of digital transformation

For more news your way, download The Citizen’s app for iOS and Android.