By Jacques Wessels
October 30, 2005
Can the government IT systems be hacked, broken into and information
stolen or planted? The answer is yes. It is a fact of life in the IT
industry that there is no such thing as a secure network. IT systems
and networks can have a high or low level of security, but the perfect
impenetrable network does not exist.
Is it a trivial matter to break into government systems? This is a
question that needs deeper understanding.
The government.s information security policies are modelled around the
BS7799 standard, which is an internationally recognised benchmark for
information security around the world. But the problem comes with
implementing those policies.
On October 10, it was reported that government websites were
repeatedly hacked into by a group calling themselves the "Beyond
Crew". Technical personnel fixed their web servers only to have them
hacked into again by another group known as "BHS-Team". These systems
were built on platforms generally regarded as very secure.
A hacker is a person with very good technical computer skills that
uses those skills to gain access to computer systems. As is the case
with web servers, the reason is often a form of prestige within the
hacker community on being able to gain access.
How does all this tie into the current saga between Minister Kasrils
and the NIA on claims of stolen e-mails? The NIA claims an .agent.
either intercepted the e-mails or fabricated them. For a more
objective opinion, it would be useful to bring certain events into
Deputy president Phumzile Mlambo-Ngcuka's laptop was recently stolen.
It is alleged that presidential legal advisor Mojanko Gumbi's laptop
was also stolen.
Government websites have very recently been hacked and defaced, and
now there are supposed e-mails of a sensitive nature doing the rounds.
If indeed the laptops had been acquired by someone with the correct
level of technical skills, it would be a fairly routine exercise to
find and interpret sensitive information.
The e-mails may well have been obtained from the laptops themselves.
If the laptops are not to blame, that leaves the possibility of an
agent breaking into the government network. This may sound easy, but a
high level of technical expertise is required for this. Government
networks use devices called firewalls to enforce computer security
A firewall is a device that makes decisions on which users from the
Internet may access a protected network. A hacker would therefore have
to compromise the firewall security to gain access to the internal
government network. This is a very complex task since firewalls are
explicitly designed to stop this from happening. It is however not
impossible, and there are many companies that get hacked despite their
The question is whether your security policy is smarter than the
hacker you are trying to keep out.
Government has a fairly smart policy and if implemented properly,
there is a far more likely scenario.
According to research on security in the computer world, the weakest
link is the human one. Couple this with the fact that more than 70% of
information security breaches occur from within the organisation, the
most likely scenario is that someone already inside the government
computer network gained illegal access to information.
Once a hacker has physical access to a network, the picture changes
dramatically. The exercise of stealing data and breaking into computer
systems becomes a trivial exercise.
Computer networks and computer systems can be compared to a noisy bar
and its patrons respectively. It is easy to .tune. into a single
conversation at a time . a conversation meant for your ears, but it is
also possible to eavesdrop on other conversations.
Eavesdropping on network traffic such as e-mails and chat room
conversations is called "sniffing" in hacker terms.
Some forms of sniffing attacks allow a hacker access to data even on
switched networks by inserting the hacker.s computer between two
These attack methods are known as "man-in-the-middle". They can also
allow a form of digital impersonation called "spoofing" where the
hacker can send e-mails that look like they came from another person.
One important point remains. Even though it is entirely possible to
obtain information such as e-mails, the hacker will always leave some
kind of trail. Every web page, phone call, e-mail message or even chat
room conversation can be traced, intercepted or monitored. Without
This is also true of government systems and will prove to be critical
in finding the truth. If the e-mails did originate within government
then log files will exist, and if proper forensic investigation is
conducted, then it should be possible to trace their origin.
Jacques Wessels is a computer science lecturer in the Engineering
faculty at the Nelson Mandela Metropolitan University
InfoSec News v2.0 - Coming Soon!