Justice department denies cyber attack, blames insiders

Admire Moyo
By Admire Moyo
Johannesburg, 30 May 2024
According to Opentext, an insider threat refers to a cyber security risk that originates from within an organisation.
According to Opentext, an insider threat refers to a cyber security risk that originates from within an organisation.

The Department of Justice and Constitutional Development (DOJ&CD) is blaming insiders for an IT incident that is affecting electronic child maintenance payments.

“The Department of Justice and Constitutional Development would like to clarify recent media reports regarding the MojaPay system, which is used for managing payment of third-party funds, including child maintenance,” says the department in a statement issued last night.

Jabu Hlatshwayo, the department’s deputy director-general and CIO of ICT, explains MojaPay is a system used for payments supporting court processes and orders such as maintenance, bail refunds, etc.

He notes this system is supported by a service provider. Asked about the service provider’s name and other details, he says: “We cannot allow a service provider to respond on behalf of the department.”

The MojaPay system that the department makes use of is not related to mojaPay, a fintech company.

“The DOJ&CD wishes to place on record that there was no cyber attack, but detection of suspected fraudulent activities within the system by MojaPay system managers.”

At the time of publishing, the department had not clarified whether the attempted fraud emanated from its employees, or those of the service provider.

The department issued another statement today, saying the electronic payment system is still suspended.

“We will communicate broadly as soon as it is restored,” Steve Mahlangu, the department’s deputy director for media research and liaison, tells ITWeb via e-mail.

Last week, the department advised the public its electronic payment system for third-party funds, including child maintenance, had been temporarily suspended following “attempts to compromise the system”.

According to the department, an investigation is under way to assess “potential breaches” to the system.

“In light of this development, child maintenance beneficiaries are urged to promptly visit their nearest court with their original identity documents to receive manual payments until the electronic service is fully restored,” reads last week’s statement.

In its latest statement, the DOJ&CD says: “This proactive detection underscores the effectiveness of our internal controls and monitoring mechanisms designed to safeguard the integrity of the grant distribution process.

“Contrary to some media reports, these activities do not constitute a cyber attack. A cyber attack involves external entities attempting to breach or disrupt a system’s operations. In this case, there was no breach or external intrusion. Instead, the issue related to potential fraudulent actions by individuals who may be attempting to exploit the system from within.”

According to enterprise information management software firm Opentext, an insider threat refers to a cyber security risk that originates from within an organisation. It explains that it typically occurs when a current or former employee, contractor, vendor or partner with legitimate user credentials misuses their access to the detriment of the organisation’s networks, systems and data.

“No matter the intent, the end result is compromised confidentiality, availability, and/or integrity of enterprise systems and data,” Opentext says. “Insider threats are the cause of most data breaches. Traditional cyber security strategies, policies, procedures and systems often focus on external threats, leaving the organisation vulnerable to attacks from within,” it adds.

Says the DOJ&CD: “The department would like to assure all stakeholders that the MojaPay system is being strengthened to prevent and mitigate the risk of future breach attempts.

“Our team is diligently investigating the suspected fraudulent activities and is working closely with the relevant authorities to allow due processes to take place. Ultimately, appropriate actions will be taken against any individuals found responsible.

“We appreciate the media’s role in informing the public but request for accurate reporting based on verified information. Mischaracterising the incident as a cyber attack could cause unnecessary alarm and misinform the public about the nature of the situation.”