Armscor plays down hack
The Armaments Corporation of SA (Armscor) says no classified information was accessed by hackers who recently compromised its Web site.
Armscor is the officially appointed acquisition organisation for the SA Department of Defence and with the approval of the minister of defence, also renders a professional acquisition service to other government departments and public entities.
Hacktivists claiming to be linked to Anonymous breached the Web site of the South African government-owned arms supplier this week. The attack was perpetrated in the name of the #OpAfrica campaign, which was launched earlier this year.
When Anonymous first announced #OpAfrica, it said it was about "a disassembly of corporations and governments that enable and perpetuate corruption on the African continent".
The group leaked 63MB of secret information it procured to the darknet in the form of HTML files which include invoice numbers, order numbers, invoice amounts - including those of local and international defence companies such as Denel, Thales group and Airbus. However, no e-mails or passwords have been leaked.
Armcsor says a team of experts conducted an assessment of the extent of the unauthorised access to the network.
"We would like to reassure our stakeholders that no classified information was accessed," it says.
Commenting on the hack, Darryn O'Brien, country manager at Trend Micro Southern Africa, says since Anonymous is a hacktivist group, the hack probably had political motives.
He points out that any data breach in the private or public sector is a major concern as it would put the victim or organisation at risk, so this should be treated as a serious threat.
"A thorough investigation is necessary to identify how the data breach occurred. IT security policies, procedures and needs should be reviewed and amended. After the investigation, swift action needs to be taken to ensure all gaps in IT security are closed. This hack is public now which means Armscor needs to move quickly in amending its security as other hackers may now see it as a soft target," says O'Brien.
He adds organisations need to change the way they approach security. "Simply putting in a couple of appliances at the edge of your network is no longer going to cut it. You need to view your environment as a whole and secure from within."
Matthew Kibby, regional director for Sub-Saharan Africa at VMware, says: "We recently conducted research on corporate South Africa's stance on security, the results of which are very telling if you consider the recent hack on Armscor by Anonymous.
In the survey, Kibby says, 16% of IT decision-makers expected a serious cyber attack in the next few days. "However, security breaches themselves are significantly outpacing security spend. What this highlights is that we need to start changing our approach to security."