Avatar photo

By Hein Kaiser

Journalist


CYBER ATTACKS: ‘Open’ home affairs systems could spark large-scale identity theft

Here's what a data breach at home affairs could mean for you.


As The Citizen reveals serious vulnerabilities in government’s data systems, an IT expert has warned that Home Affairs IT infrastructure is an open book to skilled hackers – and even the not-so-skilled.

Cybersecurity operation Scarybyte chief executive Karim Jaber said detailed data of government IT infrastructure is also available on publicly accessible websites intended for mapping exposed infrastructure worldwide.

This is known as “enumerated” data.

In hacking, enumeration means gathering detailed information from a server, such as usernames, open ports, or software versions.

Hackers use this process to identify weak points or areas they can exploit to gain access to a system.

ALSO READ: Govt can’t keep you safe: IT vulnerabilities could collapse SA in 3 days

Hackers target weak points

Jaber said the information disclosed includes details about technology used, subdomains, IP addresses, and open ports.

This is vital information that attackers can use during the early stages of a cyberattack to identify weaknesses and plan their approach.

A whistle-blower from home affairs corroborated this assessment, noting that while some firewalls exist at home affairs, they constitute a single or partial layer of defence.

ALSO READ: CYBER ATTACKS: A history of hacks show data breaches are ‘taken too lightly in SA’

Jaber added a unified set of controls is required to secure infrastructure and data effectively.

He estimated at least 30% of the enumerated vulnerabilities discovered by the hacker and shown to him are highly exploitable for whatever use a hacker may want.

In turn, Jaber demonstrated to The Citizen how easy it is to enumerate home affairs’ systems, root directories, technologies, vendors, admin portals and even e-mail structures.

ALSO READ: CYBER ATTACKS: Why SA government has a data security crisis

It took him less than three minutes to bypass certain security measures using advanced browsing methods.

He said where hackers cannot penetrate digitally, they could quickly use artificial intelligence and phishing techniques to manipulate employees into revealing passwords or other sensitive information.

“A major part of hacking is also exploiting the human element,” Jaber said. Home affairs personnel may believe they operate within a secure environment but in a world of deep fakes and phishing, it’s easy to deceive.

“High-resolution images of the minister and his team allow for the creation of near-perfect approaches to manipulation. By gathering the necessary information, it’s possible to create completely believable and legitimate e-mails that appear to originate from within the department,” said Jaber.

Even more concerning is that the home affairs perimeter security layers are easily digitally unpacked when they should be well-hidden or obscured.

Citizens’ sensitive data up for grabs

If a hacker gains control of a server at the department of home affairs, the risks are potentially catastrophic.

They could intercept sensitive citizen data, including ID numbers, biometric records and immigration details, leading to large-scale identity theft and financial fraud.

Hackers could also manipulate traffic to redirect users to malicious sites, inject malware, or gain deeper access to the department’s internal systems and connected networks, such as financial institutions and credit bureaus, Jaber said.

“This compromise could disrupt operations and sabotage critical services like ID issuance, and leak sensitive governmental data, posing a national security threat.”

He added hackers could exploit this access to infiltrate other organisations linked to the department of home affairs, amplifying the breach’s impact.

And time seems to be freely available. During the research period of this report, the anonymous cyber expert spent two weeks “scratching” home affairs’ systems, in other words irritating the system, to test whether he would be detected by its digital security apparatus. He was not.

ALSO READ: Data breaches cost SA organisations over R360m in 3 years

The domain dilemma

Home affairs is not the only government department with wide open cyber doors.

It is potentially the entire government online domain, Jaber said. The weakness, he said, simply put, is that a domain name serves as a unique address for accessing applications or critical components and is also used in e-mail addresses.

It consists of a main domain that is usually the organisation’s name, a domain extension or top-level domain like ‘.za’ for South Africa and can include subdomains that designate different departments or services.

Each subdomain, associated IP address and e-mail address represents a potential access point.

If not properly secured, these can serve as gateways for unauthorised users to infiltrate government systems and access sensitive data.

Read more on these topics

Cybercrime Home Affairs technology

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.