Question NW345 to the Minister of Communications
08 April 2016 - NW345
Mackenzie, Mr C to ask the Minister of Communications
(1) Whether the website of the Government Communication and Information System was allegedly hacked by a certain group (name furnished) in February 2016; if so, in each case, (a) was any restricted area of the website accessed, (b) was any data lost and (c) have any steps been taken to correct the vulnerabilities in the website; (2) whether any other websites of (a) her department and/or (b) entities reporting to her have been hacked over the past 12 months; if so, (i) which websites were hacked and (ii) on what dates respectively?
Reply:
(1) An unused sub-site on the Government Communication and Information System website that housed a redundant contact database was hacked exploiting an SQL injection vulnerability.
(a) No restricted area of the website was accessed. All the information on the sub-site database is public information and the log files of the content management system (CMS) of the sub-site database indicate that none of the exposed user information was used to log onto the CMS before the vulnerability was closed.
(b) No data was lost.
(c) The vulnerability was removed, all redundant accounts on the user table were locked and active accounts were reset.
(2) The Department’s website and the websites of the entities reporting to it have not been hacked over the past 12 months.
MR DONALD LIPHOKO
DIRECTOR GENERAL [ACTING]
GOVERNMENT COMMUNICATION AND INFORMATION SYSTEM
DATE:
MR NN MUNZHELELE
DIRECTOR GENERAL [ACTING]
DEPARTMENT OF COMMUNICATIONS
DATE:
MS AF MUTHAMBI (MP)
MINISTER OF COMMUNICATIONS
DATE