12 June 2006

South Africa: It's White Versus Black As Big Business Turns to the Gurus in the Mad World of Hacking

A new group of hackers, known as "white hat hackers", are increasingly being employed by big corporations to counter their pilfering colleagues.

PoWeRFuL, SecretlyX, Bela, BodyguardD and Thehacker all live in Turkey, but in the past week they have been trawling South Africa's cyberspace, prodding for holes and vulnerabilities in computer systems. And finding them.

The hacking syndicates, only known by their "handle names", set about defacing several South African websites by planting their logos and theme tunes on unsuspecting companies' web pages.

The damage they have unleashed is unknown, but Durban businessman Trevor Parkinson, whose website www.boats-for-sale.co.za was targeted, is angry.

Parkinson did not even know about the hack until the Cape Argus informed him about it.

"This is a total disregard for someone's privacy. I paid about R10 000 to get the website up and running and every month I pay a fee. These guys need to be stopped," he said.

Internet security experts say at least a dozen South African websites are targeted every week and, in the past three weeks, hackers have struck more than 100 local websites.

Between May 28 and May 30, a hacking syndicate, also operating from Turkey, struck 90 South African websites in what experts say could have been a "hacking competition".

Most of the websites targeted were small businesses and private individual sites.

While industry analysts say that about R3 billion is spent on IT security, most coming from large corporates, nobody knows exactly how much hacking is costing the country.

These hacks do not surprise Michael Bafatakis, 23, who at 19 became the first person to be convicted under South Africa's hacking law, the Electronic Communication and Transactions Act.

Bafatakis and friend Andrew Michael Stokes were convicted in 2003 for hacking into Vodacom's website and stealing personal information from the client database. They were both given suspended sentences and a fine of R24 000.

Bafatakis now works as a consultant for international companies, who pay him to find loopholes in their security systems. He says no computer system is safe.

South African companies and individuals are particularly vulnerable to hackers, he says, because of their lax approach to cyber crime.

"Every system out there is designed by man and therefore can be penetrated and is waiting to be penetrated. It is up to companies and individuals to ensure that they are one step ahead of these guys."

Bafatakis represents a new breed called "white hat hackers", who are employed by big companies and corporations to counter the "black hat hackers", who are actively working, sometimes in large numbers, to pilfer vulnerable computer systems.

One South African company that has actively employed white hat hackers in recent years is Standard Bank.

Herman Singh, the bank's director of architecture and technical engineering, said they needed to stay one step ahead to protect their clients' and investors' money.

"We have people working for us who, if they did not have a high moral fibre, could easily be hackers. They are very smart people and we need them to do what they do. We need people like them who think like hackers," he said.

Jacques Wessels, a communications networks lecturer at the Nelson Mandela Metropolitan University in Port Elizabeth, said home users were also vulnerable: "Considering that every online machine is being probed for weaknesses every minute of the day, the question is, do you feel comfortable knowing someone might be looking at your photographs, reading your e-mail, and looking at your documents?"

Copyright © 2006 Cape Argus. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 2,000 reports a day from more than 130 news organizations and over 200 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.