Uganda: Hacker Steals Sensitive Data From Govt Website

Photo: This Day
...
28 January 2019

Kampala — The recent hacking into the External Labour Information Management System at the Ministry of Labour was the work of an insider who intruded into the system to steal sensitive external recruitment information and documents, sources familiar with the operations told Daily Monitor.

Sources said the hackers took valuable information about export labour recruitments and a number of other sensitive documents from the site.

The ministry's online system to vet labour export companies, confirm availability of jobs and counter human trafficking crashed mysteriously.

The automated system; The External Employment Management Information System, is a component of a broader labour management information system and labour market information analysis system developed by the Ministry of Gender, Labour and Social Development recently.

The system was installed after complaints of mistreatment of Ugandan labourers working in Arab countries.

Government strengthened the collection, management and analysis of labour migration data, including information on labour demand and supply. Each registered company is given an account with password to log in and place the necessary requests.

Inside sources said an employee of the ministry in the IT section (names withheld) hacked into the system in collusion with unscrupulous labour recruitment agencies to get undue clearances for their domestic workers.

Mr David Mugisha, the commissioner for labour at the ministry, insisted the system "just crashed" and denied it was hacked into.

"I don't know where you got that information of the hacking from. You can quote your own sources, but I am telling you the site only crashed," Mr Mugisha said.

One source familiar with the system said "the hacker is known to the ministry. They have even identified him with the names, but they are refusing to act on him."

Under the normal procedure, when a company receives a job order from foreign countries, it submits the offer to the Ministry of Labour for approval.

After approval, the company goes ahead to recruit and then the interviews are conducted and names of successful candidates are submitted for clearance.

The names are submitted along with their vetting forms bearing signatures and stamps of the Local Councils and District Internal Security Officer and Resident District Commissioner as proof that they are legally leaving the country for work. They are then cleared at airport for travel.

Our sources said many offers are rejected because they are discovered to be fake.

The sources said the companies in collusion with the security and immigration officials at the exit points, illegally clear many of these companies job offers at between Shs300,000-Shs500,000 per person.

"Some companies reportedly owned by security bigwigs and government officials are cleared without even paying the said amounts," the source said.

Internal problem

Our sources said after the hacking debacle, the Saudi Arabia government informed the Ministry of Gender and Labour about the incident and said it was an inside scheme.

The sources said the Saudi officials identified the hacker as a staff of the ministry and offered to fix the problem, but the Labour ministry rejected the offer.

The Saudis were upset by the ministry's decision and decided to log Uganda out of the MUSANED system, which was created in 2017 when Uganda government signed a Memorandum of Understanding and other labour agreements with Saudi Arabia to allow Ugandan professionals to seek employment in the Gulf state.

The MUSANED website was to serve as a one-stop centre for both the external recruitment agencies, and the Saudis to provide information on availability of jobs and their legalities and also offer information on genuine recruitment agencies.

After the logout, the labour exporting companies whose recruits had been cleared, have not been able to send them to Saudi Arabia.

Sources said the hacking was done in connivance between the security and immigration officials at Entebbe airport.

The Saudi government detected the hacking after the MUSANED system dubiously cleared up to 1,660 Ugandans for labour export without clearance from the ministry.

Upon noticing the error, Ms Peace Mutuuzo, the acting minister of Gender, wrote to the Saudi government, demanding an explanation how the Ugandans had been cleared without going through the normal processes.

In reply on January 21, 2019, the government of Saudi Arabia wrote back, acknowledging the problem and blamed it on the MUSANED system error.

"During the regular updating of MUSANED system for the necessary functioning of the system, a number of contracts were mistakenly approved on behalf of the Ugandan Ministry of Gender, Labour and Social Development. The team immediately corrected the unintended technical error and returned those contracts to their previous state," the letter from the Saudi government reads in part.

Recruitment agencies react

Members of the Ugandan Association of External Recruitment Agencies have tasked the ministry to arrest the hacker and prosecute him.

The members also demanded that their requests be approved manually, which was rejected by the Labour ministry.

Mr Pius Bigirimana, the ministry Permanent Secretary, on January 17, wrote to the chairperson of the Uganda Association of External Recruitment Agencies (UAERA), saying: "I am unable to unilaterally authorise manual processing because the use of MUSANED Arabia as the platform that will be used to clear visa requests of migrant workers was mutually agreed upon by government of Uganda and the Government of the Royal Kingdom of Saudi Arabia."

During a meeting of UAERA in Kampala last Friday, members castigated the Labour ministry officials for deliberately frustrating them.

Prior to the meeting, the association's members had scheduled another one with the ministry officials at the ministry headquarters but it aborted after the latter left office.

During the Friday meeting, the association's members gave the ministry up to tomorrow to restore the IT system or else they will seek other options they did not disclose.

"The ministry is playing games with us. They know who the hacker is, but they are just pretending. If they cannot handle him, we shall do it ourselves," a member said.

Mr Andrew Tumwine Kameraho, the chairperson of UAERA, said they have been engaging both the ministry and Saudi officials to sort the mess before it gets out of hand.

"We are still engaging the ministry officials and we urge the members to be calm," he said.

Fraud

Mr Kameraho also warned recruitment agencies, whom he accused of soliciting money from prospective job seekers with promises of employment abroad.

"You particularly new companies need to come for orientation because we are receiving complaints that you are picking money from clients. We don't encourage people to pay for some of these services and you can only get the money for processing the necessary documents after someone has passed the interviews," Mr Kameraho said.

See What Everyone is Watching

More From: Monitor

Don't Miss

AllAfrica publishes around 700 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.