Hacking group N4aughtysec Group based in Brazil has recently threatened SASSA that they will release all the Private data of the South African Social Security Agency. SASSA is an organisation providing financial assistance to millions of South Africans.
After the recent tragedy in which Stellenbosch students uncovered the flaws in the SRD system of SASSA, SASSA received a written threat from N4aughtysec hackers. The threat was not only troublesome but also very stressful leading to rush at Government levels.
Revealings Of Stellenbosch Students
Two of the Stellenboasch students Veer Gosai and Joel Cedras who are first year Computer Science students recently discovered the flaws in the SRD system of SASSA. They claim that the setup is exposed to frauds and scams because of unsatisfying security systems.
According to them, getting access to SRD grants is easy and even they themselves have found their ID numbers that were used by fraudsters to apply for the SRD grants.
The Hackers Group!
This N4aughtysec Group has already claimed to have taken millions of dollars to prove what they are capable of whatever they are saying. This hacker group is a small group based in Brazil with some groups located all over the globe.
The hacker group has now threatened the South African Government and SASSA organisation that they will release all the data of SASSA in the next 48 hours if both agencies do not accept their demands. This hacker group last year demanded about $30 million from TransUnion and about $30 million from Experian.
Both of these TransUnion and Experian are the country’s largest consumer credit reporting agencies.
N4aughtysec Group Statement
Here is what the hacker group has said in the written statement that was sent on 30th October Wednesday exactly at 5:15 p.m.
“We have been hard at work rolling out our promises. We have entered the systems of the Credit bureaus we successfully hacked and used the compromised data sets and backend systems to attack the South African Government and RSA organisations.
“We did warn TransUnion that failure to pay our ransom would result in ultimate destruction. We are deeply infiltrated into the governments and bank systems.”
“We are releasing all the data of Sassa in the next 48 hours.”
N4aughtysec group also had shared 65 TymeBank account numbers to prove what they are capable of and fraudulently linked ID numbers to them. The data shared by hackers claim that all of these 65 ID numbers were registered as SASSA SRD grant recipients.
Moreover, the hackers also further described their actions and told the government that they still have access into the SASSA systems.
They explained that they have,
“Bypassed all security by using the XDS bureau infiltration on the TymeBank system and the social security ID numbers from the data we extracted from TransUnion and Experian. We use the TransUnion backend into the Sassa government system. We still have access to the systems.”
TransUnion Response
In response to all of this TransUnion said that they highly prioritise data security and monitor the systems to make sure their service and clients stay away from any potential threats or harms. According to them, they have not yet received any evidence and proof of any inappropriate or unauthorised access into their setups. With this, they have confirmed that there is no system interface present between SASSA and TransUnion South Africa.
TymeBank Response
In response to all of this, TymeBank CEO, Karl Westvig also explained that they have reviewed all of the information and details that was given to them from TransUnion and hackers and cross checked the data with the data they have in their records. According to them, clear discrepancies were present between the customer data they own and the data provided by the hackers.
This clearly suggests that TymeBank has not yet been hacked. They also explained further about their investigations and confirmed that the data was obtained from another third party that their customers might have been engaged independently with and not from their systems.
Steps To Enhance Security After Threats
TymeBank CEO further explained that they have already initiated taking steps and implemented several rules to keep an eye on fraudulent accounts. They have further added that preventive measures are being taken to detect fraud and maximise the security of data.
They satisfied the beneficiaries that the agency has world class security systems and they prioritise the data security and focus on it extremely seriously. They have also claimed that they are working closely with the government department to minimise the fraud and eradicate fraudulent activities or scamming activities as much as possible.