Guest Column

OPINION: City of Joburg hackers have sinister motives

2019-10-30 08:04


Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

In the hidden world of cyber-crime nothing is guaranteed. Who knows what the actual intentions are of the Shadow Kill Hackers, asks Matthew Gaskel.

If you haven't been too distracted by the rugby dominated headlines this weekend you might have noticed that there was a "network breach" at the City of Johannesburg. What this means is that if you browsed for on your cell phone or computer you would not (and at the time of writing this article) would STILL NOT have been able to view the website or access the information that it provides.

This is because a group calling themselves the Shadow Kill Hackers (most awesome name ever) were able to access the City's network and turn off the website, similar to someone stealing your phone and deleting your Instagram selfies.

As a business analyst with Synthesis Software Technologies (a home grown South African software solution provider) we understand that these situations are key to understanding how the IT landscape is evolving and what the risks for each organisation and person might be. Whether we choose to be more or less connected and engaged in technology, it has become critical to our functionality. And that means that we are all vulnerable.

READ | Notorious hacker shuts down government website... again

So why did the hack happen?

Attacks like these happen all the time and all around the world. These attacks range vastly in size and motive. From small so-called script kiddies trying their luck through to highly skilled, state sponsored organisations with a strategic motive to cause real harm. The latter was behind famous cyber-attacks such as NotPetya or WannaCry which derailed logistics giant Maersk and its entire global network costing the company billions.

The Shadow Kill Hackers are somewhere in the middle. They are black hat hackers who look for system vulnerabilities around the world and extort the system owners for monetary gain, usually in the form of bitcoin. However, their intentions are not as menacing and sinister as on first appearance.

As much as their motive is to receive a monetary ransom, they are generally willing to return all the stolen information as well as a detailed description of how they were able to hack the website. Imagine it comparable to how successful bank robbers would return the stolen loot as well as a comprehensive plan of how they broke into the bank vault.

This detailed description of the hack would assist the system administrators of the City's website to repair any vulnerabilities and prevent future attacks. They play both the good guy and the bad guy in this cyber-cowboy scenario.

There is actually a legitimate form of this practice called bug bounties. This is where massive multinational enterprises such as Google and Capital One offer rewards (a bug bounty) to hackers who are able to exploit unknown vulnerabilities. Hackers such as Tommy DeVoss and Santiago Lopez are able to earn seven-figure pay cheques from these bug bounties.

What are the consequences?

At 17:00 on Monday the deadline for paying the 4.0 bitcoins (roughly R500 000) expired with the City not paying ransom. Organisations like this use crypto currencies in order to make it extremely difficult to trace the culprits receiving the ransom. The Shadow Killer team have proven themselves capable of following through with their promises when they released the passwords from their previous hack on First Group Management SA. With the City of Joburg storing much more sensitive information the consequences of this attack if the information were to get released would be exponentially more dangerous.

In a Tarentino-esque plot twist the City hack coincided with a wave of attacks on South African banks which coincidentally occurred with a spike in the price of bitcoin. Knowing how the crypto-market would react would give a considerable advantage.

In the hidden world of cyber-crime nothing is guaranteed. Who knows what the actual intentions are of the Shadow Kill Hackers? Are their intentions actually malicious? Or are they out to be incentivised cyber vigilantes with a super cool killer team name?

Who is to say what they will do next? Stay tuned.

- Matthew Gaskel is a business analyst at Synthesis Software Technologies.

Disclaimer: News24 encourages freedom of speech and the expression of diverse views. The views of columnists published on News24 are therefore their own and do not necessarily represent the views of News24.



Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.