The Johannesburg Specialised Commercial Crimes Court on Monday sentenced a former IT technician, Obakeng Israel Busang, who had been contracted to the Gautrain Management Agency (GMA), to an effective 10 years behind bars for the unlawful installation of spyware on GMA laptop and desktop computers.
Gautrain lost about R11 million after Busang hacked the IT systems and let outsiders access it with the intention of siphoning off funds from the organisation's account, IOL reported. He was arrested in 2014.
According to the National Prosecuting Authority (NPA), during the initial stages of the trial, Busang pleaded not guilty, but later changed his plea to guilty and made admissions in terms of Section 220 of the Criminal Procedure Act.
"This as he realised that evidence against him was overwhelming," the NPA said in a statement following the sentencing.
Convicted of 38 counts
Busang was convicted of 38 counts of contravening Section 86(4) of the Electronic Communications and Transactions Act, 2002.
The court grouped the offences according to the nature or type of spyware used.
He was sentenced to five years for each group of charges and the court ordered that some of the sentences on some counts should run concurrently, resulting in a sentence of 20 years in prison, half of which was suspended for a period of five years on condition that he is not found guilty of contravening any provisions of the Electronic Communications Transaction (ECT) Act.
"Busang was responsible for assisting employees with technical problems related to their laptops or desktops. He then used this opportunity, under false pretences that he was installing the latest software, to install spyware such as remote administration tools (RATs) and key loggers to overcome security measures designed to protect passwords and/or access codes to gain access to information from employees' laptops and desktops," NPA spokesperson Phindi Mjonondwane said.
"Busang made a statement to the investigating officer in which he claimed he was recruited by someone at a car wash and requested to help the syndicate to obtain the login credentials of the persons who make payments to creditors of GMA. He stated that he was promised a reward if he could provide the login credentials of certain employees, but could not get the login credentials of both the CFO and the CEO.
"He then brought a laptop which had been doctored and connected it to the GMA system so that his partners in crime could access the login credentials of the top executives remotely. At the time he had already been informed that GMA would terminate his services on 31 October 2013."
According to Mjonondwane, the head of IT realised that there were "irregularities" with the system and they decided to terminate his contract on 24 October 2013.
"Because the head of IT was next to him at all times when clearing his desk, he could not remove the doctored laptop. After vacating the building, he called his uncle who worked for GMA and asked him to remove the laptop and take it out of the building.
"The uncle thought the laptop belonged to GMA and took it to the assets manager. The assets manager called the head of IT who tried to operate it and realised that someone else was also operating it remotely. The head of IT figured that something was not right and they called IT security experts to help them.
"His actions resulted in GMA losing not less than R1.2 million to have the spyware removed and to replace some hard drives."
Senior State advocate Tilas Chabalala argued that each count carried a maximum sentence of five years' imprisonment.
He also said Busang was not a suitable candidate for correctional supervision because he previously disobeyed a court order to consult with a correctional officer who had been asked to compile a correctional report.
The NPA welcomed the sentence.