Wednesday, July 04, 2007

eNaTIS website hacked twice

At 3.30pm today the following story appeared on the News24 web site:
Cape Town - A part of the eNatis website appears to have been hacked, raising fresh fears over the security of the national system.
News24 received several tip-offs from the public on Wednesday that a section of the eNatis.com website had been breached by a hacker. When the "how do I" link on the eNatis.com website is clicked, the message "Sorry bro..anda terlambat. Patch By Tao. OK?!!." appears on a blank screen.
The words "!- Hacked by Tao -!" appear on the top of the screen.
No other parts of the website appear to have been affected by the hacker.
By 11pm the site had been hacked a second time. This time the front page was completely vandalised (as shown above).
Its ironic that the original page (see Google cached page) proudly states "New look for eNaTIS Website" and goes on to explain how they are using Joomla, an open source content management system. Obviously there are security holes on their server, which the first polite hacker pointed out.
I guess they had all gone home by 4pm and decided to fix it in the morning, leaving the system vulnerable to a more obvious hack. They clearly don't have a clue.

2 comments:

Anonymous said...

The used Joomla? I am sorry but the first thing that comes to mind is that there is something wrong with the awarding of the tender. A 400 mil Rand project and you use a free download website building tool to build your website. It is pathetic. If they think this guy actually hacked into here they are wrong. It is most likely a kid that downloaded a php injection code. If a real hacker was in there the database would be gone. think it is truely pathetic. Joomla?

Donn Edwards said...

Based on their press releases, I think they HAVE to use open source products wherever possible. It's government policy.

As far as I can tell the main eNaTIS servers are all running open source software as well. It wouldn't surprise me if the main database is MySQL as well, although it could be Oracle.

Whatever method was used to hack the site is irrelevant: the point is that they are going to use the site "later this year" for credit card transactions. I don't trust them with MY credit card number if they can't keep their site secure.