Connect with us

411

Major Security Flaws Exposed in South Africa’s Welfare System as Hackers Steal Millions

411

Northcliff Faces Water Outage: A Day-by-Day Account from Local Residents

411

How South Africans Can Earn Through TikTok: Unlocking Monetisation Tools

411

South Africa Withdraws Damaging Cannabis Food Ban: Industry Welcomes the Move

411

EFF Takes Legal Action Against 2025 Fiscal Framework, Denies ANC Meetings

411

South Africa Leads the World in Housing Affordability, But Rising Rent Prices Put Pressure on Tenants

411

Orania: South Africa's Self-Governing Town with Its Own Public Holidays and Currency

411

SA Teachers Could Quit Over Stress and Workload, New Study Warns

411

Johannesburg's Proposed 13.9% Water Tariff Hike Sparks Backlash Amid Growing Financial Strain

411

Gauteng Department of Education Cuts Ties with Nal'ibali After Sexual Assault Allegation

411

Easter Holiday Traffic Surge Demands Safer Roads and Smarter Fleet Management

411

South Africa Courts Gulf Investors in Ambitious $5.5 Billion Infrastructure Drive

411

Limpopo Police Arrest Three Illegal Miners, Seize R16 Million Worth of Equipment

411

SADC to Begin Phased Withdrawal of Troops from DRC Amid Ongoing Crisis

411

NSFAS Urges Landlords to Halt Student Evictions Amid Payment Delays

411

SAPS and Businesses Unite to Tackle Crime and Boost Public Safety

411

Discovery Sounds Alarm as Suicide Surpasses Car Accidents Among Clients

411

R500 million ANC spaza fund blasted by MK Party over food safety failures

411

Zimbabwe begins R5.8 billion compensation to white farmers over Mugabe land reform

411

Dirty Fuel Crackdown: South African Petrol Stations Face Closure, Not Fines

411

Huge Relief as Trump Pauses 30% Tariff on South Africa for 90 Days

411

"He Was Tortured": Shocking Claims in Joshlin Smith Confession Battle

411

Ramaphosa Calls Joburg ‘Crime-Free’ After Late-Night Patrol

411

Meta Expands Teen Safety Features to Facebook and Messenger in Major Update

411

Driving Licence Delays Continue in South Africa as Printing Machine Breaks Down Again

411

USAID Funding Cuts Push South African HIV and TB Services into Business Rescue, Staff Demand Salaries

411

South Africa's Competition Commission Approves Fibre Merger to Expand Network Access

411

How Small Towns Along South Africa’s Garden Route Are Embracing Bitcoin as Legal Tender

411

Life Partner’s Pension Claim Rejected by FST After UNISA Fund Stops Payments

411

Buyer Wins R683,050 Refund After Faulty Haval H6 Computer System Crashes

411

New Water Tower Project Set to Boost Supply for Midrand Suburbs

411

Water Outages Hit Joburg South as Eskom Begins Maintenance

411

Major Security Flaws Exposed in South Africa’s Welfare System as Hackers Steal Millions

Published

1 month ago

on

A damning cybersecurity report has revealed significant vulnerabilities in South Africa’s Social Relief of Distress (SRD) grant system, with hackers exploiting these weaknesses to steal millions of rands through fraudulent claims and identity theft. The findings, presented to Parliament by cybersecurity specialist Stanly Machote and auditing firm Masegare & Associates, highlight systemic failures that have left the welfare system exposed to abuse.

The Discovery of Fraud

The security flaws were first uncovered by two first-year computer science students, Joel Cedras and Veer Gosai, from Stellenbosch University. In 2023, the duo discovered that fraudsters were stealing identities and registering for SRD grants in the names of unsuspecting individuals. Their investigation revealed that the fraud relied on weaknesses in systems operated by mobile virtual network operator Me&you Mobile and banks like TymeBank and Shoprite.

Soon after Cedras and Gosai published their findings, hacking group N4aughtySec claimed to have stolen $10 million (approximately R175 million at the time) through SRD grant fraud. The group also alleged that it had gained privileged access to South Africa’s entire financial system via vulnerabilities in credit bureaus.

Key Vulnerabilities Identified

The Department of Social Development commissioned Masegare & Associates to investigate the SRD grant system following the revelations. The final report, presented to the Parliamentary Portfolio Committee on Social Development, confirmed significant vulnerabilities, including:

  • API Vulnerabilities: The system allowed unlimited queries, enabling fraudsters to check the application status of thousands of ID numbers without restriction.
  • Data Exposure: Sensitive details, such as whether a person had applied for an SRD grant, were exposed.
  • Anomalous Application Rates: Unusually high application rates for individuals born in certain years suggested widespread identity misuse.
  • Unofficial Websites: Fraudulent websites were harvesting personal information, posing risks of phishing and financial losses.
  • Weak Encryption: Communications between the SRD portal and users were inadequately encrypted, leaving data vulnerable to interception.

Despite these glaring issues, the report classified the vulnerabilities as a “medium threat level,” downplaying the severity of the risks.

Impact on Taxpayers

The exploitation of these vulnerabilities has cost South African taxpayers millions. N4aughtySec’s claim of stealing R175 million remains unverified, but the scale of fraudulent activity suggests significant financial losses. Cedras and Gosai’s initial investigation found evidence of thousands of fraudulent grants, with fraudsters using unverified eSIMs from Me&you Mobile and bank accounts from TymeBank and Shoprite to receive payments.

Lack of Accountability and Compensation

Despite their critical role in exposing the fraud, Cedras and Gosai were not compensated for their work. Meanwhile, the Department of Social Development spent approximately R280,000 on the official investigation, which largely confirmed the students’ findings without addressing crucial details, such as the total number of fraudulent applications or the current state of the system’s security.

Ongoing Risks and Reforms

Acting Sassa CEO Themba Matlou assured Parliament that the system is secure and that steps are being taken to address the vulnerabilities. “The system is secure. We’ve reconfigured the server after receiving the report, but obviously, there’s still work to be done,” he said.

However, concerns remain about whether fraudulent claims are still being paid out and how vulnerable the system remains to future attacks. The lack of biometric verification for all applications and the reliance on OTP-based authentication continue to pose significant risks.

The revelations underscore the urgent need for comprehensive reforms to secure South Africa’s welfare system. Strengthening encryption protocols, implementing biometric verification for all applications, and addressing server misconfigurations are critical steps to prevent further fraud.

As the government works to address these issues, the case serves as a stark reminder of the importance of robust cybersecurity measures in protecting public resources and ensuring that welfare systems serve their intended beneficiaries.

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com

Related Topics:
Continue Reading