On the 17th of May
In 2012 a member of the group had already tweeted about the fact that he believed the South African Police web applications and servers were vulnerable to an attack, like many other South African government websites. Back then he did not have any motives to attack them but after the Marikana massacre incident, where several striking miners
South African Police Service Website Hack Details
The South African police website hosts an ASP web application called Crime Stop. The
DomainerAnon exploited a simple SQL injection and
The 15,700 individuals, who used the website from 2005 and thought they had been providing information to the police anonymously and securely, now have their names known to everyone who managed to get his hands on the data dumps.
Included in the database dump were also the reports which range from rape cases to police brutality and beating. David Viaene posted a few censored examples on his blog. In the database
The South African police initially denied the hack attack until a reporter from a leading South African TV news channel called
From the technical point of view, this hacking attack seems to be very typical one
Web Application Security Reality Check
Hacktivism, i.e. hacking to promote political believes is on the increase and people's lives are being affected by it. Every website and web application owner should take responsibility and ensure that the data of everyone using his or her web applications is secure.
There is no magic formula one can use to secure web applications. Frequent scans with a web application security scanner will definitely save the day. In this particular case, if the South African Police Services used Netsparker to scan their web application they would have discovered the SQL injection vulnerability and avoided all this kerfuffle.