Category: Azania

The Untouchables in a Gangster’s Paradise? Is it reasonable or ethical to make use of companies that do not consider themselves to be held accountable, for their actions in any private or public enterprise? While Big Tech has become seemingly untouchable, even from the US Supreme Court or Whitehouse, the same culture of supremacy, greed, lack of accountability, lack of transparency, and lack of responsibility seems to have created and sustained an environment in South Africa where IT negligence is acceptable, and lack of accountability is the norm, even when it comes to government institutions, contracts and tenders.

Just a few of the institutions in South Africa that have had their systems breached just over the last few weeks include: Transnet, Department of Justice, SA Space Agency, African Bank to name but a few, so the situation in South Africa has really gotten serious, yet no one is talking about it, especially not the so called IT Tech Media who are milking it in advertising revenues from the IT sector, especially during lockdown.

Just in government related systems, South Africans are facing potentially many threats, for example the capturing and encrypting of their data such as those being used by:

• SARS (South African Revenue Service)
• IEC (Independent Election Commission)
• Eskom (Including Koeberg control systems?)
• Public servant salary systems
• EVDS data (Electronic Vaccine Data System)

And unfortunately, many more, who we probably will never hear of…

The implications of security breaches in one or more of these systems will have dire consequences for all South Africans as they are public services, particularly in the current climate of political and economic uncertainty, instability and factions.

And it is not as though these data breaches are not preventable. For example, the DOJ equivalents in the United States and the United Kingdom have not had their systems breached. There will be cases where systems can still be breached, but the number and effect of these breaches will be limited if systems are properly maintained and secured. Is that not why so many millions are being spent?

According to industry insider iSAT, who is currently in litigation against Dimension Data and NTT Ltd., the following is an example of what needs to be done in this case, to help prevent more disasters and at least try and mitigate the problems South Africa is currently facing:

1. SITA (State Information Technology Agency) should immediately blacklist companies like Dimension Data and NTT Ltd (and any entity that either party is involved in) from competing for any SITA contracts. SITA is responsible for awarding contracts for government related IT infrastructure. See list of SITA service providers at RFB 1183 Contact details amended list- 02-03-2021.pdf (sita.co.za) Dimension Data have a long and sometimes difficult history with SITA. See Dimension Data dismisses corruption allegations (mybroadband.co.za)
2. Any existing contracts that Dimension Data and NTT Ltd may have in place with SITA, should be reviewed and preferably taken over by a third party with the correct experience and credentials and business ethics.
3. Non-government companies and institutions making use of Dimension Data and NTT Ltd infrastructure and/or consulting services should understand that they will be held fully responsible should data be stolen, and/or encrypted and losses be incurred by their clients and shareholders. They should get risk assessments done as a matter of priority.

 

As previously reported, after the catastrophic failure of Internet Solution’s Cloud Platform, in February 2019, it was disclosed, via an email from Internet Solutions, that the Cloud operating software being used, OpenStack, had not been maintained and updated by Internet Solutions for years.

The version of Openstack software had actually expired (reached End of Life) 4 years before the Cloud Platform failed. In the IT industry, not maintaining software, particularly, connected to the Internet, directly or indirectly, is as close to criminal negligence as it can get because that is after all one of the reasons you hire IT firms, to do due diligence on such seemingly trivial matters.

Shortly after this Cloud Platform failure, Dimension Data announced that Internet Solutions was getting absorbed into Dimension Data, Internet Solutions was widely recognized as the oldest Internet Service Provider in South Africa and the Internet Solutions brand name was extremely highly recognized and regarded.

Dimension Data refused to accept any accountability and denied negligence. ISAT approached NTT Ltd, the holding company of Dimension Data. Instead of taking the necessary steps to remedy the negligence, NTT Ltd instead accused iSAT of harassment. NTT Ltd thereby condoned the behaviour of its subsidiary. This is a typical step in the IT industry today, where IT companies attempt to bluster and take advantage of the ignorance, or lack of training, of their customers.

Having to fight the system themselves, iSAT then made public all documents relating to the negligence via the https://www.isat-vs-is-and-dd-and-ntt-ltd.net Web site, yet despite being asked multiple times to check the content of the Web site, Dimension Data and NTT Ltd, decided to rather try and hide the truth and take the approach of gagging iSAT via a court order. What do they have to hide?

iSAT readily agreed to take the Web site down until the case was heard in the High Court, which was finally done on 18th March 2021. The presiding Judge said that he would deliver judgement after 30 days. The matter being a simple one, iSAT had expected this to be a quick process, considering Dimension Data and NTT Ltd could not find anything that it considered incorrect on the Web site that iSAT had created.

Interestingly, almost as an indirect admission of guilt, the CEOs of Dimension Data (Grant Bodley) and NTT Ltd (Jason Goodall) announced in advance that they would be stepping down from their positions on 1st April 2021, which they duly did. The new CEO of Dimension Data is Werner Kapp and the new CEO for NTT Ltd is Abhijit Dubey.

Unfortunately, 6 months have passed with the two new CEOs in charge, Werner Kapp and Abhijit Dubey, and neither have attempted to contact iSAT, or make a relevant statement to the press, so it must be assumed that they too believe that the industry standard of correctly maintaining system software is unnecessary.

Various long standing Dimension Data executives, including founding members, also jumped ship and parted ways with Dimension Data in June 2021, see Dimension Data founder Jeremy Ord quits amid massive exec exodus | ITWeb .

Additionally, and more perhaps concerning, within weeks of the legal process starting, any employees of Internet Solutions/Dimension Data who had communicated with iSAT, were no longer employed by those companies.

Those employees include Michelle Brink (account manager), Andrew Green (Cloud engineer), Basha Pillay (Cloud manager for Internet Solutions) and Julian Sunker (Internet Solutions and Dimension Data CFO, and listed Director for Internet Solutions and Dimension Data).

It took 7 months, for the High Court judgment to be delivered against iSAT, exactly one day before iSAT was to release a press release it had forewarned Dimension Data of. A coincidence? iSAT forwarded details to the Directorate for Priority Crime Investigation (Hawks) to investigate that potential problem in their own time.

It is indeed in the interest of South Africans in particular that this information gets out. Nothing has changed. Dimension Data and NTT Ltd have still been negligent and refuse to accept accountability, especially in light of the South African judiciary system was compromised by cyber criminals, as SA-News reported on.

The cause of these breaches quite often, is when software being used is not being maintained properly. Most software updates released are security related. As can be seen from updates for Windows 10 and other Microsoft products, it is a dynamic environment where the hackers compete against the system managers who continuously have to bring out patches and updates to keep the system secure.

iSAT have been a lone voice in the wilderness trying to get people to understand how serious and how unacceptable this behavior is by large IT companies in South Africa, like Dimension Data and NTT Ltd, when they do not properly maintain systems connected to the Internet.

It should be clearly understood as well, that if the cybercriminals can encrypt data and demand a ransom, it means that they have access to the data to copy, and then sell, normally on the dark web.

It is thought that the Department of Justice (DOJ) hackers had access to the DOJ data since April 2021. High Court judges have had to resort to documenting legal matters on paper, DOJ data has been encrypted and is inaccessible. Data backups have also been encrypted. It should be realised and admitted that all data on breached DOJ servers will now be for sale on the dark Web.

When the information of Dimension Data/NTT Ltd.’s negligence was originally exposed in the press, no comment was made by any of the executives at the other large IT companies in South Africa, like for example Datacentrix, Westech, Business Connexion and Bytes.

Possibly because the press reaction to the news was fairly subdued. In South Africa and other countries there is often a problem with news reporting being one sided when one of the parties involved regularly provides paid content (advertorials) or advertising for the news site.

Dimension Data and NTT Ltd are owned by Nippon Telegraph and Telephone. Nippon Telegraph and Telephone employ over 300 000 people around the world and are 33.33% owned by the Japanese government. Does Nippon Telegraph and Telephone condone the negligence and lack of accountability of its subsidiaries Dimension Data and NTT Ltd? What does the Japanese government have to say about this?

Unfortunately, acting on this information could result in major job losses within Dimension Data and NTT Ltd, and the IT industry as a whole, both in South Africa and the many other countries that they operate in. However the risks for the general South African population as a whole will be reduced if actions like those of Dimension Data and NTT Ltd are brought to account.

According to iSAT, it may even be possible for those Dimension Data and NTT Ltd employees, who lost their jobs to institute a class action suite against NTT (Nippon Telegraph and Telephone).

There are of course many excellent employees at Dimension Data and NTT Ltd and iSAT still works with a group of those people in the Dimension Data business group Ignite.

iSAT recommends that individual South Africans check with institutions they make use of like banks, medical aid and insurance companies, and other medical institutions, to check whether these institutions are making use of Dimension Data or NTT Ltd, infrastructure or getting security support from them, or if the company they use is updating critical software as needed. Quite often updates are linked to extra costs.

These institutions should be made aware that in the case that their systems are breached, they been giving due warning and could be held liable by their clients/customers.

 

Read also: Cyber hackers try to steal Bitcoin to the value of R500 0000 on Johannesburg municipal computer system

 

---