SA: eNatis should be shut down

source: news24

01/06/2007 10:15  – (SA)
Adriaan Basson and Cobus Coetzee, Beeld

Pretoria – You don’t even need a password to hack into eNatis.

That was one of the shock findings by the auditor-general that Minister of Transport Jeff Radebe wanted to keep secret.

Pretoria High Court on Thursday rejected the efforts of Radebe and his department to gag Beeld newspaper, ruling that freedom of the press took precedence over Radebe’s right to keep a report by the A-G secret.

Beeld can now reveal the conclusions of the report, which is the second of three audits compiled by the A-G:

  •  it is possible to hack into eNatis;
  •  one does not need a password to log on as an eNatis administrator;
  •  documents on eNatis are not secured; and
  •  eNatis files can be circulated unprotected without any problem.

The department refused on Thursday to reply to enquiries by Beeld, and would not say if the shortcomings identified on February 21 this year by the A-G and conveyed to Transport Director-General Mpumi Mpofu still existed.

Professor Basie von Solms, head of the University of Johannesburg’s academy for information technology, warned on Thursday that eNatis should be stopped immediately to prevent criminals from hacking into it.

According to him, it could even be illegal to keep a system running with so many shortcomings.

Danger of hackers

He said: “It’s shocking to think that although the department was warned two months earlier about eNatis’s serious shortcomings, it appears they continued to implement the system, regardless of the findings.

“These serious shortcomings could already have led to hackers gaining access to eNatis, to commit sabotage, fraud and conduct all sorts of other unauthorised transactions.

“It’s not just irresponsible, but possibly also criminal to keep operating a system with so many shortcomings,” he said.

According to Solms, such management shortcomings were at odds with international IT practice.

“My first-year students could tell you that the deficiencies that were pointed out were some of the first that you would address, and they should not have been there two months before implementation,” he said.

Von Solms believed that if the security shortcomings still existed, the department should immediately switch off eNatis and sort out these aspects, before it could be used again.

Project manager laughed

“It’s an open invitation for a crime syndicate to crack into eNatis and it is plainly irresponsible if the department allows it to continue to function,” said Von Solms.

Werner Koekemoer, project manager of eNatis, laughed outside court when he was asked if the security shortcomings pointed out by the A-G, had been rectified.

Mpofu answered the question, saying: “As far as I know, yes.”

The department did not want to be specific about steps it may have taken to rectify the problems. news24



%d bloggers like this: