The R300 million stolen through cybercrime over a decade at the Department of Public Works and Infrastructure (DPWI) points to the failure of controls at multiple levels, a cyber expert has said.
Public Works and Infrastructure Minister Dean Macpherson said he “decided to take the public into his confidence in the interests of transparency to reveal a staggering cybercrime-related matter that has been unearthed by the department”.
As a result, four employees – three senior management officials and one middle-management official – have been placed on precautionary suspension, while 30 laptops have been seized since the most recent cyber hack attack which occurred in May where R24m was stolen.
The Hawks confirmed that no arrests have been made as yet.
Macpherson said the amount could be more as the investigations continue.
“It has become clear that the department has been a soft target and playground for cybercriminals for over a 10-year period, and this should have been picked up a lot earlier.
“I cannot discount the possibility of collusion between officials and criminals in this prolonged period of theft.
“It is clear that we need better financial controls, which I have said to the department are a matter of urgency.
The investigation will be expanded and deepened to find the masterminds and the beneficiaries of this grand theft, and I want to see them in prison.”
State Security Agency spokesperson Sipho Mbhele said: “Given that former minister Sihle Zikalala instituted a full forensic investigation through a multidisciplinary team in May 2024 and the SSA is part of that team, our view is that the team must be given space to conclude its work and provide a detailed report to DPWI.”
Hawks spokesperson Katlego Mogale said the investigation by the Serious Economic Offences was focused on contraventions of the Cybercrimes Act, theft, and money laundering in terms of the Prevention of Organised Crime Act.
The department was forced to shut down all its payment systems, causing significant delays in the payment of its creditors. Cybersecurity expert Grant Hughes said for any breach to occur, “a failure of controls must precede it, often at different levels”.
“Organisations implement controls at three levels: people, process, and technology. Do you have qualified and ethical individuals working in your organisation? Without knowing the specific details, for an incident to span over 10 years, it speaks to a failure of controls at all three levels.
“We cannot speculate whether state employees were involved or not.
The investigation must run its course and reveal the truth. Fortunately, with advancements in digital forensics, it is often possible to trace the money. Over a 10-year period, one can safely assume mistakes were made by the criminals as they would likely have become complacent. This will aid investigators. To avoid future breaches of this scale, a systemic approach is required to re-architect critical systems,” said Hughes.
Digital forensics, cybercrime and fraud investigation expert Craig Pedersen said the looting was “fraud, not a breach or cyberattack”.
“The most obvious option here is that they’ve found an internal vulnerability to siphon off funds or make irregular payments. As a theft of funds, this seems more of a case of ‘high-technology crime’ than cybercrime really.”
Cape Times