On 25 October, the City of Johannesburg tweeted that it had been the victim of a network breach, where it was forced to shut down various systems including its website, e-services, and billing systems.
Business Day reported that a ransom note, sent by Shadow Kill Hackers, demanded 4 bitcoin (about R435,000) before 28 October, or else it would upload the sensitive data online.
Nearly two weeks later, the City of Johannesburg’s website is offline and its call centre is unreachable, leaving residents unable to register for e-services or receive their bills.
The city has responded to complaints on Twitter, confirming that its systems are “temporarily down” – but there has been no further information about the cause of the outage or how long it will last.
According to MyBroadband, attempts to call City of Johannesburg hotlines reportedly “resulted in callers being told that the number does not exist, while attempts to access the City of Johannesburg’s website are unsuccessful.”
It is unclear whether the website’s current downtime is linked to the Shadow Kill Hackers’ cyber-attack.
The City of Johannesburg has said it suspected that malware has infected one of the servers hosting its Web site, causing major downtime last week.
This is just one in a long string of woes for the city.
The billing system, inherited from the ANC when the DA won the metro, has been in crisis for some months. The City tried to fix it by rolling out a new system, which automatically requires payment on the 15th of the month unless rate payers ask for it to be the 28th, by way of e-mail or the call centre.
As a result of the change in date, as well as a lack of postal notices and SMS notices, many household have unintentionally fallen behind in payment – or worse, have not, but have been cut off anyway. Re-instatement of electricity is a costly and time-consuming exercise, and falling behind on payments can impact credit ratings.
Local councillors instructed their ward members to use the CoJ Web site to ensure they know what they owe and don’t fall behind on payments.
However, the city’s website – https://joburg.org.za/ – was inaccessible through browsers like Google Chrome for almost two days last week, due to a malware warning from Google.
When attempting to access the site, Google’s safe browsing warning turns users away, stating that it contains harmful content – including pages that “send visitors to harmful websites”.
The city said it was aware of the issue, and had an investigation underway.
“Preliminary indications suggest that one of the servers hosting the website may be infected with malware. It is also possible that the outage may be a result of corrupted code,” said the City of Johannesburg.
“Fortunately, the city’s customer data has not been compromised as it resides in separate servers.”
According to the ZACR’s records, the City of Johannesburg is the registrant of the domain, while Internet Solutions is the sponsoring registrar.
Although the issues with the site have since been fixed, it leaves many questioning what kind of security is in place for one of the city’s most important databases.
Source: MyBroadband; My Office News