<\/p>\n
The State Information Technology Agency (Sita) is responsible for much of the state\u2019s computer systems including websites. On 24 May Sita published a statement denying social media claims that \u201cSita and government infrastructure\u201d had been hit by a \u201ccyberattack or unauthorised access\u201d.<\/p>\n
\u201cOur systems remain secure,\u201d said the statement.<\/p>\n
Read: Sita denies Nigerian \u2018hactivists\u2019 gained access to SA government systems<\/p>\n
We used a standard industry tool to examine the government\u2019s internet services. These are hosted mostly, but not only, on the gov.za domain.<\/p>\n
We looked at the section of the internet for which Sita is responsible separately to other government sites. In this article we show the results of the Sita network only.<\/p>\n
We found that the government\u2019s systems are insecure.<\/p>\n
The details are technical, so we have divided this article into two parts. The first part is a simplified non-technical description of the problem. The second part, for those who are interested, is a technical description.<\/p>\n
Simple explanation<\/p>\n
We investigated Sita\u2019s internet space using Shodan, a search engine for internet-connected devices. Our analysis shows that Sita has hundreds of public-facing services that use outdated technologies and have numerous known software vulnerabilities.<\/p>\n
Some of the insecure services include those of the Deeds Office, the Limpopo health department and the Western Cape government, but there are many, many more.<\/p>\n
In response to our questions, Sita told us that it is only responsible for about 37% of government services. We\u2019re not sure what on the Sita network Sita itself is directly responsible for. When we asked, Sita told us this information is confidential.<\/p>\n
ADVERTISEMENT<\/p>\n
CONTINUE READING BELOW<\/p>\n
Sita said it \u201cperforms regular security assessments and vulnerability analyses on all systems under its direct management\u201d. But its own site is vulnerable. (Read Sita\u2019s responses to our first set of questions and second set of questions.)<\/p>\n
When cybersecurity people identify vulnerabilities in commonly used software, they eventually publish these in a public database so that IT workers can be aware of them and take appropriate action. These vulnerabilities are called CVEs (for Common Vulnerabilities and Exposures).<\/p>\n
CVEs get a score from 0-10. The higher the score, the more severe the issue is.<\/p>\n
The Sita network has over 900 unique CVEs. Of these, 126 are critical. These CVEs are repeated across the Sita network, with just over 5 000 vulnerabilities in total.<\/p>\n
Much of the software on the Sita network is outdated. The Sita website itself, https:\/\/www.sita.co.za, has outdated, insecure software.<\/p>\n
It is hard to overstate how serious this is. For example, when the GroundUp site has only one serious outstanding CVE, we rush to sort it out, as any responsible maintainer of a critical system does.<\/p>\n
This is despite Sita\u2019s claim that their \u201csecurity operations teams operate on a continuous, 24\/7 basis and are equipped with monitoring and threat-detection capabilities\u201d.<\/p>\n
The oldest security flaw on Sita\u2019s network was revealed in 2006 (see here, here and here, for example) when Thabo Mbeki was president. It is still there, repeated over and over across the network.<\/p>\n<\/p>\n
This graphic shows the HTTP response header that deeds.gov.za sends back to every browser, scanner, and attacker that connects to it. Each highlighted version has passed its vendor end of life date.<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
The Deeds Office encryption mechanism also has a severe vulnerability, according to SSL Labs. Although the Deeds Office sits on the Sita network, the Deeds Office spokesperson told us that they use a company called DLRRD Deeds ICT to manage their IT systems. So it\u2019s not clear to us who is responsible for preventing and fixing problems like this.<\/p>\n<\/p>\n
This graph shows the number of vulnerabilities (CVEs) and their severity (CVSS) for deeds.gov.za. The Deeds Office address is merely an example. There are many other gov.za addresses that are plagued with vulnerabilities.<\/p>\n<\/p>\n
SUCURi shows that Sita has been using an old version of Drupal (retired over a year ago), which is a high security risk.<\/p>\n
This is despite Sita telling us, \u201cthere is a monthly vulnerability scanning process for all the Sita-hosted websites\u201d and as part of a \u201crisk management process forgotten, unused, or legacy internet-facing services are removed following approval from owner departments\/entities\u201d.<\/p>\n
10\/10 vulnerabilities<\/p>\n
Many of the CVEs have known exploits (ways to get into the system), including seven of the most critical CVEs. In other words, people with ill intentions can take advantage of the vulnerabilities on the Sita network. Some relate to Microsoft Exchange Server, which hosts some government email services.<\/p>\n
In 2021, a group of state-sponsored attackers used an exact vulnerability (dubbed ProxyLogon) present on the Sita network to break into Microsoft Exchange Server sites belonging to organisations around the world.<\/p>\n
This allowed them to access the mail of all users. The vulnerabilities were fixed at the time by Microsoft, but some Sita assets still appear vulnerable.<\/p>\n
Read:
The endless capture, flirting far too dangerously with national security
State spends billions, IT systems still failing<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
Some of the CVEs relate to Microsoft\u2019s file-sharing protocols. These carry the maximum possible severity rating of 10 out of 10. They have been used by attackers to break into servers and deploy ransomware and other malware.<\/p>\n
These are not flaws that require highly sophisticated skills and tools to exploit. There are ready-made tools that have been publicly circulating for years that do it for you.<\/p>\n
Technical details<\/p>\n
We ran our Shodan analysis of the Sita ASN (AS37130) on 24 May, and re-ran it on 2 June.<\/p>\n
Shodan identified 2 150 exposed services across 1 112 unique internet-facing hosts. Of those, 152 hosts were identified as having at least one known vulnerability \u2013 one in seven. The dataset spanned more than 30 identifiable government departments that have IT services managed by Sita.<\/p>\n<\/p>\n
There were over 900 unique CVEs. Of these, 1 25 are critical (9.0-10.0). In total (with duplication), there were 5 014 CVEs across the network.<\/p>\n
Some Shodan vulnerability matches are based on detected software versions, and will be false positives. Nevertheless, it is clear that many systems on the Sita ASN are old, exposed, and insufficiently maintained.<\/p>\n
\u00a9 2026 GroundUp. This article was first published here.<\/p>\n
#Government #computer #systems #secure #looked #theyre<\/p>\n","protected":false},"excerpt":{"rendered":"
The State Information Technology Agency (Sita) is responsible for much of the state\u2019s computer systems…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[4212,2333,7001,5337,5826,2627],"_links":{"self":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/8010"}],"collection":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8010"}],"version-history":[{"count":0,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/8010\/revisions"}],"wp:attachment":[{"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8010"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8010"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}