Last Friday, the VDM website's home page displayed the hacker's message.
By Tshifhiwa Mukwevho and Anton van Zyl
As if the embattled Vhembe District Municipality does not have enough problems, the municipality’s website has become the target of hackers. Last Friday, the site was unavailable for part of the morning, with the message “Hacked by Semtex – Kill or be killed” displayed across the screen. The past week, Google’s Chrome browser flagged the site as a possible phishing site.
When the VDM’s spokesperson, Moses Shivambu, was approached for comment, he did not elaborate on the cause of the problems. He said that they were aware of the website issue and were busy fixing the corrupt file. He assured residents that none of their other systems were attached to the website.
The fact that the website is vulnerable means that residents should be careful when accessing forms. Earlier this week, Google’s Chrome browser issued a security warning to users visiting the site. It stated that “Google Safe Browsing recently detected phishing on www.vhembe.gov.za. Phishing sites pretend to be other websites to trick you.”
The hacker or hackers seemingly exploited some security vulnerabilities and infiltrated the VDM’s website, which makes use of a “building” platform called Drupal. Such platforms are very vulnerable to attacks if not updated regularly.
Friday’s hacker seemed to have used a security loophole and replaced the home page with his or her own page, displaying the Semtex message. Semtex is described as “a very pliable, odourless plastic explosive” and is a popular “weapon” in several computer games, where it forms part of the player’s armour. It may have been a subtle message to tell the site owners that the hacker has planted a “bomb” on the site which could “explode” at any time.
Whereas the “Semtex” hacker might only have been messing around with the site, the phishing attacks can be more dangerous. Hackers try and trick the website visitors into supplying them with personal details, such as names, ID numbers and addresses. In certain phishing incidents, the scammers try and trick people into supplying banking details as well.
On Wednesday the VDM’s website still displayed the warning, mostly because Google had added the site to its list of “unsafe” sites.
The Limpopo Mirror contacted a few website experts, asking them to have a look at the site. The general consensus was that the security issues had been addressed, but visitors to the site were warned to be extra careful and to always double-check the address at the top of the browser. This is necessary to ensure that the site you are on is in fact the correct one and not a suspicious-looking address.
Date:23 March 2019 - By: Tshifhiwa Mukwevho
Tshifhiwa Given Mukwevho was born in 1984 in Madombidzha village, not far from Louis Trichardt in the Limpopo Province. After submitting articles for roughly a year for Limpopo Mirror's youth supplement, Makoya, he started writing for the main newspaper. He is a prolific writer who published his first book, titled A Traumatic Revenge in 2011. It focusses on life on the street and how to survive amidst poverty. His second book titled The Violent Gestures of Life was published in 2014.