I read an article on lexpress.mu today that mentioned the Minister of Public Infrastructure saying a database of the ministry was “hacked”. The article is accompanied by a video in which we see the Minister clearly stated the word “hack”. While I am glad and I appreciate the guts of the Minister to make such a public declaration, I also realize that the lack of transparency might have covered up security breaches in the past. Nothing either guarantees the citizens of the Republic of Mauritius to ever be informed of such data breach, that could affect the lives of the citizens in the future.
Accessing a government database remotely. How?
As the video continues I understood that an officer of the ministry could remotely access a database, he tampered the data and also made a copy of the database. Assuming that the officer had the credentials of the database it certainly might be easy for the person to execute the changes from within the Government network; even though the changes might not be authorized.
The worrying part is when the Minister says that the person is able to access the database and manipulate data remotely; that is from outside the Government network.
The news of the “hacked” database was also reported by defimedia.info.
To my question during the Cyber Security Conference 2014, regarding the number of security incidents recorded in Mauritius, I received no answer from the Computer Emergency Response Team of Mauritius (CERT-MU).