354 Part Two Information Technology Infrastructure

INTERACTIVE SESSION: TECHNOLOGY

MWEB BUSINESS: HACKED
MWEB, launched in 1997, became South Africa’s • High-speed antivirus/antispyware software with
leading ISP in 1998. It has established itself as a automatic updates
company that provides a cutting-edge network and • An enhanced firewall
service infrastructure and outstanding customer ser- In addition, MWEB automatically protects custom-
vice. Currently, MWEB’s customer base of 320,000 ers against junk email and viruses that are sent via
includes home users; small, medium, and large email. Its virus filter ensures that only virus-free
business customers; and corporate clients. MWEB email is delivered to clients’ inboxes by automatically
won the ISP of the Year award at the MyBroadband cleaning e-mails from recognized malware sources.
Conference in Johannesburg in 2010. The award was MWEB advises its customers to keep their ADSL
based on the performance of its various broadband connections safe from bandwidth theft and account
services as well as on customer satisfaction. abuse by blocking unsolicited incoming connections
Its business division, MWEB Business, was to network ports commonly used by hackers.
founded in January 1998. MWEB Business prides Despite the multitude of security services offered
itself as being a business partner that is perfectly by MWEB, a number of MWEB Business subscribers’
positioned to leverage the power of Web-based account details were compromised when their logon
technologies in all areas of an organization. MWEB and password details were published on the Internet
Business helps companies: by hackers. Initial reports indicated that as many as
• Manage business data in ways that add real 2,390 users of MWEB’s business digital subscriber
value and insight to their operations lines were affected. The company disclosed the
• Integrate existing systems with the Internet so security breach on October 25, 2010. It appears that
as to close the gap between technology, strategy, hackers gained access to the Internet Solutions’ self-
and the organization’s bottom line service management system that MWEB Business
• Develop, manage, and maintain solutions that uses to provide and manage business accounts that
include all aspects of Internet connectivity, Web have not yet been migrated to the MWEB network.
site development and hosting, broadband and Historically, MWEB Business was a reseller of
wireless applications, e-commerce, and consult- Internet Solutions’ Uncapped & Fixed IP ADSL
tancy services services, which were provisioned and managed by
• Manage internal information among employees, MWEB using a Web-based management interface pro-
as well as among business partners and suppli- vided by Internet Solutions. All new Business ADSL
ers services provided after April 2010, as well as the bulk
MWEB has moved forward in publicizing its plans of legacy services already migrated, used MWEB’s
for the South African Internet market. According internal authentication systems, which were com-
to MWEB CEO Rudi Jansen, the company needs to pletely unaffected by this incident.
improve the quality of their network, which is not MWEB responded quickly to the hacking inci-
only an MWEB problem, but also a Telkom network dent. According to Jansen, about 1,000 clients on the
problem. Despite having a less-than-ideal network Internet Solutions network needed to be migrated
infrastructure, MWEB uses AVG Internet Security to from the old server which was attacked by hackers.
offer its customers the best possible security while Although the network was quickly secured, most
online. AVG Internet Security offers MWEB custom- customers had recently been moved to MWEB’s IPC
ers the following features: network. MWEB would also be contacting these cus-
• Identity protection for safe banking and shop- tomers to reset their passwords, as an added security
ping measure. Jansen was quick to note that no personal
• LinkScanner for safe surfing and searching information was lost and that none of MWEB’s cli-
• WebShield for safe social networking, chatting, ents suffered any losses as their usernames and pass-
and downloading words had been recreated and changed. He further
• Antiphishing and antispam for a safe unclut- added that MWEB successfully repels 5,000 attacks a
tered inbox day.
 Chapter 8 Securing Information Systems 355

Andre Joubert, general manager of MWEB Sources: “2010 MyBroadband Awards: The Winners and Losers,”
MyBroadband, October 19, 2010 (http://mybroadband.co.za/
Business, emphasized that only ADSL authentica-
news/ broadband/15951-2010-MyBroadband-Awards-The-winners-
tion usernames and passwords had been compro- andlosers. html, accessed November 17, 2010); “About MWEB,”
mised. The integrity of the personal or private data MWEB (www.mweb.co.za/productspricing/MWEBBusiness/
related to the accounts remained intact, as did the AboutMWEBB usiness.aspx, accessed November 17, 2010); “Hackers
Target MWEB,” NewsTime, October 25, 2010 (www.newstime.
access credentials for each customer’s bundled onsite co.za/ ScienceandTech/Hackers_Target_M-Web/13618/, accessed
router. Joubert did acknowledge the seriousness November 17, 2010); “MWEB Business Tackles ‘ADSL Hacking’
of the hack, apologizing for any inconvenience the Incident,” MyBroadband, October 25, 2010 (http://mybroadband.
co.za/news/adsl/16077-MWEB-Businesstackles- ADSL-hacking-
breach may have caused to MWEB’s customers. As incident.html, accessed November 17, 2010); “MWEB Business
soon as the breach was identified, MWEB took imme- Takes Action in ‘Hacking’ Incident,” Moneyweb, October 25, 2010
diate action to evaluate the extent of the breach and (www.moneyweb.co.za/mw/view/mw/en/ page295027?oid=5
12545&sn=2009+Detail&pid=287226, accessed November 17,
to limit any damage. In MWEB’s defense, Jansen said
2010); “MWeb hacked, users’ details exposed,” TechCentral, October
that MWEB constantly advises its customers to be 26, 2010 (www.techcentral.co.za/mwebhacked- users-details-
vigilant regarding their online data and security. In exposed/18366/, accessed November 17, 2010).
addition, MWEB was working closely with Internet
Solutions to investigate the nature and source of the Case contributed by Upasana Singh, University of
breach to ensure that it does not happen again. KwaZulu-Natal

C A S E S T U DY Q U E S T I O N S
1. What technology issues led to the security breach 3. If you were an MWEB customer, would you con-
at MWEB? sider MWEB’s response to the security breach to
be acceptable? Why or why not?
2. What is the possible business impact of this secu-
rity breach for both MWEB and its customers? 4. What should MWEB do in the future to avoid
similar incidents?

of software metrics include the number of transactions that can be processed

in a specified unit of time, online response time, the number of payroll checks
printed per hour, and the number of known bugs per hundred lines of program
code. For metrics to be successful, they must be carefully designed, formal,
objective, and used consistently.
Early, regular, and thorough testing will contribute significantly to system
quality. Many view testing as a way to prove the correctness of work they have
done. In fact, we know that all sizable software is riddled with errors, and we
must test to uncover these errors.
Good testing begins before a software program is even written by using a
walkthrough—a review of a specification or design document by a small group
of people carefully selected based on the skills needed for the particular
objectives being tested. Once developers start writing software programs, coding
walkthroughs also can be used to review program code. However, code must be
tested by computer runs. When errors are discovered, the source is found and
eliminated through a process called debugging. You can find out more about the
various stages of testing required to put an information system into operation