Crucial gaps around the clarity of South Africa's laws are potentially crippling the country‚ rendering it blind to its own critical infrastructure vulnerability - giving organised crime gangs the potential to bring everything to a grinding halt‚ cyber security experts say. With hackers being specially groomed by crime groups and embedded in organisations vital for a country's functioning‚ they say‚ it's imperative the government's cyber and law enforcement agencies have the legal ability to scan for infrastructure vulnerabilities."South Africa has the technology and experts‚ but a lack of clarity around laws‚" said Ignus Swart‚ speaking on the fringes of the ITWeb Security Summit in Midrand.The summit has brought some of the world and country's top cyber security specialists together to discuss the threats of cyber crime.Swart‚ a cyber defence expert based at the Centre for Scientific and Industrial Research's safety and security department‚ on Wednesday revealed critical flaws within the country's laws.The flaws could potentially prevent government from legally scanning‚ via the Internet‚ for flaws in infrastructure such as power stations‚ harbours‚ airports‚ hospitals‚ communication and industrial facilities.The vulnerabilities include breaches in databases and CCTV and ventilation systems needed to keep critical hardware constantly monitored and cooled."In 2007‚ the Internet was believed to carry about 80% of information useful in detecting vulnerabilities. Today‚ it's nearly 100%."He said this information was available to anyone‚ including hackers."We know of potential problems‚ but getting that information is incredibly difficult."Using open source internet services‚ people like Swart are able to glean the information‚ but he says it's not all verifiable."About 40% of what we are detecting [vulnerabilities] is accurate‚ which is why we need these laws‚ so we can check properly and accurately."The same open source websites‚ which Swart uses‚ are exactly what organised crime gangs are using to infiltrate database systems of infrastructure critical to the functioning of a country.He said while systems were vulnerable‚ the most vulnerable were staff. Crime gangs could have “extortable” information on their targets‚ and were therefore able to exploit them.An example of such information‚ said Jason Jordaan‚ an organised cyber crime specialist‚ was the recent breach of the international website‚ Adult Finder."People‚ including South Africans‚ who could be politicians and company executives‚ have personal data‚ such as themselves engaging in 'extramural activities' on these sites which have been compromised. Those with the data can‚ and do‚ use it for extortion‚" he said‚ citing South Africa's extreme vulnerability to organised crime gangs.Swart said at the moment the country's responses to certain vulnerabilities were reactive. "They need to be proactive."He said vulnerabilities within organisations’ computer systems‚ known as open resolvers‚ were being exploited."Globally there are 20-million 'open resolvers'. In South Africa there are 4600‚ with hackers only needing 1000 to launch a significant unstoppable attack. This is how Estonia was crippled. Such attacks‚ which are a high possibility‚ are an act of war."These attacks are well masked‚ often launched from one country against its allies without the 'attacking' country even knowing until it's too late."Swart said open resolvers‚ by their nature‚ only required a small reconfiguration to fix‚ which was often very quick.He said scanning of open source Internet sites had revealed huge potential problems‚ with a wide range of South Africa's infrastructure vulnerable to simply being "switched off"."We are vulnerable. Others can scan us and do so daily‚ but we by law at the moment cannot scan ourselves."He said information they gained from the open source services was being collected and collated."The problem for now is that the collation is manual. We are in the process of creating automated systems where this data can be collected and quickly verified."What is scary for us is not just vulnerability around hardware and software‚ but also that of personal human information‚ which companies are leaking at unacceptably high rates."He said two South African insurance companies’ databases were recently discovered available on the Internet‚ containing the information of nearly 800,000 clients including contact numbers‚ addresses and salaries.This information‚ he said‚ made people huge targets for criminals. – The Times..