Jamb Isn’t the First! Here are 10 times Nigerian Govt Agencies have Been Hacked in the Last Decade
Nigeria’s Joint Admissions and Matriculation Board (JAMB) has reported that hackers breached its website.
Speaking to journalists, the registrar of the board, Ishaq Oloyede, revealed that the hackers stole over N10 million after gaining access to its intranet site and altering the profiles of its ad hoc staff.
He added that the investigation led to the arrest of one Sahabi Zubairu from Taraba state, among several others.
Sahabi, however, isn’t the first hacker to successfully hack a government website. Over the last 10 years, there have been several attempts but not all have been reported.
Based on Technext’s findings, here are some of the government hacks that have been reported in the last decade.
2011: NDDC and NAPEP website hack
In 2011, hackers attacked two Nigerian government websites to protest against the $6 million budget for the upcoming presidential inauguration of President Goodluck Jonathan.
A gory image and a message replaced some of the content on the website of the Niger Delta Development Commission (NDDC). The National Agency for Poverty Alleviation website was also reportedly attacked.
A group called “Naija Cyber Hacktivists” claimed responsibility for the attacks and threatened more attacks if the budget is not reformed
2012: Nigerian Army Education Corps (NAEC) & National Assembly website hack
After the success of the NDDC hack, the Naija Cyber Hacktivists group struck again in 2012 during the fuel hike protest.
The group reportedly took over the official website of the Nigerian Army Education Corps (NAEC) and defaced it with messages calling on the army to stop its clamping down on protesters.
Later in the year, a hacker going by the monicker @LolSec reportedly hacked the official website of the Nigerian National Assembly.
According to unconfirmed reports, a massive database containing personal details of 1101 Nigerian and international officials directly or indirectly related to the Nigerian government was leaked online on PasteBin. The leaked data allegedly had emails, passwords, phone numbers, job details and addresses of those officials.
2013: Nigeria Security and Civil Defense Corps (NSCDC) & the National Examination Council (NECO)
Another major govt hack was the 2013 report of Adeniji Lukman, a 23 graduate of College of Education, Ilaro.
According to the Nigerian Tribune, Adeniji was charged with hacking into the Websites of several Nigerian government agencies including the Nigeria Security and Civil Defense Corps (NSCDC), the States Security Service (SSS), the National Examination Council (NECO), and the Nigeria Customs Service.
The hacker also allegedly stole exam questions and answers from the website for the the Joint Admissions and Matriculation Board (JAMB), and sold them to test-takers prior to the Unified Tertiary Matriculation Examination (UTME).
2015: Lagos State Government website hack
In 2015, The official website of the Lagos State Government was hacked by an unknown group with apparent ties to the Shi’ite Islamic sect.
The attack temporarily shut down the website but The Guardian reported that before the site was taken down, its content was originally replaced with a message that read:
“In the name of God, message to Nigerian Government and State Sponsors of Terrorism (USA, Israel, Saudi Arabia, Turkey, Qatar): Boko Haram and ISIS are terrorists. They are killing Muslims and innocent people because of your dirty money. Hey Nigeria Government, you killed thousands of Muslims and specially Zakzaky’s family too. You are all terrorists. You are all murderers, God damn you.”
2020: NPF & CBN Website, NBC Twitter Account
During the ENDSARS protest last year, Anonymous, a popular decentralized international ‘hacktivist’ group took the side of Nigerian protesters by organizing several attacks against government accounts and handles in protest.
The group first attacked and infiltrated the official website of the Nigeria Police Force. It released documents containing names, addresses, contacts and account details of hundreds of police officers on a text storage website, pastebin.com.
A day later, the hacker group gained access to the Twitter account of National Broadcasting Corporation (NBC) via the victim-agency’s account. They posted several pro #EndSARS protest materials on the agency’s Twitter timeline.
Later that night, Anonymous disclosed it was attacking the Central Bank of Nigeria website. Checks by PREMIUM TIMES showed that the apex bank’s website went offline for an internal server error.
However, the apex bank denied the attack stating that its website is secure.
2021: JAMB Hack
Finally, we have the recently reported famous JAMB hack. According to reports, Sahabi gained access to the profiles of Ad hoc staff using Key Logger.
Key Logger is a software that allows access to the profile of anyone who has logged in using a public cybercafé even after the person has logged out and gone.
He said that the site wasn’t for application to become JAMB ad hoc staff, but for JAMB ad hoc staff to supply their account details and names for payment of their allowances.
After get the profiles he deleted the names of the original ad hoc staff and their telephone numbers and substituted them with his.
Hacks aren’t new in Nigeria. As seen above, even the government has suffered the brunt of it. However, the government have started to gradually put measures like the Army’s Crocodile Smile Cyberwarfare to check against cyber attacks in the country.
Notwithstanding, the pattern of the JAMB hack shows that lack of education amongst employees is the major loophole hackers exploits.
P.S; Some of the hacks were disputed by the Government and a few others are from unconfirmed sources. However, all reported cases show evidence that an attack took place.
If you’d like to get featured on our Entrepreneur Spotlight, click here to share your startup story with us.
Get latest Technology news, reviews, business-related content with a deliberate emphasis on the African narrative and insightful analysis in Nigeria – straight to your inbox.