Jamb Is not the First Here are ten instances in the last decade in which Nigerian government agencies have been hacked
JAMB Website Hack
The Joint Admissions and Matriculation Board of Nigeria (JAMB) announced that its website had been hacked. Ishaq Oloyede, the board's registrar, reported to journalists that the hackers stole over N10 million after gaining access to the board's intranet platform and modifying the profiles of its ad hoc workers.
He also added that the investigation resulted in the arrest of several individuals, including one Sahabi Zubairu from Taraba state. However, Sahabi is not the first hacker to successfully compromise a government website. Several attempts have been made over the last decade, but not all have been published.
Nigerian Government Agencies Hacks
The following are some of the recorded government hacks over the last decade.
1. Hacking of the NDDC and NAPEP websites in 2011
In 2011, hackers targeted two Nigerian government websites to protest President Goodluck Jonathan's upcoming presidential inauguration, which would cost $6 million.
A graphic image and a message took some of the material on the Niger Delta Development Commission's website (NDDC). Additionally, the website of the National Agency for Poverty Alleviation was allegedly targeted.
A group calling itself the "Naija Cyber Hacktivists" claimed responsibility for the attacks and threatened further attacks until the budget is reformed.
2. Hacking of the Nigerian Army Education Corps (NAEC) and the National Assembly website in 2012
Following the success of the NDDC hack, the Naija Cyber Hacktivists party struck again in 2012, this time during a protest against the fuel hike.
According to reports, the group seized control of the official website of the Nigerian Army Education Corps (NAEC) and defaced it with messages pleading with the army to halt its crackdown on demonstrators.
Later that year, a hacker going by the handle @LolSec allegedly hacked the Nigerian National Assembly's official website.
According to unconfirmed news, a large database containing the personal information of 1101 Nigerian and foreign officials with ties to the Nigerian government was leaked online on PasteBin. The leaked data allegedly included the officials' emails, passwords, phone numbers, job descriptions, and addresses.
3. NSCDC (Nigerian Security and Civil Defense Corps) & NEC (National Examination Council) 2013 (NECO)
Another significant government hack occurred in 2013 with the report of Adeniji Lukman, a 23-year-old graduate of the College of Education in Ilaro.
Adeniji was charged with breaking into the websites of many Nigerian government agencies, including the Nigeria Security and Civil Defense Corps (NSCDC), the States Security Service (SSS), the National Examination Council (NECO), and the Nigeria Customs Service, according to the Nigerian Tribune.
Additionally, the hacker is accused of stealing exam questions and answers from the Joint Admissions and Matriculation Board (JAMB) website and selling them to test-takers before the Unified Tertiary Matriculation Examination (UTME).
4. The website of the Lagos State Government was hacked in 2015
In 2015, an anonymous group with apparent links to the Shi'ite Islamic sect hacked the official website of the Lagos State Government.
The attack briefly took down the website, but according to The Guardian, its content was originally replaced with a message reading: "In the name of God, message to the Nigerian Government and State Sponsors of Terrorism (USA, Israel, Saudi Arabia, Turkey, and Qatar): Both Boko Haram and ISIS are terrorist organizations. They are assassinating Muslims and innocent civilians as a result of your filthy money. Hey Nigerian government, you murdered thousands of Muslims, including members of Zakzaky's family. Each of you is a terrorist. All of you are killers, God forbid.”
5. Websites of the NPF and CBN, as well as the NBC Twitter account, hacked in 2020
During last year's ENDSARS protest, Anonymous, a prominent decentralized foreign 'hacktivist' party, sided with Nigerian protesters by organizing a series of attacks against government accounts and handles in protest.
The group began by attacking and infiltrating the Nigeria Police Force's official website. It published documents on the text storage website pastebin.com containing the names, addresses, contacts, and account information of hundreds of police officers.
A day later, the hacker group obtained access to the National Broadcasting Corporation's (NBC) Twitter account via the victim agency's account. On the agency's Twitter timeline, they shared some pro-#EndSARS protest materials.
Later that night, Anonymous revealed it was targeting the website of the Central Bank of Nigeria. PREMIUM TIMES discovered that they had taken the central bank's website offline due to an internal server malfunction.
The apex bank, however, denied the attack, claiming that its website is stable.
JAMB Hacks in 2021
According to sources, Sahabi used Key Logger to gain access to the profiles of Ad hoc workers.
Key Logger is a piece of software that enables access to the profile of someone who logs in to a public cybercafé, even after the user logs out and leaves.
He mentioned that the platform was not for applications to become JAMB ad hoc staff but rather for JAMB ad hoc staff to provide their account information and names for allowance payment.
After obtaining the profiles, he removed the names and telephone numbers of the original ad hoc workers and replaced them with his.
In summary, hacking is not a new phenomenon in Nigeria. As stated previously, even the government has felt the brunt of it. However, the government has begun to progressively implement steps such as the Army's Crocodile Smile Cyberwarfare to protect the nation from cyber-attacks.
Regardless, the pattern of the JAMB hack demonstrates that a lack of knowledge among workers is the primary backdoor exploited by hackers.
IT Courses and Certification
Ethical Hacking Course and Certificate
Python Hacking Course and Certificate
Information Security and Cyber Law Course and Certificate
Internet/Cyber Security Course and Certificate
