We Need to Talk About Nigeria and Cybersecurity

Keeping information secured and protecting the integrity of data over the internet is now becoming a huge and complex task, due to the increasing number of threats to the information security.

Cybersecurity should already be a top priority for any government or privately owned establishments that are serious about their businesses, as well as protecting the integrity of their data and/or/especially data belonging to their clients.

It is thus very worrisome to see that up to now, in Nigeria, both the government and the private establishments are not giving information security (most especially those available on the internet) the necessary attention that it deserves, thus turning Nigerian cyber-space into a hotbed for hackers.

Even though the Nigerian government has cybersecurity laws in place that clearly state the punishments awaiting those that take part, in anyway, in cyber-security breach, it seems that the government is oblivious of the fact that it also has the responsibility of taking control measures that will enhance the security of the Nigerian cyber-space, so that breaching the cyber-security would not be as ‘easy’ as it seems to be now.

The government’s failure to take this responsibility is what makes the Nigerian cyber-space so vulnerable to the extent that hacking a government owned websites is now becoming a common thing that we hear about every now and then, despite the huge maintenance costs being budgeted to manage the websites.

It should not be forgotten that hacking government-owned Nigerian websites started as far back as 2012, when a website belonging to an agency of the Federal Ministry of Health was hacked and taken down by some hackers identified to be of foreign origin.

The website (nphc.gov.ng), for National Primary Health Care, was hacked and taken down for a period of more than two weeks!

But - much to the amusement of the press - after contacting the ministry about the incident, the ministry said that they were not aware it had taken place!

In 2013 also, the website belonging to the Federal Government (nigeria.gov.ng) was hacked and taken down by the Nigerian members of the world renowned hacktivits’ group called Anonymous.

The website was hacked, as mentioned by the hackers, due the Anti-gay law that the then government was about to pass.

The hackers warned the then president that, if he succeeded in passing the bill into law, they’ll make a startling revelations of documents exposing the massive corruption that characterized his government. It was after this hacking incidence that the government took the bull by the horn by passing 14 years jail term to anybody found taking part same-sex marriage or homosexuality. Earlier before hacking the nigeria.gov.ng, the national assembly was hacked in an attempt by the hackers to influence the passing of the Anti-gay law bill. It’s after this attack that the hackers made available, to the public, a huge database containing personal information of about 1101 persons both Nigerians and foreigners that have some relationship with the National Assembly.

After the above incidences, it seems that the government did not learn anything, because the hackers keep taking down the government owned websites one after the other unabated. In 2016, a website belonging to the court of appeal (courtofappeal.gov.ng) was also hacked and taken down by another notorious hackers’ group. In 2017 also, a website belonging to the Nigerian law school (lawschool.gov.ng) was hacked as information were leaked to the public.

More recent of the hacking incidences were those of the SMEDAN websites and, again, National Assembly website. The website belonging to the Small and Medium Enterprises Commission (smedan.gov.ng) was hacked some few months back (in 2018) by a hacker who identifies himself (as written on the homepage) as Ismael Chriki. The website took time before it was recovered. The latest happening is the hacking of the website belonging to the second arm of Nigerian government -National Assembly (nass.gov.ng). The hacker who identified himself as Mr.OneJack, bearing an {InfoSec} logo, leaked a lot of documents and files belonging to the website. Up to the time of writing this article, the website is still in the control of the hacker(s).

Government owned websites are not the only target by the hackers, they also, for often, target Nigerian banks stealing credit cards information and account details. More recent was incidence of one Medical doctor turned hacker, who was arrested by the Lagos state police command. He was alleged to have been hacking the Nigerian banks and stealing money. He said, while paraded to the press, that “the Nigerian banks are very very easy to hack….” Nigerian banks lose a lot of money to the activities of hackers within and outside of Nigeria.

The government needs to understand that, having cybersecurity laws is not enough to checkmate the activities of hackers, but also living up to its responsibility of providing measures that will strengthen the security of Nigerian cyberspace. 

These measures include, but no limited to, applying the international standard for information/internet security and mandating all its ministries, agencies, arms as well as the private sector to abide by the standards, making sure that the jobs of handling the cyber-security are given to a competent and qualified hands as opposed to the current practice of who-knows-you-and-who-do-you-kow that favors the mediocre over the merited.