Emma Okonji examines the implications of attacks on government agencies and private institutions’ websites during the #EndSARS protests across Nigeria
Recently, most government agencies’ websites and a top pay TV company, came under attack, causing disruptions of free flow of information on their portals.
The cyber-attacks that were attributed to members of an anonymous hacking group, an online network known for launching attacks against government institutions, caused distortions of existing information on the affected websites. In some of the websites that were infiltrated, the hackers left messages criticising government on bad governance and corruption, and for its weakness to control police brutality on innocent citizens, especially Nigerian youths.
The hackers, within two weeks, hacked into multiple government websites and private organisation’s websites in solidarity with #EndSARS protest, including the website of the Central Bank of Nigeria (CBN), National Broadcasting Commission (NBC), Multichoice, among others, an action that portends great danger for the Nigerian economy.
Disturbed by the situation, software developers in the country, including cyber security experts have condemned the alleged hacking of the websites.
The hackers seized the twitter account of NBC and posted a series of messages, derisive of government, but supportive of the protesters. The CBN website was not spared as the hackers gained unauthorised access to the apex bank’s website to register their anger against what they described as bad governance and the high handedness of police on innocent citizens.
The CBN has however, denied reports that its website was hacked by an anonymous group.
According to a statement from CBN, “We wish to assure the Nigerian public and indeed all our other stakeholders that the CBN website is adequately protected and that there is no cause for alarm.
“We also wish to advise members of the online community to desist from peddling false news aimed at undermining the integrity of the Central Bank of Nigeria, which is our collective asset.”
Multichoice, owners of DStv and Gotv, also refuted claims making the rounds that its website was hacked same period by an anonymous hacking group, an online network known for launching attacks against government institutions.
A reliable source from Multichoice Nigeria, told THISDAY that there had been system upgrade on its network since, which affected customers’ transactions on the website. The source, however, said customers were informed few days before embarking on the system upgrade.
Part of the message sent across to customers of DStv, include: “Our services are currently offline. We are upgrading our systems from October 17, 11pm to October 19th 4pm. All self-service platforms are not available during this time.”
The Nigeria Computer Society (NCS), the umbrella body for all practising computer professionals in Nigeria, has warned against the current trend, where government and private enterprises’ websites are hacked into by the anonymous hacking group.
President of NCS, Prof. Adesina Sodiya, who gave the warning in Lagos, told THISDAY that the situation portends great danger for the Nigerian economy, and could lead to serious security breach. Sodiya, therefore, called on the federal and state governments to take proactive steps to end the hacking that had been attributed to the ongoing #EndSARS protesters.
According to him, NCS has noticed a serious security breach in the country now. Over 28 ‘state public-facing’ systems have been breached.
“As of now, at least 42-50, or more government websites are potential targets. There are also estimates that indicate that up to 30 government related sites have already been breached and more might be affected in the coming days. Government needs to act fast now before they start pasting our Automated Teller Machine (ATM) cards and Personal Identification Numbers (PINs) online now.”
Sodiya, who described the attacks as unethical, said such cyber-attacks would amount to unauthorised access to government and organisations’ websites, and punishable by law.
He said the cyber threat composed of a vast number of threats such as attack on physical system; authentication and privilege attack; denial of service as we are currently witnessing from hacktivist; global risks including non-state actors in cyberspace like anonymous compounded by pandemics, which have accelerated our digitisation timelines, but also introduced many related online fraudulent opportunities and scaremongering; malicious content; social engineering and value chain disruptions, among others.
“Nigeria might be under attack from both foreign and local actors, as we speak. Both private and public organisations are subjected to continue to experience different waves of attacks. The current situation is still manageable and we have to take urgent measures so as to protect the country from more terrible situations. This might also seriously reduce and undermine our ranking in the “Global Cybersecurity Perception Index,” Sodiya said.
He added, “On our own as the major information technology society in Nigeria, we have increased cyber security awareness programmes among individuals and corporate organisations. We shall continue to take measures towards ensuring that we are able solve our national cyber security challenges. NCS is ever ready to work with the Ministry of Communications and Digital Economy and Office of the National Security Adviser (ONSA) towards ensuring that we have a stable and secure online transactions. We wish to advise both individual and corporate members at this time to adhere to basic cyber security principles.”
Reacting to the alleged hacking of government websites, and its possible economic implications, the President of Institute of Software Practitioners of Nigeria (ISPON), Mr. Chinenye Mba-Uzoukwu, who distant the #EndSARS protesters from the alleged hacking, said the youths were only registering their displeasure against police brutality on Nigeria citizens, and would not involve themselves in hacking of government websites.
“The #EndSARS protesters are not hackers, they are only carrying out legal demonstrations that are based on facts in line with democracy. It is ridiculous for police to stop and harass software developers, who return home late from work or who dressed in a style that is not acceptable to the police. The idea of searching the laptops of software developers on the streets and in their homes and intimidating them by policemen, is unacceptable and must be stopped,” Mba-Uzoukwu said.
Saying any government website could be hacked, he, however, advised government to do well to protect their websites with high security standards.
A Cybersecurity Lawyer and Alternate Legal Adviser to Information Security Society of Nigeria (ISSAN) a cyber-security advocacy group, Mr. Nwabueze Obasi, who also condemned the alleged hacking of government websites, however said some unscrupulous persons could hide under the disguise of #EndSARS protest to hack government websites.
According to Obasi, the 2015 Cybercrime Law of Nigeria, forbids anyone to have unauthorised access to other persons’ or organisation’s website, which he said, remained a punishable offense.
“ISSAN has the professionals and capacity to trace and identify website vulnerability and attacks, and ISSAN will be willing to assist government in blocking all loopholes to cyber hacking,” Obasi said, while stressing the need for training and re-training of cyber security personnel in order to mitigate cyber-attacks.
He said ISSAN had commenced the process of establishing Cybersecurity Institute for training and retraining of cyber security exports.