Sunday, 5 May 2013

Online guerillas: The world of Nigeria’s Hackers


Culled from PunchNG

After an exclusive interview with Nigeria’s foremost hackers and discovering some hacking institutes in Lagos, ARUKAINO UMUKORO, writes a two-part series on the world of hackers
The interview was initially scheduled for 6pm. But after two and a half hours, there was still no sign of him.
It felt like waiting for an armed man in a dark and dangerous alley even though the interview was on Skype, an online service that allows users to communicate via voice, video or instant text messaging.
The first meeting had happened a day earlier on Twitter.  “Hello. I have to send you a DM (direct message). Please kindly follow back,” our correspondent tweeted.  It took 24 hours to get a response from NaijaCyberHactivists, who, going by their short, but eventful history, are arguably the most famous hacker-activist group in Nigeria.
“We can chat on Skype. No audio or video. Our schedule is very hectic. We’ll contact our spokesperson if he is available,” their message read
At first, the group declined granting SUNDAY PUNCH an interview but its representative changed his mind after he had verified the identity of our correspondent. He then asked for our correspondent’s time zone, an indication that the person representing the group was probably outside Nigeria or it was simply a decoy.
Later that night, after a prolonged period of waiting, the ‘spokesperson’ finally came online. He specifically asked that the interview lasted for only 20 minutes.
“How many government sites have you hacked into so far,” our correspondent asked.
“Honestly we can’t remember all of them, but we can name a few, the EFCC and the NLC websites,” he said and added that the group started in October 2010.
“The NCH is an organisation with members across the globe, fighting for a common cause, fighting against corruption and using the Internet and hactivism as a medium. We use defacement as media,” he added and reminded our correspondent that the group had used this effectively in its protests against fuel subsidy removal.
 “Basically, we are fighting for good governance and against corruption,” he said.
According to him, members of the NCH are not into hactivism for financial or political gains because they all have paid jobs and are not politically associated with any group.
“We don’t know if we have prominent members in our organisation or where our members are physically located. We have members spread across regions. We just meet in our private IRC (Internet Relay Chat) room,” he explained to SUNDAY PUNCH, but refused to answer when asked if he thought the group’s activities could have negative consequences or give rise to criminal hacking groups in the future.
Styled after globally renowned hacker-activism groups such as Anonymous, which successfully hacked into US Federal Government agencies, including the Federal Bureau of Investigations and US Department of Defence, NaijaCyberHactivists hacked its way into global prominence in 2011 after it attacked government websites in Nigeria, including that of the National Poverty Eradication Programme and the Niger Delta Development Commission, to protest the $1 billion the Federal Government had earmarked for  President Goodluck Jonathan’s inauguration and the delay in the signing of the Freedom of Information bill.
During the nationwide protest against fuel subsidy removal in January 2012, it also attacked some other government websites in solidarity with the protesters. Similarly, it defaced the website of the Nigeria Labour Congress to express displeasure at the group for ‘selling out’ to the Federal Government after the strike and protests had been called off.
Their modus operandi-defacing a website-looked simple, but it was very effective in passing their protest messages across. While their actions raised questions over the security of websites owned by government agencies, it also showed the increasing rate of online attacks on government websites.
According to a recent survey by Centrex Ethical Lab, a Nigerian cyber-security and intelligence company, 23 government websites on the gov.ng domain were defaced out of a total of 60 website defacements in 2012. The report also said the official websites of the National Assembly and Economic and Financial Crimes Commission appeared to be the most defaced government websites between 2010 and 2012.
The company’s data analysis stated that the defacement of government websites increased from one per cent in 2009, to 10 per cent in 2010, and 60 per cent in 2012.
NaijaCyberHactivists forged its reputation in hactivism, a word used to describe hacking for activism purposes. According to hackmageddon.com, hactivism accounted for 46 per cent of cyber-attacks worldwide in December 2012.
Last month, President Jonathan reportedly awarded an Israeli firm, Elbit Systems, based in Haifa, Israel, a $40m Internet surveillance contract. In its global press release, the Israeli firm stated that ‘it was awarded an approximately $40m contract to supply a country in Africa with the Wise Intelligence Technology System for intelligence analysis and cyber defence’, but this caused a national debate, especially as the Nigerian presidency sat on the fence over the issue.
Some analysts have described this development as spying on the computers and Internet communication of over 48 million Internet users – or 28.4 per cent of the population in Nigeria, under the guise of intelligence gathering and national security.
The NCH spokesperson laughed it off when our correspondent asked if the group was not scared that the Israeli firm could break into their network and fish them out.
“Scared? Rofl (Rolling on the floor laughing). We heard about the Israeli security firm. How about us tracking them and uploading their information? The Israelis are people like me and you. Our cause is just and ethical. Cyber hactivism is what we do. We are hactivists, not cyber criminals. Think of Robin Hood, was he a criminal?” he asked.  According to English folklore, Robin Hood robbed the rich and gave to the poor.
A few minutes before he went offline, he was probed about their next hactivism mission but he simply replied, “Can we skip the future plans?” adding that he could also not answer questions about their identity because he was simply the spokesperson. “I can’t answer for the group. These people have their good paying jobs already,” was his last comment.
It could be argued that NaijaCyberHactivists and a few others like Anonymous Nigeria, and Nigerian Hack-activists – which reportedly shut down the website of Arik Air for a few hours in 2012 to protest the airline’s ‘poor’ customer service, may be isolated cases of cyber activism in Nigeria.
However, with the recent incidents, official government websites may not be the only ones vulnerable to hacking.
While at work, on April 17, Mr. Ayeni Adekunle, founder/publisher of Nigerian Entertainment Today, received an alert on his BlackBerry phone, asking him to reactivate his Gmail account. He sensed something was wrong, but shrugged it off, logged onto the company’s server, changed his password and reset his email. An hour later, a colleague complained about the same thing. They laughed about it.
However, it wasn’t a laughing matter when Adekunle woke up to discover a rude shock early the next day, when he couldn’t access the NET’s official website as every attempt directed him to multiple promotional sites. It was the first time since the domain was registered in 2009 that such security breach would occur.
It was clear that they had been hacked. Later, the hacker, using a Yahoo email account with the name, Rocco Mancini, sent an email to the already hacked NET Gmail account, stating he had gained possession of the domain and demanded a ransom of $1,200. A few days ago, the hacker brought it to $200.
This wasn’t about money, Adekunle realised. “I think the motive was to distract, confuse or harm us, because it was just a few days to our third anniversary on April 26, which was also the date for our maiden entertainment conference,” he told SUNDAY PUNCH.
 Rather than give in to the hacker’s demand or report the matter to the police, Adekunle has decided instead, to work with the in –house IT team, consultants and the domain registrar to legitimately reclaim its original domain.
“At the time the hacking incident happened, we were doing hundreds of thousands of page views daily and millions page views per month and had a very good Alexia ranking (for websites in Nigeria). Now, it is like we are starting afresh again. Building the online traffic would take time, but it will happen and we will be able to bask in the glory,” he added.
Barely a week after the NET incident, another website, Ladun Liadi’s blogspot, was also hacked into. For many hours, readers of the online platform had to endure seeing an image with the caption, “This website has been hacked by the Archangels.”
While it is not clear if both cases were carried out by foreign or Nigerian hackers working with pseudonyms, the attacks may be a pointer that, like in other parts of the world, there is a rise in the number of computer hacking incidents targeted at corporate networks, IT infrastructure and websites.
When our correspondent mentioned the hacking of the entertainment website to NaijaCyberHactivists during the interview, its spokesperson was quick to point out that “there is a difference between a hacker, an hacktivist and a ‘scammer’.
“These other guys (hackers) are ‘scammers’ and ‘script kiddies.’ They are also corrupt but our main aim is to fight corruption,” he emphasised and said the group was ready to help track down bad hackers for the good of the society.
Although there are Nigerian computer geeks who mostly operate as real hackers under anonymity, they may be in the minority, noted Mr. Toba Obaniyi, Chief Executive officer of whogohost.com Limited, a Nigerian domain registrar and hosting company. He was of the opinion that only a few computer developers in Nigeria are really interested in hacking because it has little or no financial gain.
“A lot of hackers worldwide hack, not necessarily because they are interested in money, but simply to test their skills, to let somebody know that his/her website is not secure or just to make a statement,” he said, giving an example of the hacktivist group, Anonymous, which hacked into the websites of the FBI, US Department of Justice, and several entertainment company websites in 2012, as revenge for anti-piracy efforts by both the government and the entertainment industry.
More recently, on April 23, over $130 billion was temporarily wiped off the US stock market when hackers broke into the Twitter account of the Associated Press and tweeted a false report that President Barack Obama was injured after two bombs had exploded at the White House. The tweet was sent to AP’s almost 2 million followers and retweeted 1,181 times before it was deleted.
This phenomenon has forced websites owners in Nigeria to purchase expensive software to protect them from hackers.
Knowing that having his website not functioning for a day can adversely affect his income and even ratings, James Abinibi, the owner of www.abinibi.net says, “I have in place some security software which is constantly updated to protect the site. Apart from that, the best way to protect your website from being hacked into is to hack it yourself. When you hack it yourself, it helps you to know the loopholes on your site which you can then block.”
Similarly, Olaolu Akintoye, the web developer of www.hdqstudios.com says “I make sure that I discover those security loopholes on the site and fix it, and prevent my web route directory from being accessible to the public.”
Beyond the challenges of IT infrastructure and effective regulations, there is also the security challenge of dealing with criminal hacking, Internet fraud and cyber-crimes.
“We are aware of the challenges. Right now the Nigeria Police Force has begun to invest massively to develop the competency, capacity and reach of its men to be able to handle these issues relating to cyber-crime,” Frank Mba, Public Relations Officer of the Nigeria Police Force said.
In order to build its capacity to deal with such issues, Mba pointed out the recent creation of a police cyber-unit, “Before now, the police force had departments from A to F. Now, the new Inspector-General of Police has created the G department, saddled with developing software, handling IT and other internet related solutions,” he explained, adding that it has also established a computer and Information Technology school in Abeokuta, which he said was established during the tenure of former IG, Tafa Balogun.

No comments:

Related Posts Plugin for WordPress, Blogger...