Anonymous Hacking NPF - True Implications for Nigeria
The website of the Nigerian police force was hacked and personal details of police officers were leaked online. I see a lot of people celebrating anonymous on twitter but I guess they don’t understand the long term ramifications of this breach. This would do create a lot more harm than good, here is why.
The Nigerian police force (NPF) website is a subdomain of the .gov.ng website. A brief list of other public bodies using this domain name includes using a simple google search:
www.cac.gov.ng - Corporate Affairs Commission
www.portal.immigration.gov.ng - Immigration Website
www.education.gov.ng - Ministry of education
www.CBN.gov.ng - Central Bank of Nigeria
www.ncdc.cov.ng - Center for disease control
www.customs.gov.ng - Customs
www.digitalnigeria.gov.ng
There is a high probability that one or more of these websites is either a target or already compromised. How did the hackers access the Nigerian Police Force website?
Theory
Using Nmap, they can find open ports that are vulnerable and then use Metasploit to connect remotely to those ports and establish a meterpreter session. They then escalate privilege to gain admin access into the database, perform a distributed denial-of-service attack (DDOS) to take the server down, and copy the database thereby leaking it on Pastebin.
The good news is that other subdomains seem to be up and running, it is, however, paramount that IT Team needs to spring into action, by first studying the database logs to understand exactly how the hackers gained access, it is clear that all the data was accessed and could be possible that the logs have been deleted to avoid tracebacks, it is still a good practice to check. These checks should be performed on all other subdomains of the .gov.ng website then scan the network for intrusion, RAT’s (Remote Access Tools) and Change the login credentials. It is paramount that constant monitoring of the network is advisable, and load balancers should be added to help defend against DDOS attacks. It is possible to implement rate limiting on delicate systems where possible to control the number of requests being made to the server per minute.
The government of Nigeria is adopting ICT to help foster progress and improve work, although this drive is in its earliest stages, it is paramount that we preserve it at all cost. It is true that police brutality is not accepted and I stand for the END SARS movement as that division of the police arm has committed a lot more criminal acts than good, threatening the lives of civilians and in some cases taking laws into their own hands through oppression and victimization. As Pastor Sam Adeyemi of Daystar would suggest. “Speak forcefully but Peacefully, Don’t Act somebody else’s script”. We are all victims here and it is paramount that we all come together to protect the country against cyber threats both domestic and international.
Country Representative, Solidaridad Nigeria
4 年i strongly agree David. These are discussion tech downstream guys like you should be on the watch guard for us all. Why crying, we still can see clearly o.??
If the government actually invested in security, it wouldn’t have been this easy to be compromised.