Telecom Namibia and Nigeria Statistics Bureau disclose breaches

also ft; what we can learn from Ghana's use of biometric voting system

Olatunji Olaigbe

and

Noah Aderoju

Dec 21, 2024

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Hi there!

This is the last newsletter for the year and there are several things to say:

First, I wanted to thank you, our reader, for sticking with us. This year has held some important milestones for us, but the best by far has been the renewed conviction that has come with each piece of engagement. Thank you for reading and sharing the work we produce, and thank you for reaching out to connect, discuss, and invite us to important processes. The best gift we’ve received this year is the conviction that the work we do is crucial — and you, our readers, have made that possible.

I would also like to thank the team. A lot of work goes into CybAfriqué and there would be significant gaps without the complementary efforts of each team member. Olaitan’s thorough research and documentation made sure you got an all-encompassing view of African Infosec every week, Noah and Adebola’s writing and curation separated the grain from the fluff, Omotayo’s multimedia storytelling skills have been at the forefront of our long-form efforts, and Abdulrahman’s administrative skills have brought structure and sanity to the team.

As part of our efforts to tell more stories about African infosec, yesterday, I had a lengthy discussion with Moctar Yedaly, who led a lot of the AU Commission’s efforts on digital policies in the 2010s. This discussion, along with several interviews with other experts in the ecosystem is going into the first episode of the CybAfriqué Podcast, which I can’t wait to share with you in January 2025.

Lastly, we made a short roundup of the most pressing African infosec themes in 2024 and will be sending it out as a special edition before Christmas. Be on the lookout, if you’re still in your emails by then.

Thank you, and happy holidays.

— Olatunji

HIGHLIGHTS

Namibia Telecom and Nigeria Statistics Bureau concedes to breaches

Telecom Namibia confirmed a breach of its systems by hackers, leading to the exposure of several thousands of customers' data on Friday after they refused to pay a ransom. Similarly, the National Bureau of Statistics (NBS) on Wednesday confirmed a breach of its website, warning the general public to disregard any message or information posted on its now-hacked website.

The consequence of the Telecom Namibia leak is far-reaching as the sensitive information of many Namibians is now in the hands of bad actors compromising their privacy and raising the fear of cyber threats. According to reports at least eight government ministries, five regional councils, and ten municipal governments, as well as corporate clients like Qatar Airways Namibia, Ethiopian Airlines, and PowerCom are affected by the breach. NBS, being Nigeria’s national statistics organization holds an invaluable amount of information on the country’s over 220 million population which in the hands of bad actors can have great consequences too.

Personal data leaks from breaches like these threaten the fundamental rights of individuals to privacy. Aside from the popular financial frauds that can result from incidents like these on organizations that may be asked to pay a ransom, this exposed sensitive information can be used to perpetrate acts like targeted cyber-attacks, identity theft, blackmail, and cyber espionage.

A recent report by Positive Technologies proves that information from public-oriented organizations like these is of great interest to attackers and other bad actors in the dark web. On the dark web which mostly features databases and is frequently used to sell access to networks of major African companies, over half of the databases related to African entities are distributed for free, while those that are sold can be gotten at an average price of $2,970.

Two weeks ago, we covered the case of the threat group, N4aughtysecTU, which is responsible for the Transunion breach in 2022 recently used the data collected from that breach to create 100,000 accounts and apply for false benefits from the South African Social Security Agency (SASSA), stealing at least R175 million ($9.6 million) stressing the long term effect breaches like these can have.

Breaches of organizations' systems and digital infrastructures especially those with national consequences like these are still common in Africa, and the privacy of Africans is continuously compromised. These incidents remind of the constant experts warning for Africa to improve digital security along its digital transformation goals.

What we can learn from Ghana’s use of biometric voting systems

Nigeria’s INEC Chairman Mahmood Yakubu’s claim/comparison that Ghana learned lessons from Nigeria in their recent election has continued to come under scrutiny as analysts compare the election process, especially in the use of the biometric verification devices.

Just like Nigeria did in the 2023 presidential election which brought in President Bola Ahmed Tinubu, using the Bimodal Voter Accreditation System (BVAS) for voting, collation, and result counting, Ghana also used the Biometric Verification Device (BVD) coupled with the power of fax machines for voting, collation and result counting in its just concluded 2024 Presidential election.

According to analysts, the contradicting results in the use of similar technology in both elections where Ghana had a smooth and highly lauded election as against Nigeria’s disputed results lies in the foundational democratic tendencies and political will of the nation.

Just as the voter turn-out, democratic tendencies and political will for a smooth. Free and fair elections in both countries are contrasting, so the result of the use of technology had a contrasting effect. For instance, despite being the most populous African Nation, Nigeria, with 28.6% in 2023, currently has the lowest voter turnout rate in Africa compared to Ghana which is in the top 10 with 78.9%. The level of transparency, effectiveness, and integrity brought to play by either of the two countries' electoral umpires also revealed the reason why there are differences in the outcomes despite similar technology.

The use of biometric technology in elections in Africa, although still developing, is not new and with its inherent pros and cons has been adopted by many countries in the region. However, just like in its early use in the Kenya election in 2013 where it grossly failed, forcing the electoral commission to go back to the manual process before it improved in the subsequent elections, and in the Chad election in 2016, where it only marginally improved the electoral process and couldn’t curb democratic inadequacies of the country as it was touted to do. Like all technology, the use of biometric technology in elections tends to reflect the foundational issues in the polity of the environments it is being used.

Do you find value in the CybAfriqué newsletter? Share to support the work we do.

Morocco, Africa’s leading country in terms of internet penetration and cyber awareness, has reported the highest frequency of DDoS incidents in North Africa, followed by Egypt Tunisia, and Libya. According to NETSCOUT’s 1H2024 DDoS Threat Intelligence Report (TIR). Seeing more than 61,000 attacks over the first half of 2024, Morocco leads Egypt with 45,108, Tunisia with 4,511, and several other countries in the region
In one of its largest operations so far, Nigeria’s Economic and Financial Crimes Commission (EFCC) arrested 792 suspects for their alleged crimes of cryptocurrency investment fraud and online romance scams. The suspects comprise 148 Chinese, 40 Filipinos, two Kharzartans, one Pakistani, and one Indonesian while the rest are Nigerians. According to the EFCC in a press conference on Monday, the suspects were arrested on Tuesday, December 10 in Lagos after a tip-off and verified intelligence.

This report detailed the experiences and reasons why hundreds of young Africans, many from Kenya, who worked from 2019 to 2023 at an outsourcing company, Samasource, used by Facebook’s owner Meta for content moderation are taking legal action. Many of these young Africans suffer severe PTSD after vetting unspeakably graphic videos, including extreme sexual deviancy and bestiality, child abuse, torture, dismemberment, and murder, according to court filings.