By 
Ogun State government website: https://www.ogunstate.gov.ng has remained inaccessible to deliver e-services almost six days after it was hacked despite efforts to restore it because “the nuggets are still not fitting in,” a senior state official told IT Edge News. Africa. Ogun State in south-west Nigeria shares boundary with Lagos State.
RELATED: Cybersecurity and Nigeria’s Digital Economy: Nigeria’s Digital Economy – Myth or Fact?
But experts warned that the incident playing out in Ogun State is a pointer to how vulnerable is the cybersecurity of government institutions whether state or federal.
A number of government websites have suffered attacks at various times. Last year, a data security report by the Website Planet research team revealed a data breach affecting the Plateau State Contributory Health Care Management Agency (PLASCHEMA). Similarly, hackers have visited the National Primary Healthcare Development Agency (NPHCDA), the Independent National Electoral Commission (INEC); and Economic and Financial Crimes Commission (EFCC) among others.
Nigerian government sites are ‘sitting ducks’
Tracking hackers is tough as they usually deploy unidentifiable servers effectively concealing the identities of systems from where they are launching attacks to undermine the entire or specific IT infrastructures of their targets. Cybersecurity experts say no site is hack-proof but many government sites in Nigeria usually lack basic security measures and so are often “hyper-prone’ to attacks.
“Ogun is attracting attention only because many other government sites have not been attacked or such attacks have not been reported. Many of these websites don’t even have half the measures the Ogun state site had before it went down,” said one expert in Lagos.
The Cyber Security Experts of Nigeria (CSEAN), an advocacy group, had months back in its National Cyber Threat Forecast 2023, warned that government digital infrastructures including websites will come under increasing cyber-attacks.
The report affirmed under Government Infrastructure as a Target (GIaaT) that:
“In 2023, we envisage an increase in the exploitation of computing resources of government establishments for malicious use. Further, more government-related data will be exfiltrated. Based on the data gathered this year, we found threat actors exfiltrating critical information and maliciously leveraging government computing resources, including mining cryptocurrency and setting up Internet Relay Chat (IRC) platforms. Findings also revealed activities related to credential theft and backdoor setup.
“Threat actors leverage outdated and vulnerable internet-facing applications in most of these identified facilities. Government establishments need to be aware of these potential threats and take steps to secure their computing resources and protect them against data exfiltration. This may involve regularly updating and patching internet-facing applications and systems to ensure they are not vulnerable to exploitation.”
Ogun crawling around ever present danger
A member of CSEAN said Ogun State is merely scratching the problem and “not being proactive enough with cybersecurity like most governments in Nigeria.”
The Secretary to the State Government, Tokunbo Talabi, had last week that confirmed that the website has been hacked but told the media the state was already working to restore the site and also assured that “all critical data and applications are secured”.
The hackers, Aliester Crowley, who claimed to be operating from the Maldives under ‘Anon Ghost’ defaced pages of the government site with the message:
“We are Anon Ghost.”
“We are legend, we do not forgive, we do not forget, expect us.
“Find me on YouTube.”
“The man is not an expert. He does not know the extent of the problem, the CSEAN’s member added.’
The 2023 attack re-enacts a similar scenario in 2015 when cyber-terrorists first took down the Ogun State website to expose its security vulnerabilities.
Threat is global
Government-owned websites are frequent targets worldwide. In India, about 50 government websites have been hacked between 2022 and 2023 according to reports. In 2022, several government websites were hacked in states that included Mississippi, Colorado, and Kentucky among other states. The hackers were allegedly Russian cyber-rogues. UK government agencies and local councils suffered a similar fate in 2018 when their websites were hacked and rendered useless for hours and days.
