Premium Times reports how computer systems in Federal University of Technology Akura (FUTA) were used to hack its website. The newspaper has always been under attacks owing to its investigative mission. While bad employees or students can misuse institutions’ resources for illegal activities, the case here is evidently different as FUTA does not see it the way it should be seen.
The university has confirmed that the attack took place, and that they know the responsible person. Reading the piece, there is one clear conclusion I can make: FUTA should reveal the hacker. That would help investigators complete their work. If the person was doing experiments or just learning hacking, debatable since the attack was sustained over days, Nigerians need to know. But if he was hired, possibly by agents of corruption to take down a bulldog-newspaper which bites really hard, we desire to also know. By protecting this individual, FUTA Management is not on the side of the taxpayers which fund FUTA.
The hacker is not a progressive activist and hacking a newspaper which is approved by law to practice journalism in Nigeria is illegal, even if he was just learning hacking. Typically, he ought to have obtained written permissions before any penetration testing or hacking activity. That is not the case here, and the very reason why SSS and Police should get involved and get this guy to answer for his actions.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Today, it is a newspaper. Tomorrow, it could be a bank. Just like that, another Yahoo Yahoo or 419er is unleashed. A university cannot protect such a person.
On the night of February 28, a hacker operating from the Federal University of Technology, Akure (FUTA), connected a computer to the university’s network and began a cyberattack on the website of PREMIUM TIMES. With a mobile phone as his backup, the attacker continued the operation for the next five days.
At about 8:00 p.m., he started with a reconnaissance scan of the newspaper’s website using a web fuzzer popular with low-grade hackers.
The following morning, at about 6:15 a.m., the attacker returned with another open-source vulnerability scanner – WPScan, free tool bloggers use to test for security vulnerabilities on their sites.
About 90 minutes later, he ran his final probe – a custom script.
The following morning, Sunday, the attacker continued his attacks – a series of distributed denial of service, DDOS, attacks that lasted until that evening. On this day, it appeared his goal was simply to shut down the newspaper’s operations by overwhelming its servers.
He began the day – at about 9:28 a.m – with an attack that exploited the very old Character Generator Protocol found in many obsolete internet-enabled devices like printers.
He ended the day with another DDOS attack exploiting the publicly-accessible Network Time Protocol (NTP) servers. NTP is one of the oldest protocols used by internet-enabled devices to synchronize their clocks.
On that day, he launched a total of seven DDOS attacks
---
Register for Tekedia Mini-MBA (Jun 3 - Sep 2, 2024), and join Prof Ndubuisi Ekekwe and our global faculty; click here.
This goes to show that the cyber security frame work was porous. If the organisation had carried out basic ethical hacking or penetration testing, most of these issues would have been handled. This is not to make an excuse for the hacker, rather it is a call to beef up the organisation’s cyber security framework
Prof, this guy must be brought to book. In Ethical Hacking, your details are known and kept just as the Ethical Hacker makes a solemn promise to do all to protect not exploiting to the extent of causing a major damage. He is surely a black hat! Prof., your Alma Mata must speedily bring him forth before he causes more damage to our image.