NIMC Database Intact, Never Breached-NCCC Boss
Contrary to widespread fear about the hacking of National Identity Management Commission (NIMC) database, the Director, Nigeria Police Force National Cyber Crime Center (NPF-NCCC), CP Ifenayi Uche has clarified that the NIMC database was never breached.
CP Uche made this known in a remark during a joint press briefing at the Center’s Headquarters, Abuja on Thursday between the NPF and NIMC.
According to him, “When the case was reported, we conducted vulnerability assessments and penetration tests. We confirmed there were no breaches in the NIMC system.
“What we uncovered was the existence of third parties who created phishing links that mimicked NIMC’s website to harvest Nigerians’ personal data for commercial purposes.”
He explained that the suspects had built their own parallel databases with stolen information, which they then sold to unsuspecting clients.
CP Uche also stated that 13 out of 14 fraudulent domains identified following NIMC’s report have have been successfully taken down by operatives.
Earlier, the Deputy Force Spokesman, CSP Victor Isuku, disclosed that the cybercrime centre deployed advanced digital forensic techniques to trace the culprits and their illicit domains.
He said, “Operatives of the Nigeria Police Force attached to the National Cybercrime Centre have apprehended eight members of a syndicate behind several unauthorised identity verification platforms that illegally harvested Nigerians’ personal information under the guise of accessing the National Identity Management Commission , NIMC database.
“The operation, carried out by the NCCC followed a petition by the NIMC Director-General, Abisoye Coker-Odusote, over the unlawful distribution and commercialisation of Nigerians’ personally identifiable information.
“The NPF-NCCC was able to achieve these great feats through the use of digital forensic techniques which aided in identifying these threat actors and domains involved in this unlawful sale and verification of NIN linked PPI that is personally identifiable information.
“The actors behind this heinous act were Hamzat Lukman and Babalola Tolani Suleiman, arrested in Kwara and Lagos States respectively. Lukman, a software developer, created and hosted the domain goverify.com.ng on behalf of Suleiman for commercial verification purposes. He also hosted three other domains for the same purpose.”
He however stressed that further investigations led to the arrest of other collaborators, including Nura Bello and Ibrahim Abubakar, who was linked to idfinders.com.ng.
“Other arrested suspects are Shoara Kehinde , Abubakar Amisu, Abdullahi Salisu, and Ashiru Sanni.
“Meanwhile other domains used to perpetrate this cyber intrusion include verifymyNIN.com triplus.ng goverify.com.ng idfinder.com.ng verifyforme.com.ng subpoint.com.ng verify.datashop.com.ng championtech.com.ng anyverify.com.ng cremetech.com.ng nickverify.humanity.com.ng, inventor.com.ng, “he added.
The DFPRO further explained that efforts have been intensified to apprehend other shadow perpetrators who engage in illegal distribution commercialisation and unlawful access to government databases and dismantle syndicates responsible for carrying out cyber related crimes and offences.
He added that the Inspector-General of Police, IGP Kayode Adeolu Egbetokun through the cybercrime unit, was committed to dismantling criminal syndicates targeting critical national infrastructure.
“The IGP has given has again reaffirmed the commitment of the police force under its able leadership to combating all forms of cyber crimes as well as safeguarding national digital assets reinforcing data privacy and protecting the integrity of citizens identification data thank you very much
“This operation is a milestone for the Police, for NIMC, and for Nigeria. We remain committed to safeguarding national digital assets, reinforcing data privacy, and protecting the integrity of citizens’ identification data,” Isuku said.
