As Nigerians elect a new president and federal lawmakers today, there are growing concerns over foreign meddling in the country’s electoral process using what cyber security experts called Denial of Service (DoS) attacks.
DoS is an interruption in an authorised user’s access to a computer network, typically one caused with malicious intent.
Cyber attackers take advantage of the digitisation of election systems and administration to disrupt voting infrastructure and compromise authentic election results.
Although Nigeria’s voting process is basically manual, the introduction of Bimodal Voter Accreditation System (BVAS) by the Independent National Electoral Commission (INEC) for this year’s general elections, is a step toward the automation of the electoral system.
Retired perm-secs ask candidates to accept election outcomes
15 arrested over plot to hack election results
The BVAS is an electronic device designed to read Permanent Voter Cards (PVCs) and authenticate voters using the voters’ fingerprints in order to prove that they are eligible to vote at a particular polling unit.
The device will also be used to automatically send the number of verified voters for each polling unit directly to the INEC database.
The UK Guardian, a few days ago, published an investigation into a failed plan by two foreign firms to interfere in Nigeria’s 2015 elections in favour of the then President Goodluck Jonathan.
The British paper reported that the firms, Team Jorge, an Israeli hacking and disinformation firm, and Cambridge Analytica, a Britain political persuasion consultancy firm, conspired to hack into Nigeria’s electioneering processes to discredit the then opposition candidate, Muhammadu Buhari and get Jonathan re-elected.
The INEC chairman, Professor Mahmood Yakubu, had on several occasions raised the alarm over attempts to hack into the commission’s digital database by foreigners. But he assured that the commission had fortified its portal against hackers.
Yakubu’s predecessor, Professor Attahiru Jega, said the database of the electoral commission was not 100 per cent immune from hacking.
Jega, who superintended over the 2015 polls, alleged that Team Jorge and Cambridge Analytica had attempted to manipulate results for their client.
“In this modern age, nobody can give you 100 per cent assurance that a database cannot be hacked, unless it is not online,” Jega said when he featured on Trust Television on INEC’s preparedness for today’s polls.
“INEC had said consistently that knowing the political terrain, they have also got the best cyber security for the databases they have. And we have to believe that they have done their best.
“It doesn’t mean it will be 100 per cent secure, but I know that whoever uses a database also uses a security alternative, which virtually nobody knows,” he added.
‘Dark arts of political persuasion’
The Guardian investigation revealed that weeks before the 2015 presidential election, Team Jorge and Cambridge Analytica began covert missions, working “separately but in parallel” in Nigeria for the same client and purpose, which the report said was “to manipulate Africa’s largest democracy.”
They exchanged a series of emails. The different roles for Cambridge Analytica and Team Jorge in Nigeria are laid out in the emails. The British consultancy was tasked with securing coverage by international media during the election that would benefit Jonathan’s election campaign and discredit Buhari.
Team Jorge was responsible for “opposition research,” or finding the material that could be leveraged to undermine Buhari.
The emails also revealed the covert methods used by the election manipulators to boost electoral fortunes for Jonathan, with confidential material apparently stolen from the Buhari campaign.
The head of the hackers’ team is Tel Hanan of the Israeli firm, who boasted to have worked covertly on more than 33 “presidential-level” election campaigns on behalf of clients.
Not knowing that he was being filmed, Hanan told The Guardian’s undercover reporters who posed as potential clients how they hacked Gmail and Telegram accounts “to gain intelligence that could be used against a political adversary.”
In a slideshow called, “What we do,” he showed a slide with the heading, “Wreaking Havoc during African Election Day,” and how, on the 2015 election day, they launched cyber attacks on Buhari’s campaign team.
Lai Mohammed, who was the opposition All Progressives Congress (APC) chief spokesperson during the 2015 elections, appeared to have been a target, The Guardian reported.
The foreign manipulators failed in their covert mission to meddle in the 2015 elections to get Jonathan of the Peoples Democratic Party (PDP) re-elected.
Buhari of the then opposition APC eventually won.
A cyber security expert, Dr Muhammad Hamisu, said the attack launched by the two firms failed because Nigeria’s election administration was not fully electronic.
“We don’t have much to worry about. Our voting system is still manual, though there is introduction of technology for accreditation.
“If another cyber attack is launched, it will not have serious consequences on the election outcome. Also, the fact that BVAS works offline will make it difficult for hackers to successfully manipulate Nigeria’s election,” he said.
Attempts to hack INEC portal
The INEC chairman said hackers from Asia launched several cyber attacks on its portal to gain access and compromise authentic election results during the Ekiti and Osun governorship elections, but they were conquered.
Speaking at the launch of a report on electronic transmission of results in the Ekiti and Osun polls, Yakubu said, “Another technical concern for us was the repeated attempts to break through our cyber security system for the portal. Our engineers reported several cyber attacks on the portal during the Ekiti and Osun governorship elections.
“Some of them were traced to Asia. People will naturally try to hack the system, so we have to be on our toes every day to make sure that we protect the portal.
“People will continue to attack the system and we will continue to be one step ahead of them. So far, I am glad to note that all the attempts to hack our system failed.”
At another event earlier this year, the INEC boss said, “We were looking at the system and we saw that people were trying to come into it from France, but we are also putting some things in place.”
‘What INEC should do’
Dr Muhammad Hamisu said state-sponsored cyber attacks by foreign meddlers on electoral processes were difficult to overcome.
He said, “In the 2016 US election, the country accused Russia of interfering in its electoral process. That attack happened and they (Russians) were able to penetrate the US system.
“Cyber attacks happen due to human errors, so INEC should avoid that. Some people unintentionally reveal some secret information that might be useful to hackers. Members of INEC staff should be trained and retrained and be security conscious. They should have an emergency response team that will be keeping “The electoral body needs to also look at the capacity of its system. Sometimes, when there is huge traffic there is the possibility that a system can collapse or be vulnerable to cyber attacks.”