How North Korea’s cyber criminals attack Nigerian financial system

• Experts Seek Govt’s Intervention, Software Legislation

Going by the porous nature of Nigeria’s cyberspace, voluntary or involuntary insider compromise and poor Information Technology (IT) standards, the country’s financial system may be headed for a face-off with North Korea’s cyber criminals, experts have warned.

The development, which comes with damning consequences, showed that there might be some undisclosed substantial amount of money that has already escaped the system and more to go soon.

Experts who spoke to The Guardian on the back of a revelation that North Korean hackers are allegedly attacking banks in 18 countries, including Nigeria, said the country’s leadership and sectoral regulators must now become more alert.

According to them, while banks have not come out to lament any loss or claimed to have been attacked, the success of the attacks on financial institutions has always been more of insider collusion.

The are conjectures that the North Korean hackers are aimed at mobilizing funds for the cash-trapped country to develop its North nuclear programme. Already, a report has quoted the Acting Director, Corporate Communications, Central Bank of Nigeria (CBN), Isaac Okorafor, as saying: “We have not had anything like that in Nigeria and I am not aware of any such attacks on any Nigerian bank,” he said.

But the Director of Banking and Payments System, CBN, as well as the Chairman, Nigeria Electronic Fraud Forum, ‘Dipo Fatokun, told The Guardian yesterday that hacking and cyber attack are ongoing challenges across the world against banks.

Admitting that the threats are real, he assured that the regulator is on top of the situation with various policies and standards to ward off the attempts, saying there is no cause for fear.

“Attempts at hacking and cyber-attacking banks’ systems are steady. In fact, if you are close to some banks’ information officers, they will tell you how frequent the attacks come. So, the challenge is to ward them off and Nigerian banks are doing well.

“We have IT standards for banks and we are monitoring compliance. But we continue to reiterate the need for data protection. It has only been the major route for cyber attack and hacking.

“The Bangladesh Central Bank case was not hacking. It is a case of data compromise. They do not work without data and that is why we must be careful of things we open in our computer systems. Banks must have good system, constantly and properly monitor it,” he said.

The President of the Information Systems Audit and Control Association (ISACA) Nigeria, Tope Aladenusi, said no bank has confirmed any attack, adding that it is only a report.

Aladenusi said there was no evidence to suggest how it was done, but there are claims that the Internet Protocol (IP) address system of the attack was from North Korea. He said the supposed malware called Lazarus are used to access people’s and organisations’ systems, stressing that the malware try to compromise some vulnerable systems whether in banks or organisations and subsequently attack other systems.

Aladenusi, who also heads the Cyber Security arm of Delloitte Nigeria, advised that organisations must make it difficult for hackers to come near their systems by putting up measures including security tools and governance.

He also advised that organizations, individuals and banks should anticipate attempts and be able to detect the malware as soon as it is launched by installing intelligent system, although it can hide in the systems for months before detection.

The Director-General, Delta State Innovation Hub (DSHUB), Chris Uwaje, also said the attacks have been on before now, stressing that banks need to get more sophisticated.
Uwaje said the attackers are part of the invisible elements that attack economies, stressing that there are some from Syria, Kenya and Iran that are launching attack on Nigeria’s cyber space.

Uwaje said Nigeria must build a sophisticated software capability with human resource and called for the introduction of software army in the country and national software legislation that must be backed by law.

“In USA, you can’t develop software without the involvement of the FBI and you can’t sell without being certified. There must be a cohesive Office of the IT-General of the Federation, so that we can monitor everything IT and Cyber security in Nigeria.

“The issue is critically serious and Nigeria must act fast by enthroning National Software Board, Establishment of National IT Bill and Enactment of Software Deployment Act and an Institutional Framework to be controlled and managed by the Office of the Information Technology (IT) General of The Federation.  It must be noted that most Government Servers are also under serious threats of hacking,” he stated.