Bulwark Intelligence




Background The increasing need for change in the country has manifested in all facets of our society, and the just concluded general elections was a testament to this change, marred by instance’s of irregularities, political participation has largely taken the shape of “sheep following” or “herd following.” With the internet being a major tool for driving the evolution of youth political participation in Nigeria politics, so have the vices that come with it. As Oluwasola Festus Obisesan puts it, “Youths, through the use of social media, have not only evolved from an identity of stable consumers of news and political narratives but have also become sources of news feeds and trendy agenda framers concerning leadership, accountability, and good governance within the polity.” Misinformation ???? https://t.co/zlRiWWQMlu — Attah Jesse (@JesseAOA) February 9, 2023 This evolution and enthusiasm for political participation have witnessed an ugly trend of cyberbullying and propaganda, driven by identity politics, which continues to shape the perception and opinions of many Nigerians. With less and less objectivity, we continue to witness less democratic attitudes amongst partisans but more sensationalism with an ounce of conspiracy theory bandwagoning. Why is political fanaticism growing in popularity now? To begin with, the pre-election session witnessed an unusual and highly charged political atmosphere, with much anticipation of a new dawn in Nigerian politics. Among other things, the process was marred by various forms of armed violence, allegations of state-sponsored stifling of opposition activities, and cyberbullying. As we all know, technology was one of many key factors that grow the populations involvement in the 2023 electioneering process, with the introduction of Bimodal Voter Accreditation System (BVAS) for the accreditation process, which also doubles down as a means for the transmission of results to the Independent Electoral Election Commission (INEC) Result Viewing Portal (IREV). Yet, the fact that agreed-upon transmission processes were not followed or were suspended midway during the election, breached the trust of many Nigerians at a critical time of the process, and hence increased suspicions of malpractice and other forms assumptions within the political environment already overridden by all sorts of political and election propaganda. The country’s current situation is exacerbated by reduced expectations of the trustworthiness of INEC procedures and perceived complicity of the country’s judiciary, in that, seeking redress may be met by irregularities in the courts’ due to allegations of political pressure to influence the process. There is also a dangerous rise in radical political fanaticism against the backdrop of increased ethnic violence, cyberbullying, propaganda (misinformation and disinformation campaigns), and the possibility of deteriorating human rights, which will dramatically impact the nation’s polity, hence, putting the president-elect and his new democratic cabinet in a predicament of governing a fractured nation with multifaceted political concerns. What is political fanaticism? In Nigeria, political fanaticism has largely been described as “sheep following” or “herd following,” in which adherents lack any sense of personal opinions that could form the basis of a critique in checking the actions of government or political leaders but rather agree with whatever decisions are made regardless of the outcome, good or bad. This is generally observed when party supporters push a candidate as the final answer to a country’s multifarious issues, such as the ones faced in Nigeria, while others (read: candidates) are eventually viewed as inept and incorrect. Characteristics of fanaticism among partisans frequently includes the incapacity to seek or consider alternate points of view but try to push values on others, often resulting in physical and verbal harassment of persons. Political fanaticism may frequently rise to varying degrees of political radicalism, and in a society kept together by fragile peace and a high proclivity for violence, especially when played out along Nigeria’s fault lines of tribe and religion, it creates mediums that lead to political extremism. Political extremism is common among groups that proclaim unrealistic expectations in order to attain political aspirations without crafting well-thought-out democratic plans. This has frequently resulted in groups picking up arms and embracing terrorism as a mode of operation for coercing governments into forced discussions, which has resulted in a protracted conflict in Nigeria in circumstances when governments have refused to succumb to such groups. Is online political fanaticism new in Nigeria? 2022/23 will not be the first time we observe a rise in cyberbullying, in relation to political party support. Intriguingly, harmful internet engagement in Nigerian elections may be traced back to 2014, the pre-election year preceding the 2015 General Elections. During this period, intense internet clashes erupted between the then-ruling People’s Democratic Party (PDP) and the All Progressive Congress (APC). Yet, it is worth noting that there were some opportunities to establish the groundwork for healthy (read: issue-based) constructive criticism. For instance, upon registration of the APC on July 31, 2013, the PDP’s congratulatory message described the party’s emergence as “very healthy for our democracy.” This again was conveyed in a congratulatory message after the election of its National Executives on June 14, 2014. The message read in part, “Ensure an issue-based opposition that will purposefully and constructively engage and challenge the PDP with decency and maturity as prescribed by democratic tenets and principles.” However, during the campaigning period for the 2015 General Elections, these expectations significantly fell short of expectations and were instead championed by the rhetoric of division over national interest, adopting varying forms of propagandistic prowess. The two main parties’ antecedents in terms of online propaganda and its incubation of an army of trolls will continue to be a benchmark of how campaigns will run, which has continued to usher in violence, hate speech, and the exploitation of Nigerian fault lines all for the sake of partisan interest over national interest, as depicted in 2019 and worse in 2022/23. As the popular saying goes, “If you can’t beat them. Join them” Overtime we have seen political fanaticism only get dangerous, making the political environment extremely toxic to the point where certain actors accommodate attacks particularly when it aligns with certain political bias. Remember the Abuja Train



Every year, in response to the U.S.’ Intelligence Authorization Act, the Office of the Director of National Intelligence (ODNI) compiles a detailed report about worldwide threats to their country’s national security. The 2023 Annual Threat Assessment of the U.S. Intelligence Community came out, and I read through it to see if there was anything interesting as it pertains to Mother Africa, specifically Nigeria. Long story short, Nigeria was not mentioned, but West Africa was mentioned in a short paragraph on page 38 of 39, where they referenced regions and countries that will likely struggle with democracy and governance. It said regarding West Africa: “Across the continent, governments will face difficulties in meeting public demands amid food shortages, commodity price spikes, declining socioeconomic conditions, and the stresses of extreme weather events and insecurity. In addition, the prevalence of ageing autocrats, disruptions to fragile ethnic power balances, and protracted transitions from post-coup military regimes to civilian rule are likely to undermine prospects for stable governance in more than a dozen countries. In West Africa, a volatile mixture of democratic backsliding, states’ inability to provide security, and terrorist expansion will continue to threaten the region’s stability. The West African public has become disillusioned with how elected leaders have governed, particularly their failure to adhere to democratic governance norms and manipulation of institutions, which could lead to increased protests absent government reforms.“ DEMOCRACY IN JEOPARDY From that little excerpt, the I.C was already predicting that democratic rule in West Africa is going to be a challenge (cue in Nigeria). The inability to elect effective leaders due to institutional repression, coupled with ongoing insecurity and deteriorating socio-economic conditions, will likely lead to increased protests in the region, further threatening democratic governance fairly and justly. This is apt when you consider the recently concluded elections in Nigeria, which have left much of the populace disillusioned. INCREASE IN MILITARY CONFLICT There’s going to be an increasing military ramp up across the world. More countries will continue to invest in their militaries, which could increase the risk of conflict escalation. This is further exacerbated by the current war, coupled with the fallout from the COVID-19 pandemic, which has increased poverty, hindered economic growth, and widened inequality, raising the conditions that are ripe for domestic unrest, insurgencies, democratic backsliding, and authoritarianism. CLIMATE CHANGE IMPACT Climate change is going to pose a global threat that is going to keep affecting Africa through increased resource constraints, which are projected to grow, as well as an increased risk of conflict that will occur with the migration of people. It is going to affect the global economy, which will equally impact the continent. According to the report, “droughts in 2022 decreased shipping capacity and energy generation in China, Europe, and the United States, and insured losses from [weather] catastrophes have increased by 250 percent during the past 30 years”. Bottom line: We need to get our emergency and disaster management acts together. Scientific projections are depicting droughts and flooding in the coming year. We will need to ensure we have the right emergency response frameworks and resources to tackle this. CYBER THREAT: SURVEILLANCE AND SPYWARE Advanced intelligence and cybertools are now commercially available for more governments to use, including repressive ones. According to the report, “the commercial spyware industry—which makes tools that allow users to hack digital devices such as mobile telephones to surveil users—grew rapidly during the past decade and is now estimated to be worth $12 billion“. I always talk about the importance of investing in defense manufacturing capabilities so that our minds can develop these tools in-country, minimize importation, and instead export these capabilities and grow the economy. Well, cyber intelligence tools are a $12 billion industry. Africa needs to be developing some of these tools as well and getting in on the market. But I digress. These spyware tools aid mass technical surveillance, censorship, and spyware, which governments could use towards targeting oppositions and digital repression. In other words, the next time a digitally organized EndSARs like protest is about to spring up, the government will likely have greater capacity to squash it in cyberspace before it gains physical traction. In addition, these tools can also assist with influence operations aimed at shaping how the outside world views the government. This means an active genocide could be going on in a country, but people on the outside will only see videos of cute cats and puppies. These cyber tools could also be used in offensive capacities aimed at controlling the governance of another nation by creating social and political upheavals in some other countries to sway voters perceptions, perspectives, and preferences, which ultimately will allow them to elect officials that will shift policies in favour of the attacking government. CYBERTHREAT: RANSOMWARE Transnational ransomware attackers are improving their capabilities and will continue to execute high-impact ransomware attacks aimed at disrupting critical services and exposing sensitive data for the purpose of extorting funds. Governments worldwide are targets. The attacks are only going to get more sophisticated and persistent. Our cyber detection and response capabilities must be enhanced and continually upgraded as a matter of national security. TERRORISM ISIS West Africa will continue to pose a threat in the region. AQIM will continue to extort weak border security in west Africa, expand territorial control, and challenge local security forces. Terror groups keep using their Telegram network of channels, ‘Terrorgram’, to circumvent content moderation. CHINA IS NOT PLAYING The report was clear in its insinuation that China is no joke, and according to the U.S. Intelligence Community, it currently represents the biggest threat to the U.S. Reading through the document, you can quickly see why. China is making rapid gains on all fronts and across all sectors. INCREASING CHINESE MILITARY MIGHT Militarily, the PLA Navy and Air Force are already the largest in the region and continue to field advanced platforms rapidly. The I.C agreed that “the PLA Rocket Force’s (PLARF) short-, medium-, and intermediate-range conventional systems probably already can hold U.S.



The Geopolitical Upshots of Artificial Intelligence, ChatGPT ChatGPT seem to be engendering geopolitical competition between world powers. Ideally, ChatGPT should be accessible anywhere in the world with internet connectivity, but this is far from the reality. Some countries, especially authoritarian regimes such as  China, Russia, Afghanistan, Iran, Venezuela, North Korea, implement censorship and surveillance to monitor internet usage and restrict the use of ChatGPT due to geopolitical and national security concerns. China leads the pack. Though not officially available in China, ChatGPT caused quite a stir there. Some users are able to access it using tools such as virtual private network (VPN) or third-party integrations into messaging apps such as WeChat to circumvent its censorship by the Chinese government. Japan’s Nikkei news service reported that Chinese tech giants, Tencent and Ant Group were told not to use ChatGPT services on their platforms, either directly or indirectly because there seem to be a growing alarm in Beijing over the AI-powered chatbot’s uncensored replies to user queries. Writing on Foreign Policy, Nicholas Welch and Jordan Schneider cited a recent writeup by Zhou Ting (dean of the School of Government and Public Affairs at the Communication University of China) and Pu Cheng (a Ph.D. student) who argued that, ‘’the dangers of AI chatbots include becoming a tool in cognitive warfare, prolonging international conflicts, damaging cybersecurity, and exacerbating global digital inequality. Zhou and Pu alluded to an unverified ChatGPT conversation in which the bot justified the United States shooting down a hypothetical Chinese civilian balloon floating over U.S. airspace yet answered that China should not shoot down such a balloon originating from the United States. According to Shawn Henry, Chief Security Officer of CrowdStrike, a cybersecurity firm, “China wants to be the No. 1 superpower in the world and they have been targeting U.S. technology, U.S. personal information. They’ve been doing electronic espionage for several decades now”. A report from the cybersecurity company Feroot, said TikTok App can collect and transfer your data even if you’ve never used App. “TikTok can be present on a website in pretty much any sector in the form of TikTok pixels/trackers. The pixels transfer the data to locations around the globe, including China and Russia, often before users have a chance to accept cookies or otherwise grant consent, the Feroot report said’’. The top three EU bodies – European Parliament, European Commission, and the EU Council, the United States, Denmark, Belgium, Canada, Taiwan, Pakistan, India, Afghanistan, have all banned TikTok especially on government devices, citing cybersecurity concerns. New Zealand became the latest country on March 17 to announce the ban of TikTok on the phones of government lawmakers at the end of March 2023. Not to be outflanked, Chinese company, Baidu is set to release its own AI-powered chatbot. Another Chinese e-commerce platform, Alibaba is reportedly testing ChatGPT-style technology. Alibaba christened its artificial intelligence language model: DAMO (Discovery, Adventure, Momentum, and Outlook). Another Chinese e-commerce says its “ChatJD” will focus on retail and finance while TikTok has a generative AI text-to-image system. Education And Plagiarism In The Age of ChatGPT The advent of ChatGPT unnerved some universities and academics around the world. As an illustration, a 2,000-word essay written by ChatGPT, helped a student get the passing grade in the MBA exam at the Wharton School of the University of Pennsylvania. Apart from the Wharton exam that ChatGPT passed with plausibly a B or B- grade, other advanced exams that the AI chatbot has passed so far include: all three parts of the United States medical licensing examination within a comfortable range. ChatGPT recently passed exams in four law school courses at the University of Minnesota. In total, the bot answered over 95 multiple choice questions and 12 essay questions that were blindly graded by professors. Ultimately, the professors gave ChatGPT a “low but passing grade in all four courses” approximately equivalent to a C+. ChatGPT passed a Stanford Medical School final in clinical reasoning with an overall score of 72%. ChatGPT-4 recently took other exams, including Uniform Bar Exam, Law School Admission Test (LSAT), Graduate Record Examinations (GRE), and the Advanced Placement (AP) exams. It aced aforesaid exams except English language and literature. ChatGPT may not always be a smarty-pants, it reportedly flunked the Union Public Service Commission (UPSC) ‘exam’ used by the Indian government to recruit its top-tier officials. Thus, several schools in the United States, Australia, France, India, have banned ChatGPT software and other artificial intelligence tools on school network or computers, due to concerns about plagiarism and false information. Annie Chechitelli, Chief Product Officer for Turnitin, an academic integrity service used by educators in 140 countries, submits that Artificial Intelligence plagiarism presents a new challenge. In addition, Eric Wang, vice president for AI at Turnitin asserts that, ‘’[ChatGPT] tend to write in a very, very average way’’. “Humans all have idiosyncrasies. We all deviate from average one way or another. So, we are able to build detectors that look for cases where an entire document or entire passage is uncannily average.” Dr. LuPaulette Taylor who teaches high school English at an Oakland, California is one of the those concerned that ChatGPT could be used by students to do their homework hence undermining learning.  LuPaulette who has taught for the past 42 years, listed some skills that she worries could be eroded as a result of students having access to AI programs like ChatGPT. According to her, “The critical thinking that we all need as human beings, the creativity, and also the benefit of having done something yourself and saying, ‘I did that’’. To guard against plagiarism with ChatGPT, Turnitin recently successfully developed an AI writing detector that, in its lab, identifies 97 percent of ChatGPT and GPT3 authored writing, with a very low less than 1/100 false positive rate. Interestingly, a survey shows that teachers are actually using ChatGPT more than students. The study by the Walton Family Foundation found that within only two months of introduction, 51% of 1,000 K-12 teachers reported



Artificial intelligence (AI) refers to the simulation of human intelligence in machines or computer systems that are programmed to think like humans and mimic their actions. Similarly, ChatGPT (Chat Generative Pre-trained Transformer) is an online artificial intelligence chatbot that is trained to have human-like conversations and generate detailed responses to queries or questions. ChatGPT became a blockbuster and a global sensation when it was released in November 2022. According to web traffic data from similarweb.com, OpenAI’s ChatGPT surpassed one billion page visits in February 2023, cementing its position as the fastest-growing App in history. In contrast, it took TikTok about nine months after its global launch to reach 100 million users, while Instagram took more than two years. Users of ChatGPT span the world, with the United States having the highest number of users, accounting for 15.73% of the total. India is second with 7.10%. China is 20th with 16.58%, Nigeria is 24th with 12.24% while South Africa is 41st with 12.63%, as at March 14, 2023. OpenAI, the parent company of ChatGPT is currently valued at about $29 billion. Feedback and reactions from academics, global and business leaders to artificial intelligence tools like ChatGPT, is mixed.  The likes of Bill Gates agree that ChatGPT can free up time in workers lives by making employees more efficient. A research titled – ‘’Experimental Evidence on the Productivity Effects of Generative Artificial Intelligence’’ – by two economics PhD candidates at the Massachusetts Institute of Technology (MIT) attests that using ChatGPT made white collar work swifter with no sacrifice in quality and then made it easier to “improve work quickly”. Israeli president, Isaac Herzog, recently revealed that the opening part of his speech was written by artificial intelligence software -ChatGPT. Lately, Bill Gates and the UK Prime Minister Rishi Sunak, were reportedly grilled by AI ChatGPT during an interview. Similarly, the United States Department of Defense (DoD) enlisted ChatGPT to write a press release about a new task force exploiting novel ways to forestall the threat of unmanned aerial systems. On the flip side, Elon Musk, is of the opinion that ‘’artificial intelligence is the real existential risk to humankind’‘. According to Musk,  ”artificial intelligence will outsmart humanity and overtake human civilization in less than five years’’. Theoretical physicist and one of Britain’s pre-eminent scientists, Professor Stephen Hawking, seem to agree with Elon Musk. He warned in in 2014 that artificial intelligence could spell the end of the human race. In the words of Hawking, “Once humans develop artificial intelligence it would take off on its own, and re-design itself at an ever increasing rate’’. He went further to asset that, ‘’Humans, who are limited by slow biological evolution, couldn’t compete, and would be superseded’’. Cybersecurity experts from the National Cyber Security Centre (NCSC), a branch of the United Kingdom’s Spy agency, Government Communications Headquarters (GCHQ), says artificially intelligent chatbots like ChatGPT pose a security threat because sensitive queries, including potentially user-identifiable information could be hacked or leaked. Underlying Principle And Modus Operandi of ChatGPT ChatGPT is essentially a large language model (LLM). A large language model, or LLM, is essentially a deep learning algorithm that can recognize, summarize, translate, predict, and generate text and other content based on knowledge gained from massive datasets. On March 14, 2023, OpenAI officially announced the launch of the large multimodal model GPT-4. A major difference between GPT-3.5 and GPT-4 is that while GPT-3.5 is a text-to-text model, GPT-4 is more of a data-to-text model. Additionally, GPT-3.5 is limited to about 3,000-word responses, while GPT-4 can generate responses of more than 25,000 words and is more multilingual. GPT-4 is 82% less likely to respond to requests for disallowed content than its predecessor and scores 40% higher on certain tests of factuality. GPT-4 is also more multilingual and will let developers decide their AI’s style of tone and verbosity. Basically, Large Language Models (LLMs) are trained with massive amounts of data to accurately predict what word comes next in a sentence. To give an idea, ChatGPT model is said to have been trained using databases from the internet that included a massive 570GB of data sourced from books, Wikipedia, research articles, web texts, websites, other forms of content and writing on the internet. Approximately 300 billion words were reportedly fed into the system. This is equivalent to roughly 164,129 times the number of words in the entire Lord of the Rings series (including The Hobbit). Currently, ChatGPT has very limited knowledge of the world after 2021 hence is inept at answering questions about recent or real-time events. In addition to English language, ChatGPT understands 95 other languages spoken around the world including French, Spanish, German, and Chinese. Unfortunately, ChatGPT does not currently recognize any Nigerian local language. ChatGPT uses speech and text-t-speech technologies which means you can talk to it through your microphone and hear its responses with a voice. It is important to note that the ChatGPT model can become overwhelmed, generate incorrect information, repetitions or unusual combinations of words and phrases. This is because ‘’Large language models like ChatGPT are trained to generate text that is fluent and coherent, but they may not always be able to generate responses that are as nuanced or creative as those written by a human. A blog post by Dr. David Wilkinson, a lecturer at Oxford university and editor-in-chief of The Oxford Review, purports that ChatGPT appears to be making up academic references. In essence, Wilkinson counsels that just because it’s coming out of ChatGPT doesn’t mean it’s right. ‘’You need to be very careful about what you’re doing, particularly in academic circumstances, but also professional’’. How AI-Powered ChatGPT Sparked A Chatbot Arms Race After ChatGPT went viral, major tech companies around the world started scrambling to deploy generative artificial Intelligence. Sequel to speculations that the release of ChatGPT could disrupt and upend the search engine business, Google reportedly triggered a “code red”, summoning founders Sergey Brin and Larry Page back to the company. Soon after, Google launched an



Most Nigerians are already tired of the elections, and it’s not even here yet. That being said, everyone is looking forward to election day so that we can all move on, and Naira can begin flowing again. But insecurity is one of those dreadful phenomena that could lead to INEC postponing the elections. There is a joint civil society group that meets regularly to evaluate election security and they are known as the Inter-agency Consultative Committee on Electoral Security (ICCES). A few months ago, the ICCES conducted an assessment and revealed that there were about 686 communities across Nigeria with high insecurity levels due to the activities of various Armed Non-State Actors, which were going to pose a problem for INEC effectively delivering election materials and eventually holding the elections in those areas. About 90% of those communities were based up north. Half of those were in the North West region alone, particularly in Zamfara state which has been hard hit by proscribed bandit groups considered as terrorists. The North Central also recorded a high chunk of insecure communities, as well as the South East particularly Imo, Anambra and Abia. The Bulwark Intelligence map below indicates areas that we are projecting will report levels of electoral attacks. Bulwark came up with their assessments using data from locations that have already reported significant pre-electoral violence, and also states that will likely show tension following the announcement of the election results. Despite the physical security threats, INEC insists that it is still going to go forward with the elections, and security agencies say they are going to do everything they can to prevent any form of violence on that day. CYBER SECURITY THREATS TO NIGERIA’S ELECTIONS The Electoral Act of 2022, ushered in the era of digitization for INEC. The reason is simple. The manual process was leading to significant interference and preventing a truly free and fair election. The introduction of the Bimodal Voter Accreditation System (BVAS) and INEC Result Viewing Portal (IReV) are supposed to help eliminate these risks. If all goes well, the issue of ballot stuffing, ballot snatching, results collation tampering, and voter fraud should be significantly reduced. But with increased dependence on technology, comes the requisite cyber security threats to INEC. The electoral commission mentioned that during the 2022 Ekiti and Osun elections, their portal experienced “significant cyber-attacks. But thankfully their engineers and cyber security teams were able to effectively respond”. There are interference threats of Disinformation and misinformation campaigns which are designed to influence the individual voter’s decision-making process, through intentional and unintentional dissemination of false information. There are also threats associated with deep fake videos which are doctored voiceover videos. This is particularly scary in places like Nigeria where wrong comments about tribe and religion could lead to physical violence and destruction. CYBER ATTACK THREATS ON INEC PORTALS AND TOOLS There are four notable tech portals and tools INEC has been using in these elections. There’s Basic Security in Election Duties (BaSED), an online security training portal for INEC personnel which allows INEC to train their over 1 million staff and ad-hoc personnel on election security awareness and what to do in case of security incidents. The other is the Election Logistics Management System (ELMS) which is an app INEC is using to track election materials procurement from storage to delivery. We’re talking about the movement of election materials to over 176,000 polling units across the country, which will be done using over 100,000 vehicles, and 4,200 boats escorted by the Navy. As you can imagine, the use of tech for logistics management is also a welcome development. The two external facing tools which have a high risk of cyber-attacks are BVAS and IReV. The Bimodal Voter Accreditation System (BVAS) helps ensure the voter is who he says he is. The upside is that it will reduce voter fraud and double dipping. But the downside is the biometric devices can act up causing delays and false negative errors which could prevent legitimate voters from being verified. The recently conducted BVAS mock testing and accreditation exercise revealed challenges with the internet network/server which is required for activation and configuration. Some remote locations experienced delays as a result. There were some reports of faulty BVAS devices. The hardware was faulty, and the fingerprint scanners were not working properly. INEC is also using the INEC Result Viewing Portal (IReV), which is supposed to ensure electronic transmission and viewing of results in near real-time. This is supposed to prevent cases of false results during collation or inconclusive results following interference by thugs at the polling unit. Again, the downside is going to be the internet network and the ability to upload the results. In addition, the availability of qualified personnel might be a challenge. INEC mentioned that during the Ekiti and Osun elections, there were cases of low-quality uploads because the officers who had been trained to do these uploads were not available or had to be substituted with others who had not been adequately trained for that role. INEC says they will ensure this doesn’t happen again, by deploying only adequately trained officers. SOLUTIONS It’s a little too late to advise on solutions right now since it’s almost game time. But one can only hope that INEC has already done significant levels of preparedness, especially in their ability to effectively detect attacks, respond to these attacks and quickly recover from the said attacks. Hopefully, they’ve conducted penetration tests and allowed independent ethical hackers to rigorously poke for vulnerabilities. PERSONAL SECURITY TIPS To be realistic, we are going to experience some levels of electoral violence, regardless of who wins or how many security agents are deployed to the streets. There are going to be paid thugs standing by to do the bidding of their political paymaster. There will be cases of voter intimidation, where people will be threatened to vote a specific way or experience the wrath of their local warlord. People are going to be upset with



Political Intolerance And The Risk of Election Violence in Nigeria The National Security Adviser (NSA), Babagana Monguno on Friday, November 11, 2022, stated that “rogues” are planning to disrupt the 2023 elections. Monguno said he was aware that in the last month, at least 52 cases of electoral violence were reported across 22 states in the country. Sequel to the NSA’s declaration, the British High Commissioner to Nigeria, Catriona Wendy Campbell Laing stated that, “When people feel intimidated, they can’t get out to vote, the election itself will not be credible, that is why the violence is of great concern”. On this note, she averred that the United Kingdom  will be watching closely any individual who acts violently or incites people through the social media and would not hesitate to impose visa sanction on such individuals. As a matter of fact, on Wednesday, the United States Secretary of State, Anthony Blinken went ahead to impose visa restrictions in his words, ‘’on specific individuals in Nigeria for undermining the democratic process in a recent Nigerian election’’. According to Blinken, ‘’additional persons who undermine the democratic process in Nigeria—including in the lead-up to, during, and following Nigeria’s 2023 elections—may be found ineligible for U.S. visas under this policy’’. The United Nations and the Economic Community of West African States (ECOWAS) on Tuesday, 17 January, 2023, warned Nigeria against violence in this year’s general elections. ‘’While the UN cautioned that if things go wrong in Nigeria, there would be serious consequences for the peace and stability of the entire region; the ECOWAS said if violence occurs in Nigeria, no other nation in the sub-region could accommodate Nigerian refugees’’. In new security advisories independently issued on Thursday, January 19, 2023, Australia, United Kingdom and the European Union, warned their citizens to reconsider their intending visits to Nigeria, avoid all political gatherings and election related sites in the lead up to, during and after the election due to the hostile “security climate” and threats preparatory to the 2023 general elections. Recall that in October 2022, the United States, UK, Canada, Germany, and Bulgaria issued terror alerts, warning their citizens in Nigeria to avoid shopping malls, religious centres, and hotels which they said could be targeted by terrorists. In its final report on the 2019 general election, the Nigeria Civil Society Situation Room conservatively estimated that, ”At least, 626 people were killed between the start of the campaign in October 2018 and the final election in March 2019’’. In 2021, the Armed Conflict Location & Event Data Project (ACLED) recorded a 22% increase in the number of organized political violence events in Nigeria. The violence resulted in over 9,900 reported fatalities, nearly a 30% increase compared to 2020. Cybersecurity, Election Hacking And Interference Evidence abound that state-actors and cyber sleuths interfere with the electoral ecosystem. Their interference can range from one or a combination of information operations, disinformation, broadcasting deep-fake videos across social media platforms, to corrupting data, altering voter registration databases hence disentrancing or impeding citizens’ ability to vote, to attempting to tamper with the outcome of vote count, and undermining voters’ confidence on the legitimacy, integrity of an election. With an approximately 80 million Nigerians online, social media plays enormous role in Nigerian political space hence fake news, disinformation is a thriving industry in Nigeria. For instance, a British Broadcasting Corporation investigation discovered that ‘’political parties in Nigeria are secretly paying social media influencers to spread disinformation about their opponents ahead of the 2023 general elections. According to the BBC’s Global Disinformation Team, a politician acknowledged that in addition to dolling out gifts and promising contracts, nay, political appointments, his team paid a social media influencer up to 20 million Naira (about ($45,000; £37,000) for delivering a ‘result’. The modus operandi of their strategists entails planting fabricated stories through other micro-influencers aimed at eliciting emotions and misinforming people. Idayat Hassan, director at the Centre for Democracy and Development, says the activities of these influencers is tantamount to “political interference”. According to her, “It is undermining trust in democracy, undermining trust in the electoral system, and it is instigating conflict“. Election interference is not exclusive to Nigeria. The website of Ghana’s election commission was allegedly hit by a cyber-attack in 2016. The commission said an attempt to put up “fake results” failed. Also, in 2021, the German government warned Russia over a wave of cyberattacks – “combining conventional cyberattacks with disinformation and influence operations” on German politicians. Similarly, in a BBC report of 11 September 2020, tech giant, Microsoft sent word that hackers with ties to Russia, China and Iran targeted US and British political parties and tried to meddle in elections. According to a newly declassified US State Department cable, Russia covertly spent more than $300m since 2014 to try to influence politicians and other officials in more than two dozen countries. Similarly, two Iranian nationals were charged for cyber-enabled disinformation and threat campaign designed to influence the 2020 U.S. presidential election. In the just concluded 2022 Kenyan election, reports indicate that about 200 hacking attempts were made on election results, between Thursday, 11th August and Friday 12th August. Thus, it is not surprising that the Chairman of the INEC Boss, Professor Mahmoud Yakubu confirmed sometime in September 2022, that the Commission’s ‘’result viewing portal (IReV) during the gubernatorial elections in Ekiti and Osun states, experienced several cyberattacks from hackers across the world, some of them from Asia’’. I reckon that the risk and threat of election interference will be higher during Nigeria’s forthcoming presidential election. It behooves on the INEC to ramp up its cybersecurity defenses (including elimination of human error) and ensure that critical technological infrastructure such as its servers, the Result Viewing (IReV) web portal and the over 200,000 Bimodal Voter Accreditation System (BVAS) that would be deployed across the 176,846 polling units across the country, for the 2023 general election, are not compromised by hackers. According to IBM Cyber Security Intelligence Index Report, human error (and I must add,


Cyber security in Nigeria, are we exposed?

1.  Attacks by the Anonymous have exposed vulnerabilities in Nigeria’s cyber space.  Nigeria fell prey for attacks known as hacktivism. Hacktivism is the act of using legal and/or illegal hacking tools in pursuit of political ends, free speech, and supporting human right and dignity. Those who perpetrate hacktivism are known as hacktivists. They are the modern-day equivalent of political protesters, expressing their frustration digitally. Anonymous is one of the most popular hacktivist groups in the world.  The attacks that we saw on Nigerian government institutions, banking institutions and other organizations, were carried out by Hacktivists in support of the EndSARS protests that took place.  2. How exposed are we?                                                  During the attacks against Nigerian targets during the EndSARS campaign, there were cases of Doxxing (when a hacktivist group leaks confidential information of public figures) and DDoS attacks (where targeted computer systems are overloaded and  company or organization websites are crashed) that were reported. These included: The release of confidential information of some Nigerian police personnel, the hacking of twitter accounts of the Nigerian Broadcasting Commission, the Disruption of both the Central Bank of Nigeria website, and the Web version of the Nigerian Police Force website.         The bad news is that the cyber attacks exposed the vulnerabilities of a number of Nigerian entities and institutions, and these were exploited by attackers. The good news is that the Cyber Security departments can begin to put the necessary measures in place to prevent a recurrence in the future. 3. Why so much exposure; what investments are needed to secure sensitive assets and how ready is govt to put money down? Cyber-attacks are inevitable in today connected world. The discussion around cyber security is not “if” we get attacked, but “when” we get attacked.  With this understanding, the government departments responsible for cyber security must take the necessary steps to improve their incident prevention, response, management and recovery processes.  Some of these steps are not expensive, it’s just that it requires meticulous implementation and fewer room for errors. For example, some targeted systems tend to have out-date software. Preventing such attacks in the future will require regular audit of monitoring systems, to ensure they are up to date and functioning as they should.  Attackers often go after what they deem as soft targets. So organizations must take steps to ensure they are not easy targets. Conducting tests to see where they are exposed/vulnerable and then setting up adequate defenses, will be a step in the right direction.



THE GOOD: Recognizing that there is a problem and demanding that it is fixed. SARS didn’t always start off as a nuisance. The tactical unit was created in 1991, in response to the incessant and brazen armed robbery attacks that plagued Lagos state at the time. Armed robbers attacked policemen in uniform, stationed at checkpoints. In response to this, SARS operatives were armed and tasked to patrol the streets in in civilian clothing to catch the armed robbers unawares. This strategy was effective in reducing the spate of armed robbery in Lagos and soon other SARS units were created in other states across Nigeria. Over time it soon became difficult to distinguish between SARS operatives and actual criminals, as civilians began complaining about armed men in plain clothes harassing innocent civilians, beating, extorting and illegally detaining them until they marched up to an ATM machine to cough out a huge sum as bribe as a mandatory condition for release. In 2017, social media helped put the spotlight on the Federal Special Anti-Robbery Squad and allegations of their misconduct. A social media campaign #EndSARS was created and the internet was soon awash with eye witness reports and victim accounts NPF SARS misconduct.   Amnesty International documented at least 82 cases of torture, extrajudicial killings, extortion and rape by SARS between January 2017 and May 2020. According to their report, victims held in SARS custody have been subjected to “mock execution, beating, punching and kicking, burning with cigarettes, waterboarding, near-asphyxiation with plastic bags, forcing detainees to assume stressful bodily positions and sexual violence.” Arrests and cases are rarely investigated. The #EndSARS and “Police Reform” campaigns, garnered national and international attention, and by August 2018, a year after the campaign began, the Acting President, Vice President Osinbajo called for an overhaul of the SARS program due to excessive reports of violation of Human Rights violations. Like many other things, the government promises to tackle the menace, but speaks about the issue while it is trending and once the hashtag is no longer trending, things slip back to their status quo. There have been numerous bans which are not adhered to. Which is exactly what transpired. Recent killings of unarmed civilians by the Nigerian Police Force (Interestingly, not from the SARS unit), brought about massive national protests, let by Nigerian youths. This time around, the President of Nigeria permanently banned SARS, but this has not brought about any respite to the spate of protests because: Nigerian’s have seen it all and heard it all before. Even several days after the presidential ban on SARS, operatives of the tactical unit were seen harassing unarmed civilians. The aggrieved protesters needed to see “actions” not just “announcements”. There was a 5-point request that was laid out, of which banning of SARS was just one. As far as the youth were concerned, their requests had not been fully answered. The protests represent deeper grievances than just EndSARS. It is subliminally young people venting their pent-up frustration of institutional police misconduct and bad governance Law enforcement personnel began responding to the protests with more violence, leading to increased protests.     THE BAD: Organic and Hijacked protests The protests started peacefully. Young Nigerians showed their resourcefulness. Raising close to $200,000, providing food and refreshments for protesters, providing medical care, hotlines for emergencies, legal support for protesters arrested, and even cleaning up trash on the protest grounds. This has been an incredibly organized protests for an organic movement with no visible leaders/representation.   The protests showed that the Nigerian youth had found their voice and were now aware of their power and influence. Within a few days, they had brought about the disbandment of the dreaded SARS, brought the town to a standstill and gotten the attention of the political leaders. Violent Protests There have been allegations that police leadership benefit from the proceeds of monies extorted from citizens. Either way, it is often found that those benefiting from the status quo are rarely in support of change. Some protest locations became violent as eyewitness reports showed some government security officials were seen attacking protesters. On 12th October, policemen fired shots at protesters in Surulere, Lagos state. On 13th Oct, soldiers confiscated cameras from activists and pressmen. By the second week of the protests, hoodlums and thugs had been released and unleashed on peaceful protesters. This was seen in Lagos, Abuja, Jos, Osun, Benin and other Nigerian states. This tactic was expected. Thugs will be released to attack the protesters, since government personnel couldn’t be seen as doing the same. This would lead to protests being declared as violent and justify the deployment of law enforcement personnel, or the declaration of a curfew, which would ultimately ban widespread protests. Physical Ban will equal Cyber Attacks A physical ban on protests however, will not entirely stop the young people’s resolve to put pressure on the Nigerian government to EndSARS and implement the 5For5. When funds were raised by Flutterwave (a Nigerian payment gateway), to fund medical bills of those injured in the protests, the Nigerian government shutdown their bank accounts. Activist group Feminist Coalition solicited donations via bitcoin and were able to continue raising funds for the protests. A physical ban will only generate a cyber protest that will hamper/affect government communications and increase global knowledge of the protests. So far there has been widespread support of the movement by prominent personalities on social media, including anonymous who conducted several cyber attacks and denial of service attacks against government websites and social media handles. These include: Releasing confidential information of some Nigerian police personnel, Hacking the twitter account of the Nigerian Broadcasting Commission, Disrupting the Central Bank of Nigeria website, Disrupting the Web version of the Nigerian Police Force website.  THE UGLY: Government crackdown through the military What people should be asking “what next”? So far, protests have morphed from organized and inspirational, to hijacked by violent hoodlums. Many believe these hoodlums are setting the stage for the Nigerian government’s


Hey, October Is Cyber Security Awareness Month! Cyber Safety tips for Nigerians.

Introduction   The United States of America designates every October as ‘’National Cyber Security Awareness Month’’ (NCAM). Initiated in 2004, the National Cyber security Awareness Month is a collaboration between government —the U.S. Department of Homeland Security — and private industry — the National Cyber Security Alliance, and other partners. The National Cyber Security Awareness Month campaign is aimed at raising awareness about the importance of cyber security (safeguarding digital information) and to increase resiliency in the event of an incident. The National Cyber security Awareness Month campaign is a global call to action. Canada, Europe and other countries have joined the fray. Africa, especially Nigeria must take a cue. The advent of the internet and social media has revolutionized virtually every facet of our daily life. Incidents of cyber attack, hacking, ramsomware are commonplace.   Distance is Not A Barrier   The inherent danger in cyber attacks is that distance is NOT a barrier. A hacker in North Korea can wreak havoc in Nigeria from the comfort of his bedroom. In September 2017, Equifax Inc., a United States consumer credit reporting agency says a huge cyber security breach compromised the personal information of as many as 143 million Americans — almost half the country. Cyber criminals accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses. Washington Post reported in May 2017, how more than 150 countries were affected by massive ramsomware cyber attack. Schools, hospitals, vehicle manufacturing, telecommunications, banks, businesses and other establishments were affected. The malware, deployed in this ransomware cyber attack is known as WanaCrypt0r 2.0, or WannaCry. Also recall that in 2015, a multinational gang of cyber criminals dubbed “Carbanak’’, infiltrated more than 100 banks across 30 countries and stole upwards of one billion dollars over a period of roughly two years. Cyber criminals steal more than £47 million annually through ATM card cloning (skimming) in the United Kingdom. Nigeria’s Minister of Communications, Adebayo Shittu says cyber crime costs Nigeria N 127 billion annually. A recent Kaspersky Cyber security Index estimates that up to 40 percent of people still leave their devices unprotected from online threats. A cybersecurity special report suggests that ransomware will worsen due to the increasing penetration and inherent vulnerabilities in Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as SmartWatches, public Wi-Fi, and proliferation of mobile Apps with malicious codes, amongst others. Governments alone cannot curb cyberthreats. All hands must be on deck! Be #CyberAware! This explains why the overall theme of the October 2017 cybersecurity awareness month is, ‘’Cybersecurity is a shared responsibility’’.   Cyber Safety Tips   The United States Department of Homeland Security, DHS, encapsulates online safety best practices in a catchphrase: STOP. THINK. CONNECT. The first step is to STOP: ensure security measures are in place. THINK: about the far-reaching consequences of your actions/online activities. CONNECT: and enjoy your devices with more peace of mind. Take heed of the following cyber safety tips, habits: 1. Be vigilant against ransomware: Ransomware cyber attacks has become one of the biggest cyber security threats. Ransomware is coined from – ‘’ransom’’ – money demanded in return of a captured person or something valuable. Ransomware is malicious software remotely deployed by cyber criminals (cyber-extortionists) to encrypt, hold valuable digital information ‘hostage’ until a ransom is paid. A combination of the following tips will help prevent not just ransomware but other forms of cyber attacks, data breaches. 2. Use strong, unique passwords, pass-codes or touch ID features to lock your devices (or use a password manager): Research says more than half of Internet users choose the same password for everything they do online. Common passwords such as — ‘’123456’’, ‘’QWERTY’’, ‘’password’’, among others are easy to guess and compromise. Instead of the aforementioned common passwords, try using multi word phrase or easy to remember sentence (e.g. I am Passionate About Cyber security); incorporate numbers and special characters such as #@&^. Better still, use two-factor authentication or a password manager. 3. Protect your online identity and security on social media platforms: Social media and messaging platforms – Twitter, Facebook, LinkedIn, Instagram, WhatsApp, amongst others, have become intrinsic part of our daily lives. They help us communicate, network, stay abreast of news and events. Your personal information (date of birth etc.), games you like to play; your contacts list, your itinerary and location are assets to cyber criminals. Be wary who gets such data and which Apps harvest such info. 4. Keep software, Anti-virus, Applications updated: A cyber security rule-of-thumb in securing your personal computer, smart device is keeping your operating system and all software, Applications up-to-date. Software updates help patch vulnerabilities. 5. Secure your Wi-Fi (or use a VPN): When a Wi-Fi or hotspot connection is not secured properly (weak password), it can be an Achilles’ heel for hackers to penetrate. If for some reason you have no choice but to use a public Wi-Fi network (hotspot), ensure you secure your connection by using a VPN (virtual private network). This will ensure your data is encrypted. 6. Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyber attack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process. 7. Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device. 8. Tor (The Onion Router) Internet Protocol (IP) addresses or gateways are usually the preferred route for ransomware to communicate with their Command and Control servers. Hence, blockading such IP addresses may impede a malicious malware from infiltrating. 9. When in doubt, throw it out: If an email, link, attachment, social media post, advertisement, picture or video look suspicious, even if you know the source,


22 Ransomware, Cyberattack Prevention Best Practices

Key rule of thumb is to ensure that very important files or documents are backed up on a regular basis. Backups are useful only if they’re created prior to a ransomware attack. Dedicated backup software such as Acronis’s True Image supports data recovery onto different hardware. Preferably, backups should be spread in such a way that the failure of any single point won’t lead to the irreversible loss of data. It is advisable to store one copy in the cloud or employ Microsoft’s OneDrive, Dropbox storage facilities, and the other on offline physical storage gadgets such as a portable Hard Disk Drive (HDD). Ensure data access privileges and read/write permissions are set, so that the files cannot be modified or erased and also to check the integrity of your backup copies once in a while. Ensure your Windows operating system is updated with Microsoft’s latest Security Bulletin MS017-010: Security Update for Microsoft Windows SMB Server (4013389) released in March 2017. Devices that were updated with the patch would have been automatically protected from WannaCry ramsomware but it is probable that many organizations, individuals may not have updated their systems or installed the update. Systems with older versions of Windows XP that no longer have mainstream support should refer to Microsoft’s blog for details of emergency security patches released in response to WannaCry. Keep Microsoft Windows Firewall turned on and properly configured at all times and enhance your protection more by setting up additional Firewall protection. Disabling Windows Script Host could be an efficient preventive measure, as well. Consider disabling Windows PowerShell, which is a task automation framework. Keep it enabled only if absolutely necessary. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.). In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC. To ward off a strain of ransomware known as Cerber, disable Macros in your Microsoft Office programs. Make sure your antivirus, browsers, Adobe Flash Player, Java, and other system software or Applications are up-to-date. Fine-tune your security software to scan compressed or archived files, if this feature is available. Ensure you install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks. Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyberattack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process. Personalize your anti-spam settings the right way: Most ransomware strains are known to spread via eye-catching emails that contain contagious attachments. It is advisable to configure a webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr. Desist from opening suspicious looking attachments: This doesn’t only apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a financial institution. Be very heedful before clicking on links: Dangerous hyperlinks, especially shortened urls can be received via email, social media or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible. The Show File Extensions feature can thwart ransomware plagues, as well. This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. Cybercriminals may also utilize a confusing technique where one file can be assigned a couple of extensions. For instance, an executable may appear like an image file and have a .gif extension. In some cases, files look like they have two extensions – e.g., cute-dog.avi.exe ortable.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in MS Word documents. Consider disabling the vssaexe functionality in your system. This functionality built into Windows to administer Volume Shadow Copy Service is normally a handy tool that can be used for restoring previous versions of arbitrary files. In the framework of rapidly evolving file-encrypting malware, though, vssadmin.exe has turned into a problem rather than a favorable service. If it is disabled on a computer at the time of a compromise, ransomware will fail to use it for obliterating the shadow volume snapshots. This means you can use VSS to restore the blatantly encrypted files afterwards. Use two-factor authentication and strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk. Deactivate AutoPlay in your system. This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives. You may have to disable file sharing. By so doing, the ransomware infection will be restricted only to the infected system. Consider restricting remote services. Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it. For example, the Remote Desktop Protocol can be leveraged by the black hat hackers to expand the attack surface. Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device. Turn off Wi-Fi when not in use: It is known that hackers can launch a cyberattack on a computer system, a mobile device through vulnerable, unsecure Wi-Fi networks. Use very strong passwords to protect your Wi-Fi. Beware of using public Wi-Fi’s. Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system. The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow. Tor (The Onion

Scroll to Top