 Welcome back to the Breakfast Sun plus TV Africa. We set off with the first conversation and we're looking at the fact that this has generated a lot of conversation. You call that the cyber attack on the National Management Identity Commission where you have hackers boasting of gaining access to the database and we'll be looking at the implication of that security bridge on our economy and this morning we have Song Waluu Timilay joining the conversation. He is a data and software development strategist. Let's go to have you join us this morning. That's all right thank you so much Song Waluu Timilay for joining the conversation. I set off with you. What are your reactions when you first saw that news and had the story of the cyber attack on the National Management Identity Commission? I mean I felt a bit disappointed that I can't think of what I mean. I'll say this. When it comes to data security, there are various layers to be used. We have the policies, we have the privacy policies, we have the privacy, we have the data protection policies and I mean so many other layers of which it is not I mean I don't believe that there's one way out of security but how the security is being managed so how the issue was being managed before that kind of thing. So probably probably I mean I thought really I really liked the fact that I haven't and I really liked the fact that I haven't and I really felt very shocked when I had about the situation. Well I think there's also some clarity you know with regards this. Mr. Timilay, can you hear us? Yes I can hear you. Okay I was saying that there is some clarity that we still need to of course share with regards this particular situation with the NIMC. Apparently it seems like the story wasn't entirely true that there was a break or that you know there was a three million NINs that had been breached and all of that I think you know we soon need to get clarity with that and we hope that the NIMC puts out an actual message stating what happened but the conversation really is you know understanding how safe data is in Nigerian hands of the Nigerian government. There's very very vital information that is in you know the hands of the NIMC and so when this broke there's a lot of people who said oh well we're not shocked is the Nigerian government is the NIMC you know nothing you know there should be that secure and it's not you know a shock that anyone can break into it. So can you clarify you know for us you know if you understand the levels of security that the Nigerian government puts in place with regards data? So when you come to data security, there are various layers to it and we cannot just look at Nigeria as a country and say maybe our security policies are not properly put in place but the thing is it's a continuous process in ensuring that security is being protected. Now I have to continuously keep trying various technologies various strategies to ensure they are able to break into you know your system. One is your encryption trying to break into your encryption and another one is the kind of firewall that is being used which I mean I can't say and that's why we cannot really still ascertain to now if the NIMC's information were actually revealed and it was actually properly it was actually until now I'm not sure we've confirmed if they actually got access to those information that actually belong to the NIMC but the thing is that before an attack like this can occur there will be some pre-consignation you will see that something like that is about to happen and sometimes it would be like a breach it could be caused by a breach in data policy in the policies that have been put in place and somebody was actually used to implement them to get access to this kind of information so I mean we can't we can't generalize data protection to just Nigeria you know because you know some of this Nigerian some of these servers are not even listed in the country so the level of security that has been put in place sometimes the level of security that I mean is in place sometimes it's not really really it's not really we can't really say that we can't really say that it's the Nigerian government policy that controls it like you know like everything that you know there's been control locally but in terms of our security in terms of the security that we have in place I mean I think by doing well yes we can still do better and we can still ensure that the hands that are actually managing it and the kind of policy that we put in place can be improved or not okay but I'd like to find out if there's a possibility that this can happen because I also remember vividly that you know the Commission leadership had raised some concerns that there were plans to attack you know the space and these were some persons you know from maybe Iran Israel and what have you planning you know that particular attack at the time and it was it was more like the Commission was in the know so is there possibility that that can happen and secondly what are the measures that can be put in place to ensure that you know that doesn't happen paraventure that happened because we know that with every time you have all of this incident or report you would always have an institution or an agency coming to refute all of those claims so I'd like to find out from you being an expert in this you know fuel is that tendency that that can happen and what can you know the agency itself due to ensure that that doesn't happen yes talking about if it will happen if it can happen if you will happen the question is is there possibility that that can happen because I'm saying that the leadership of the Commission had raised some concerns prior to this time that there were plans you know more like they got a tip-off that attack was going to happen that some persons were planning to launch an attack on some of you know very vital government agencies and institution and so the question is is there a possibility that this can happen and if that's the case what can the people do what can government now do to ensure that that doesn't happen so so when you come like I said earlier when it comes to data security there are various layers to it and there's no one there's no one to steps to data security but there are various layers to it and ensuring that you put various steps in place talking about if it can happen yes it can happen yes it can happen if a proper attention is not being paid to all exactly and the actual bridge that it is in the system now I can't really say for now on that okay this is how if it happened this was how we were going to mention this to our system you know because how far what is there we have I mean ensuring the cluster of information the cost of information that being sent out and being pulled out we have APIs and we have APIs that other top agencies are using to you know the reason to access those information from the government and all but now the major the major concern the major concern is what is the expertise of the people that actually managing the server quality you know these informations are actually very private their private information that even if there was a bridge in a particular cluster of data security that cost the bridge it would be probably will not like to reveal that to us and it just depends on how how fast how fast did they see this penetration how fast did they see that there was a patch that is trying to get into that server and how fast were they able to respond to it if the response was if the response time was slow it will happen and this is where you know the kind of policies the kind of policies that they put in place comes to play how well are you monitoring what they have and where it's been monitored it's a very vital function that can actually determine a response time to data security bridge all right um Mr. Timile there's a term that I kept seeing yesterday and that is the S3 bucket can you help clarify what exactly that is yes so the thing is that the S2 bucket is more like a cluster is more like a cluster for information where you know it's more like a cluster of information now the thing is that you wait trying to access the information are the information encrypted encrypted and they are safe in different layers so that is actually the S2 bucket is like where the penetration actually occurred okay and you know is that a normal occurrence or was is there does that show that there was a lapse somewhere you know with regards protecting that bucket yes yes special that I was a lap somewhere but I mean I will really not because yesterday when I was much later yesterday I kept on seeing some information that I mean the information that when it's not actually the way I know actually information from I can remember this moment but I mean I mean so go ahead and go ahead and share with us you know what we what the risks are with regards a breach of that level what type of information is you know very very likely to be lost or to be taken so the MIMC has quite a number of information and the way the system was built the beauty to the way that I mean they verify your information to be able to get access to money those now the banks use it verification verification companies use it various agencies have access to this information so now this the way the region comes into place is that you have this information somebody else has my information I can actually can actually give out enough information about me you know so she makes his axe okay what is the top back of this person he can see it what is this and I'm good that is it was access more information is it was after my information which is actually very big please accept from that also having access to 23 million phone numbers what is that much access to emails address you can call them and actually place some pranks on them and they need to get it over there I'm able to get stuff out of them so I mean that there are lots of things that we don't visit that there are lots of things that we don't that information yeah and and you know we're in 2022 already I'm sure that information technology is developing really really fast is there new levels of internet and data security that we should also maybe be looking towards you know getting into or you're using yeah so the thing is that a lot of this data security there was before but what happened is that applications are developing a lot of applications are developing new patches are coming out new loopholes new clothes are getting open and because of the last five but whoever the security model you have you have to constantly agree it's built to meet up with the level of technology that is occurring because if that's not done you don't see you just because a lot of times a lot of times new threats have been discovered and they are being updated by the day so you know you don't use again that I mean you whatever security whatever you have you have to ensure that your domains are properly secured you have to ensure that you have your data encrypted even though it's inside the database and showing that the data is encrypted and if you don't have a set in a crypto code even though you are able to access that information the information is useless to you because you don't have your crypto code other other other mediums are ensuring that you know when you're putting out data from the database or you know the kind of API's that the NINC and the others use when they are putting out information they don't get more than the information they need it also helps data security and ensuring that because if you're putting out if you're putting out information from the server and you have been able to pull out more information that you need it is also always an avenue of penetration other thing is like take for instance a lot of websites now use social logins they don't use them they don't use logins from within they don't use logins from within the application just to ensure that they are hitting the amount of information that penetrates into the database server and I mean so many other things so many other things which we just need to just continue to keep working on it keep our eyes open keep seeing what the trends are and keep ensuring that our systems are being upgraded so some people have also said that you know collecting data cannot guarantee you know the safety of the people because first of all the reason for the collection of data over time the NIN registration was on the premise that it was going to help in the fight against insecurity in Nigeria and that's on the one hand on the other hand some people are also saying that with this the ricks losing the identity that people's identity could just be you know taking off entirely and then you don't have an identity how true is this and what are your thoughts? I mean sometimes I don't understand Nigerian government and I mean fact that the way we change government and we just come to the new policy is always alarming and I know that even for the NMC system that we are doing this between the national and domestic card we are still doing that for the water scan I mean I'm amazed at the fact that we are always taking information and we are always taking information over and over again why don't we just have one system that works and I mean my own suggestion and what I always feel like and will ask you that we have an immigration system that works we have an immigration system that has been standard for years that the standard for years and I know that the NMC can have I mean could have been this but I don't think I've ever had this with a national with a migration and passport system why don't we have a system like this why don't we have just one system that takes in all this information and everyone has an access line information from it so that our security can actually be concentrated into one sport our own security and all data can be concentrated into one sport I mean talking about security and getting on data I mean all I feel is that this information should be taken out of one sport let us focus on security on that one sport let us ensure that you know it is top notch and every other sector, every other processor are picking those data from you that's what happens in every other advanced country and I don't know why we have to do that do you agree that people can lose the identity if these you know claims are really true people could lose the identity but I mean I doubt if the identity can be lost I doubt if those information can be lost because people can take you out someone can decide to take your identity and information and become you impersonate you you can't take my finger prints even if you take my I mean you can't take my finger prints and you can't have my new why you can't have my new now so the thing is NMC they don't just work with just information and the phone numbers I don't they also work with the passports they also work with your finger prints they also work with your finger prints so let's say they want to break into the application they want to break into the server they want to replace my finger prints I mean they want to replace my finger prints now this person I replace my finger prints does he have finger prints before now does he have an IMC record before now I don't even understand what I'm saying so I mean that would create duplicates that would create the duplication of finger prints in the database so the chances are slim the chances are slim that you cannot not exist because of this kind of bridge has happened I don't know if you understand what I'm saying yeah find a question in one minute if you can does Nigeria have a hacking community does Nigeria have a hacking community yeah yes Nigeria has a hacking community but the community is larger than just Nigeria Nigeria is a small place the communities are larger than Nigeria these are communities where people teams of hackers work together teams of hackers from various parts of the world come together and sometimes you see Nigerians you see Nigerians at the top of those profiles probably there will be things that are even much more bigger than Nigeria's security and trying to break into them and sometimes I mean some use it for the negative purposes and some use it for positive purposes some people use it to show the bridge in your system so that you can upgrade it why some people use it to break into your system and sell your information so Nigeria has a hacking community but sometimes bigger than Nigeria okay good thing is you know every now and then I've heard you know people mentioned that Nigeria's banking sector is one of the most secure in the world and so would you know continue to lean on to that narrative thank you very much Sunwo Timilain for joining us this morning and have a great day ahead thank you so much absolutely and away from the discussions on hacking and the NIMC of course we will give you further details with regards that story it seems that it was a false alarm we're moving away to Mali now where there's a little bit of controversy with Echoas and the coup and the coup plotters in Mali we'll talk about that when we come back stay with us