olioxx:






Those of you bashing NIMC and the Nigerian Government for been weak or what not should please read about the Yahoo data breach. Most of you don't know that US of A that has good cyber security system and policy happens to be the country that suffers the most identity theft.
Even Israeli citizens are not left out as well.
Before we begin to bash, the ngCERT hasn't written an advisory notice or warning alert so let's take this as with a grain of salt, (I am not saying it can't happen oo, but no be say we just read something from one new site, we con dey conclude).


I hope you also figure that that personal is a Vulnerability Analyst/Bug Hunter and yes he is an hacker, but he didn't escalate the "juice" in his own words.
I am sure that it has been reported.


In addition to your previous quote I wanted other to understand the truth, that personal Sam is a bug bunter that found an a bug and exploited it and then followed due process in reporting.

Enceladus and Golan007 the speed you guys concluded somethings ehn!!! I hope you Sirs have read his statement, nobody hacked s3, the entire shit is potentially an exploit from Tecno devices and once again it has been reported, if you doubt me check bug bounty website.
Peace.

What was my conclusion?

BuhariAdvocate:
Liar fake hacker . Hacker dont dont brag.

You don't know anything about hackers

Enceladus:


Sad but true.



AWS has a proper high-security data vault. It is called RedShift I think. Those engineers really need to be sued if it is true that those information are stored on s3.

RedShift is just a data warehouse.


It depends on IAM for security same as S3.

TheOgaBoss:
oga that is not what s3 is designed for, granted it has some level of security and access controll but when you are talking of such sensitive data as this it is not secure enough.

I agree with you,but S3 is primarily for storage, and access to whatever is stored in that bucket is still a bone of contention.
Thats my point.
If there's any other functions specific about S3 bucket am willing to learn from you.

This is not true, NIMC server is a premises server residing IN Abuja office.

Enceladus:


The location of the data centre does matter for National security reasons.

I know that in the US, there are some sectors or applications you might build where the data must be 100% stored in the US according to the law. I got to know this in a training with AWS cloud.

You're very right and current too,am also having alot of training on cloud computing especially AWS but I do not want to limit my knowledge on Amazon products alone, just a specialty.
Back to what you said above you are very right I agree with you � I learned that recently too

See the government agency we are trusting our data and identity with!

Golan007:


RedShift is just a data warehouse.


It depends on IAM for security same as S3.

Exactly the point am making, even if they use redshift and no proper IAM control there will still be a breach .
Security is the issue here.
I little crack is enough for them to be exposed by an hacker.

gnhpowerhouse:
Ohhh ! My Goodness ,What can be done to avoid this Repeated ?

Satisfy your woman / Partner in Bed Very Well,Stay Longer .Stop Being a One Minute Man. Destroy Premature Ejaculations and Weak Erection Now

Check My Signature Below.

Nothing
There's nothing useful in incompetence

etokhana:

http://saharareporters.com/2022/01/10/exclusive-hacker-breaks-nimc-server-steals-over-three-million-national-identity-numbers#:~:text=News-,EXCLUSIVE%3A%20Hacker%20Breaks%20Into%20NIMC%20Server%2C%20Steals%20Over%20Three%20Million,sensitive%20data%20at%20his%20disposal.

What! I hope my number is not one of them sha

Sunnyja:
Your terroists loving brothers has compromised our national data base.

I have 100% conviction that the idiot that lay that claim is an ipob bastard. Go and tell him that he cannot do jack with Nigeria data base.
A hacker will not come online to announce that he hack Nigeria databases. Look at the Russian that hacked Americans databases, did you see them coming online to tell the world what they have done? Tell that ipob hacker that he should go and fck his mother, including people like you go and do the same thing.

mp3ree:



You don't know anything about hackers

He really doesn't.

Data was stolen from a sector of gas distribution companies here is the state in 2021 and the hackers were paid in millions of dollars after they brag about it.
He really doesn't know what he's saying

kunle75:


Exactly the point am making, even if they use redshift and no proper IAM control there will still be a breach .
Security is the issue here.
I little crack is enough for them to be exposed by an hacker.

Even if you think Nigerian agencies are full of idiots, for them to have utilised the cloud tells you there was thought put to it.

As someone said, carelessness or social engineering may have been the kink used.

olioxx:


Enceladus and Golan007 the speed you guys concluded somethings ehn!!! I hope you Sirs have read his statement, nobody hacked s3, the entire shit is potentially an exploit from Tecno devices and once again it has been reported, if you doubt me check bug bounty website.
Peace.

Conclude what? Who said they hacked s3? Where did you read that?

1. My point is why was data that deals with National security stored outside Nigeria and even outside Africa?
2. Why is the data stored on s3 and not in a more secure vault? Do you imagine the US SSA storing Social security numbers on s3 ? cc Golan007

Golan007:


RedShift is just a data warehouse.


It depends on IAM for security same as S3.

https://docs.aws.amazon.com/redshift/latest/dg/c_security-overview.html

RedShift is a different beast. It's like comparing a virtual machine and k8s. They do similar stuffs but one is more complicated and capable (thereby can be more tuned to be secure) than the other. Although I also agree again that basic IAM policies is needed.

Golan007:


Even if you think Nigerian agencies are full of idiots, for them to have utilised the cloud tells you there was thought put to it.

As someone said, carelessness or social engineering may have been the kink used.

Yeah I said it in my earlier post,majority of the time social engineering attacks are the most common for hackers to exploit, hackers aren't invisible as we think.
They're our families and neighbors too.

ELECTION THINGS

pantami na werey...

Enceladus:


Conclude what? Who said they hacked s3? Where did you read that?

1. My point is why is data that deals with National security stored outside Nigeria and even outside Africa?
2. Why is the data stored on s3 and not in a more secure vault? Do you imagine the US SSA storing Social security numbers on s3 ? cc Golan007

All your points are valid and I can't argue any of those either.
Am thinking that even the agency themselves seem not trust any providers in Nigeria or have something to hide by engaging a foreign partner in such assignment.
Am confused honestly

errigdee:
pantami na werey...

Calm down bro,I know it hurts �

kunle75:


All your points are valid and I can't argue any of those either.
Am thinking that even the agency themselves seem not trust any providers in Nigeria or have something to hide by engaging a foreign partner in such assignment.
Am confused honestly

Confused here also. What a country.

I remember when some clowns said pantami went to Robert Gordon university in Scotland.

Robert Gordon come and carry your product, abeg.
He has no concept of basic cyber security or pentration testing.

Enceladus:


Confused here also. What a country.

In any normal country, a lot of resignations will occur.
This is a serious breach of national security.

From the minister of communication, NSA, NIMC, all would resign immediately.
And would never enter into public office again.

Nigeria is a banana republic.

Are you people responding to that article or something else? Because what I read there is an ethical hacker working on a bounty placed by the Nigerian government. He even said he was paid about $5,000 for the job. Unless it wasn't the government paying him?

Having said that, no national database is safe anywhere in the world. But you can always expect worst case scenario in Nigeria.

The only reason why a fellow like pantami is minister of communication is because he is a known cleric in the North who actively supports buhari and fortunately has a certification in tech somehow.

In a field where there are so many Nigerians blazing the trail like no man's business.

A Nigerian woman in Canada won a Canadian govt civilian award for her work in computer Science.
She is a professor and one of the top voices on LinkedIn.

So many Nigerians doing great in communication technology.

But Buhari gave us a pantami.
Does pantami know any programming language?

Na dem dem, the perpetrator dey there

Enceladus:


Conclude what? Who said they hacked s3? Where did you read that?

1. My point is why was data that deals with National security stored outside Nigeria and even outside Africa?
2. Why is the data stored on s3 and not in a more secure vault? Do you imagine the US SSA storing Social security numbers on s3 ? cc Golan007

First of all, you are totally wrong with your assertions. I am yet to find something clicking in all your post, although all what you said about cloud security, data integrity are all true , but very unrelated to the issue on ground.
I ask again, did you read his report?
Then I hope you understand that the Pentagon has a deal with Amazon(ML/AI related), that is to counter your number 2 statement, and yes Amazon handles all the data but then Pentagon has officials in sync with those at Amazon's end.


Okay let me try to explain this scenario to the best of my ability.
Ask yourself this question, will a illegitimate guy have a publicy available Twitter handle, and then write on allegedly stealing tools for the sole purpose of selling this tools?

That personal is a bug Hunter, he found a bug particular to Tecno devices (he exploited the bug, and then found information), note that the NIMC has an app(ID app). The personal went further to report what he found, it is just like say, okay I found the Milan.exe file on the dark web, I analyzed it then wrote an article about it, then you now start blaming MTN or Airtel about how stupid they are to use gadget from China, that is wrong in all fronts.
Let me say this that NSA knew of a zero day on Windows platform, with this info NSA can hack virtually any Windows computer, NSA didn't report it until it came into limelight some years back, now imagine a stupid NSA guy did some shady things like hack into a government agency server utilizing the zero day exploit, while you now call that government stupid?
.
See guy there is a lot to this shit. I am open to constructive criticism. I am not afraid to learn from others.

Enceladus:




You have your preconceived opinions already and it is obvious by this your statement



So because they have deals, that means the serialized models of DoD's CHESS AI system and all others will be stored on s3? Bros be objective or else adios.

Just to be clear, nobody is saying that this is not a bounty issue. But a security concern is still a concern. Some bad actors possibly broke in already

First of all, I didn't mention that the models are stored in s3.
Then secondly my question to you, do you know where these models are stored, like do you have first hand info?

Logically speaking, all the models and data from that Pentagon deal, Amazon will have a copy, why do I say so, when it comes time to troubleshoot and or analyse, these will be done by Amazon engineer since they are offering the service. And I said that Pentagon officials and Amazon engineer are working in sync.
Edited: in the event that bad actors has laid siege of these precious data, by now some security researcher will start mass reportage, we saw the case of the log4j of Java, within 32hours Microsoft had updated MineCraft and written a detailed report. Then Nigeria will inform Interpol, Interpol will work with other international security agencies, and the might eventually take down there server, we saw the case of the Netwalker ransomware, the domain has been taken down. So if it gets to the worst case scenario, I am certain that legal actions will be taken. I hope you know that Windows 11 has some top notch security, if not Microsoft go hear am. 2021 was a bad year for Microsoft, they just had to update, if not, wetin them for see ehn!!! Abeg I wan sleep.
Then finally it is 10:11pm (WAT) I need to catch some zzzz, I don't know what country you are in, but have a good night rest.
Let's not over argue this thing.

Kissiemu:

Slawormiir is correct. The news has been debunked as fake news already. Go front page and see the news.

Sir leave those that choose to believe otherwise, the narrative from SaharaReporter is wrong, they didn't tell us the whole truth. It is quite sad a lot of people chose to blast NIMC as if they can offer a better solution.
I put to everybody bashing NIMC to write a detailed report or executive summary of what can be done better. If you can't do this, then you are in no position to bash or anything, ona think e easy. More to that I am very sure that NIMC will have a in house server, they never mumu reach that extent.

dynicks:
Slawomirh aka DAMN NIGGAAARR sighted leaving the scene after a job well done!!

See as he resemble sef

Lie!!!
Absolute lie!!!

Lavisha:
hehehe..

Something wey Pantami don give terrorists teh tey..

It's just a diversional tactics.

You should have stop passing they are coming for you with this your comments, this present government and animals they are like 5&6 to my thinking animals are more better than this people aje

CSTRR:
I remember when some clowns said pantami went to Robert Gordon university in Scotland.

Robert Gordon come and carry your product, abeg.
He has no concept of basic cyber security or pentration testing.

Its our collective fault,to make sure people who knows their job are saddled with same responsibilities .
We all have to do something and it starts with our resolve to choose rightly.

All this rogues are trial and errors

olioxx:

First of all, you are totally wrong with your assertions. I am yet to find something clicking in all your post, although all what you said about cloud security, data integrity are all true , but very unrelated to the issue on ground.
I ask again, did you read his report?

You have your preconceived opinions already and it is obvious by this your statement

Then I hope you understand that the Pentagon has a deal with Amazon(ML/AI related), that is to counter your number 2 statement, and yes Amazon handles all the data but then Pentagon has officials in sync with those at Amazon's end.

So because they have deals, that means the serialized models of DoD's CHESS AI system and all others will be stored on s3? Bros be objective or else adios.

but very unrelated to the issue on ground. I ask again, did you read his report?

Just to be clear, nobody is saying that this is not a bounty issue. But a security concern is still a concern. Some bad actors possibly broke in already.