MTN Nigeria server hit by suspected cyber criminals

MTN Nigeria server hit by suspected cyber criminals

Media reports from Nigeria say the weekend attack on an MTN server saw the company lose R28m (N700m) in just under two hours, after subscribers accessed up to 120GB of free data per individual.

Nigeria is the biggest but challenging market for the South African company, with 60 million mobile-phone subscribers. The valuation of R103bn ($7,3bn) makes it the second biggest company by revenue listed on the Nigerian Stock Exchange (NSE).

Reports say the newly NSE-listed company also notified the office the Nigerian Economic Financial Crimes Commission (EFCC) to investigate a suspected cyber crime offence.

MTN had not responded to ITWeb by the time of publishing.

The operator is, however, reported to have sent a text message to customers saying: "Dear customers, our electronic and VTU recharge channels may be unavailable from 12-8 am on Sunday, 16 June. Please recharge before 12 or use a voucher or dial *904#. If a minimum of 1000 is not recharged your SIM will be barred."

Another text was sent later: "Dear valid customers, your SIM will be temporarily barred within the next 24 hours due to the consistent use of unassigned data."

Funso Aina, senior manager of external relations for ICT at MTN Nigeria confirmed the problem to a Nigerian journalist via a text message.

"The system glitch reported has been resolved and erroneous allocation of data reversed on all affected accounts," is quoted by Nigerian media.

No material effect to MTN

Telecommunications analyst Dobek Pater at Africa Analysis says it is important for telco companies to protect their infrastructure from unwarranted intrusion by cyber criminals.

"As service providers, MNOs [mobile network operators] are obligated to ensure the security and privacy of customer data. If this is compromised and customer details are stolen, for instance, it could have several repercussions, from identity theft to illegal/erroneous billing to fraud," says Pater.

"When the systems delivering services and or the billing engine are attacked, this could lead to loss of revenue for the MNO either through inability to deliver services or inability to bill or bill accurately for services delivered."

Pater is of the opinion that the weekend glitches in Nigeria had no material effect to MTN.

"I don't think it will have that much of an impact, although it depends on the type of attack and the extent of it. Service outage does happen at various operators periodically for various reasons, therefore, inability to provide a service for a couple of hours is not an event that will necessarily sway customers' decision whether to stay with or move away from an operator," he says.

However, he cautions that if customer personal data has been compromised it could sway some customers to move away.

** Article update:

Omasan Ogisi, General Manager, Corporate Affairs for MTN Nigeria denied the cyber-attack telling ITWeb that: "This information is incorrect. On Saturday, 15 June, a system glitch led to the erroneous allocation of data to a few subscribers. This issue was rapidly detected and resolved, and the incorrectly allocated data reversed on all affected accounts."

He added: "No, it was not (cyber-attack). The system glitch that resulted in the erroneous allocation of data to a few subscribers was a highly localised technical issue, which was quickly detected, resolved and reversed."

Responding to the President of National Association of Telecom Subscriber, Chief Deolu Ogunbanjo, who told journalists that the glitch could be considered as cybercrime. He said: "It is unfortunate that it happened to MTN and I think it can be classify as cybercrime."

This is not true said Ogisi.

"The integrity of MTN Nigeria's network was not compromised in any way," he said. "MTN has a firm commitment to the privacy and security of its customers. In Nigeria, MTN operates one of Africa's most advanced mobile networks, supported by world-class security protocols and technologies. The business will continue to invest in the latest technologies consistent with a network of our size and scope."

Read more