Cyber Threats Know No Borders: From NSA Phones To INEC Servers

BY PRINCE ADEYEMI SHONIBARE 

Even the Strongest Systems Are Vulnerable. In a live television interview, Mallam El-Rufai revealed that he hacked the Nigerian National Security Adviser’s (NSA) phone through someone. While he described it as “nothing really new,” the disclosure underscores a critical point: no security system, digital or physical, is entirely foolproof. Coupled with past incidents, such as the hijacking of vehicles in the NSA’s convoy, this serves as a stark reminder that national security is vulnerable not only to technical weaknesses but also to human and procedural lapses.

Globally, the United States has faced similar realities. Advanced defense systems, federal databases, and even election infrastructure have repeatedly fallen prey to cyber intrusions. The patterns observed abroad offer important lessons for Nigeria, particularly regarding the security of the Independent National Electoral Commission (INEC) servers.

Lessons from the United States

Pentagon Breach, 2007 – China’s Persistent Threat

In 2007, Chinese state-backed hackers infiltrated the U.S. Department of Defense networks, exploiting unpatched legacy systems and poor network segmentation. Sensitive operational files were compromised, demonstrating that even highly classified military systems are not impervious to sophisticated cyber threats.

Office of Personnel Management Hack, 2015 – Identity Theft at Scale

Chinese hackers accessed over 21 million personnel records stored in the federal Office of Personnel Management. Centralized databases with weak encryption allowed the attackers to build a permanent map of U.S. government employees. The breach highlighted the dangers of poorly segmented systems and the long-term consequences of identity compromises.

SolarWinds Supply Chain Attack, 2020 – When Trusted Software Becomes a Weapon

Russian intelligence agents infiltrated U.S. federal agencies via a compromised software update from SolarWinds. Thousands of systems, including Homeland Security and Treasury, were affected. The breach demonstrated how reliance on trusted software vendors can introduce hidden vulnerabilities—a scenario directly relevant to any electoral technology provider in Nigeria.

Colonial Pipeline Ransomware, 2021 – Cybercriminals as Strategic Weapons

In May 2021, the DarkSide ransomware group disrupted fuel supplies along the U.S. East Coast, triggering a national emergency. The attack showed how cybercriminal operations could paralyze essential services without traditional warfare.

Microsoft Cloud Email Breach, 2023 – Modern Cloud Systems Are Not Invincible

State-backed actors accessed sensitive government emails hosted on cloud servers, exploiting misconfigurations and weak anomaly detection. Even advanced cloud infrastructures require continuous monitoring, zero-trust frameworks, and strict access controls.

Critical Infrastructure Probing, 2024–2025 – Pre-War Positioning

Ongoing attacks target U.S. power grids, satellite systems, and telecommunications networks. These operations aim to position adversaries for rapid disruption, highlighting the shift from espionage-focused cyber attacks to operations capable of crippling national systems in minutes.

Nigeria Faces Similar Risks

Mallam El-Rufai’s admission that he hacked the NSA phone through an intermediary illustrates a key principle in cybersecurity: human factors and supply-chain vulnerabilities often outweigh purely technical defenses. If a top-level security officer’s communications can be breached, sensitive government networks—including electoral systems—are at risk.

The INEC server, which manages Nigeria’s elections, represents a high-value target. Lessons from U.S. electoral interference show that cyber operations combined with disinformation campaigns can compromise not only the integrity of results but also public trust. The potential consequences of a breach extend beyond technical disruption to erode confidence in democratic governance.

Strategic Implications for National Security and Elections

Vigilance Must Be Continuous – Even minor breaches should trigger immediate institutional review and response.

Architectural Resilience Is Critical – Zero-trust access, multi-factor authentication, strong encryption, and network segmentation must become standard across all sensitive systems.

Supply Chain Risks Are Real – Third-party intermediaries or software providers can introduce vulnerabilities, as evidenced in both U.S. SolarWinds attacks and the NSA phone hack.

Electoral Integrity Requires Priority Protection – Securing INEC servers is not merely an IT issue; it is a matter of national security and democratic stability.

Integrated Physical-Digital Security – Cybersecurity must be coordinated with physical security and operational procedures to prevent multidimensional attacks.

Conclusion: A Call for Proactive Defense

The hacking of the NSA phone, the hijacking of government convoys, and the vulnerabilities of INEC servers are part of a broader, global pattern of cyber threats. If the United States, with unmatched technological and military resources, experiences repeated breaches of its military, financial, and electoral systems, Nigeria—and other nations—must recognize that no system is invulnerable.

Modern conflicts are increasingly silent, occurring in digital space rather than on battlefields. The keyboard has become as decisive as the missile, capable of influencing national security, political stability, and economic continuity. Nigeria’s response must involve integrated cyber architectures, continuous monitoring, and proactive threat mitigation, particularly around its electoral and critical infrastructure systems.

National security today is inseparable from cybersecurity. Vigilance, resilience, and strategic planning are not optional—they are imperative.