DSS, Nigerian Police arrest 20 suspects for hacking JAMB’s 2025 UTME CBT system

Operatives of the Department of State Services (DSS) and the Nigerian Police Force have arrested 20 suspects in Abuja for allegedly hacking into the computer-based test (CBT) system of the 2025 Unified Tertiary Matriculation Examination (UTME), conducted by the Joint Admissions and Matriculation Board (JAMB).

The arrests, confirmed by security sources on Friday, are part of ongoing efforts to dismantle a syndicate believed to comprise over 100 individuals specialising in breaching the computer servers of national examination bodies, including JAMB and the National Examinations Council (NECO).

According to reports from multiple sources, the suspects confessed to sabotaging JAMB’s CBT system with the intent to discredit the board and discourage the use of computer-based testing for future examinations, such as those conducted by NECO and the West African Examinations Council (WAEC).

A security source quoted by The Authority News revealed that the syndicate employed sophisticated methods, including the installation of malicious software on examination body hardware. This software enabled remote hacking of JAMB servers at targeted CBT centres, allowing the perpetrators to manipulate exam results.

The hacking strategy involved mounting rogue routers near CBT centres to override JAMB’s platforms, enabling certain candidates, who reportedly paid between N700,000 and N2 million, to access exam answers illicitly.

“The intrusion of the ghost software by the syndicate distorted the system, making answers provided by candidates during the exam to be at variance with the questions,” a security source told AIT Live. This manipulation is believed to have contributed to the widespread failure recorded in the 2025 UTME, where over 1.5 million of the 1.9 million candidates scored below 200 out of a possible 400 marks, raising significant concerns across Nigeria’s education sector.

The arrests follow a covert investigation by the DSS, which had been monitoring the syndicate’s activities for some time. “While the controversy raged, little did the public know that the DSS had been covertly monitoring and investigating this dangerous web of attacks,” a source told AIT Live.

The operation led to the apprehension of suspects in multiple states, including Lagos, Edo, Anambra, Kano, and Delta, with further arrests expected as investigations continue. The identities of the suspects have been withheld pending formal charges, as they are set to face prosecution in court.

2025 UTME results glitches 

The 2025 UTME, a critical prerequisite for admission into Nigerian tertiary institutions, has been marred by controversy due to reported errors and malpractices. On May 14, 2025, JAMB’s Registrar, Prof. Ishaq Oloyede, admitted during a press briefing in Abuja that errors in the examination process affected candidates’ performance.

“What should have been a moment of joy has changed due to one or two errors,” Oloyede stated. Of the 1,955,069 results processed, only 12,414 candidates (0.63%) scored 300 and above, highlighting the scale of the challenges faced during the examination.

Security sources emphasised that the syndicate’s actions were not only aimed at financial gain but also at undermining the credibility of JAMB’s CBT system. By manipulating the UTME results, the hackers sought to create distrust in the system and discourage its adoption for other national examinations. The use of attacking software and rogue routers underscores the growing sophistication of cybercrime in Nigeria, a country grappling with over 119,000 data breaches in the first quarter of 2025.

The DSS and Nigerian police have assured the public that investigations are ongoing to apprehend remaining members of the syndicate and to determine whether any JAMB officials were complicit. As of Friday evening, no evidence had been established against the seven JAMB officials who supervised service providers at the compromised CBT centres. Authorities have vowed to prosecute all culpable individuals in accordance with the law.

This incident follows a pattern of cybercrime targeting Nigeria’s examination bodies. In November 2024, the Nigerian police arrested 130 foreign nationals and 17 Nigerians in Abuja for high-level cybercrimes, including hacking activities. Additionally, in August 2024, five suspects were charged with illegally accessing JAMB’s Central Admission Processing System, further highlighting vulnerabilities in the nation’s examination infrastructure.

The arrests have sparked calls for enhanced cybersecurity measures to protect Nigeria’s educational systems. Experts have criticised the lack of synergy among security agencies in leveraging technology to combat cybercrime. The Nigerian government’s 2022 mandate to synchronise SIM cards with National Identification Numbers (NINs) has yet to curb untraceable criminal activities, underscoring the need for more robust interventions.

As this unfolds, adding yet another layer to the ongoing challenges faced by JAMB, the examination body, the DSS, and the Nigerian Police remain under pressure to restore public confidence in the examination system and ensure that future tests are conducted without interference.