Hackers Expose CBT Exam Server Breaches in Nigeria

Some operators of Computer-Based Test (CBT) centers accredited by the Joint Admissions and Matriculation Board (JAMB) have been accused of engaging in widespread malpractice during the most recent Unified Tertiary Matriculation Examination (UTME).

Investigations by Saturday PUNCH revealed that these operators provided technical information to skilled individuals in technology, who consequently hacked into the servers and altered the examination process.

JAMB encountered technical issues in May that disrupted the 2025 UTME, leading to a significant number of candidates failing; 1.5 million out of the 1.9 million candidates who took the exam scored below 200 out of a possible 400 marks.

The situation provoked a strong reaction as JAMB Registrar, Prof. Is-haq Oloyede, became emotional on May 14 while acknowledging that some candidates’ scores were adversely impacted by technical glitches.

In Abuja, no fewer than 20 individuals were apprehended by agents from the Department of State Services and the Nigeria Police Force for hacking into various CBT centres.

In response to this issue, JAMB issued a warning in June about candidates employing Artificial Intelligence to impersonate others and wrongfully claiming albinism to cheat.

By July, data shared at the board’s 2025 policy meeting indicated that CBT centres in Imo and Anambra states were the most frequently implicated in finger-pairing malpractices.

In total, 19 centres were identified across the country: Anambra had six, Imo had four, Abia and Edo each had one, Kano had two, while Ebonyi, Delta, Kaduna, Rivers, and Enugu each reported one centre involved.

In August, JAMB reported that 6,458 candidates were being investigated for participating in technology-related examination malpractice during the 2025 UTME.

The board set up a 23-member Special Committee on Examination Infraction to look into these cases and deliver its findings within 21 days.

Sources from Saturday PUNCH revealed that the operators of the so-called “miracle centres,” who promise success to desperate candidates, played a role in the technical issues experienced during the exam.

A hacker, who went by the name Ahmed and claimed to have been in the field for 10 years, commented on the breaches of the CBT servers, stating that there was little the JAMB could do to prevent exam malpractice since some centre operators were directly involved in the scheme.

Hackers Expose CBT Exam Server Breaches in Nigeria

Ahmed revealed that operators at certain centers provided the Internet Protocol address to hackers, allowing them to access servers without detection, while hired individuals would take exams on behalf of some candidates.

These hired individuals are known as people who unlawfully take exams for others.

An IP address is a distinct sequence of numbers assigned to each device linked to a computer network that employs the Internet Protocol for communication.

He stated, “There are centers that share their IPs with hackers. This enables them to infiltrate and acquire exam questions and login credentials of candidates. It is impossible for them to monitor all the IP addresses in Nigeria.”

“Although candidates are present at the CBT centres, hired individuals are stationed outside with remote access to the centres’ servers to take the exams for them.”

He explained that candidates who first logged in at the centres would be intentionally logged out to allow the mercenaries outside to take control.

Ahmed mentioned that the candidates would have been told to stay silent while their systems were logged out.

He mentioned, “As the mercenaries are responding to the questions, we instruct the candidates to time themselves for either 20 or 25 minutes, then we claim that their systems have logged them out. During this time, we already have access to their portals and are assisting them in tackling the questions with the mercenaries.

“By the moment they alert the examiners at the centers, we’ve already completed the questions for them. When they log back in, they will find that all the questions have been answered. They just need to click on ‘Submit,’ and that will be the conclusion.”

“The primary method we employ to operate this is to obtain the IP address and input some codes, which are merely numeric. After that, we enter the numbers, and that is sufficient. This allows us to access everything associated with the JAMB server.”

An educational consultant who operates a coaching center in Badagry, Lagos, verified Ahmed’s statement, noting that numerous centers had compromised personnel who facilitated examination fraud.

Hackers Expose CBT Exam Server Breaches in Nigeria

The consultant affirmed that hackers infiltrate the servers of specific CBT centers by accessing the IP address provided by the staff.

He remarked, “This would be impossible without an insider from the centers. Without an insider, there is no way we could obtain the IP address to perform this. These individuals serve as the backdoors to these activities. These operatives are compensated with millions of naira. The candidates’ parents have already settled all fees with the centers.

“There is nothing they can do to prevent this malpractice; there will always be an insider who can demonstrate how to breach the server. Once we access the server, our candidates automatically succeed in their exams because we handle it for them remotely.”

A CBT operator located in Lagos, who participated in the business, disclosed that the centers were often aware their servers had been breached but chose not to take action.

He stated, “The proprietors of these centers are aware that their servers are compromised but refrain from any action because they are benefiting financially from the illicit activities. The mercenaries are giving them substantial sums of money.

“These centers also maintain connections with certain individuals in JAMB, who act as their support system. The assertion that JAMB’s technology effectively combats malpractice is false. Numerous students are still being assisted in passing their exams. What these individuals do is utilize a backdoor in a specific center’s server to carry out their operations smoothly, employing mercenaries to take the exams.

“JAMB is incapable of recognizing their faces or anything else. Some of these individuals do not depend on inside help; they hack straight into the center’s database.”

However, JAMB spokesperson, Fabian Benjamin, stated that breaching the board’s website was impossible, emphasizing that it did not host examination questions on its website.

“Our systems are connected locally. It operates through a Local Area Network, which is not linked to the internet. Therefore, it cannot be accessed online. No questions have ever been hosted on our website. The examination system is not internet-based,” he explained.

He clarified that what some individuals claimed to have hacked was the local server of certain centers in collaboration with the owners of those establishments.

Fabian remarked, “It is impossible for anyone to access our questions because they transmit like a text message in terms of speed and delivery. We send our questions via a model to the centers, similar to how text messages work. A candidate’s biometric data is what grants them access to the questions.”

Additionally, the National President of the Computer Based Test Centre Proprietors Association of Nigeria, Austin Ohaekelem, praised the JAMB registrar for his efforts in diminishing exam malpractices, asserting that not all CBT centers engage in fraudulent activities.

He pointed out that some legitimate exam issues were mistakenly categorized as cheating.

Ohaekelem remarked, “There are still some glitches that occur either at the exam registration stage or during the actual exam, happening unintentionally. These are now being interpreted as fraud and a calculated effort to undermine the examination.”

Addressing the cases of technical issues with JAMB, the national president expressed worry over the wrongful blacklisting of innocent examination centers due to these problems.

He explained, “There’s a center in Anambra State where a candidate was being registered when the network connection failed, but the candidate’s picture had already been taken. Due to the network issue, the details were not submitted.

“When the next candidate arrived to register, the personnel assisting began the registration for the new candidate, unaware that the first candidate’s information was still on the system. The picture of the second candidate ended up being linked to the first candidate’s information. This was not intentional. They realized the mix-up when they attempted to print a notification slip at the end of the registration period.

“There are also other complications with biometric captures when a candidate arrives, and the scanner fails to read their fingerprint, leading to multiple attempts, which makes the candidates anxious. The real definition of fraud should focus on situations where there is an intention to sabotage or compromise the examination.”

In response to the situation, Ogundokun Olufunso, the Secretary of the Association of Tutorial School Operators in Oyo State, expressed his concerns about the extreme measures some candidates take to circumvent the system during exams.

Olufunso, during an interview with Saturday PUNCH, remarked that certain students collaborated with technology specialists to tamper with biometrics, while others faced issues due to circumstances outside their control.

“Occasionally, some students, driven by desperation, team up with tech engineers. At times, they engage in biometric manipulation. Other students find themselves in trouble without any wrongdoing, as when their biometric data isn’t accepted, they may think such candidates are being scrutinized, leading to their exclusion from the examination.”

Olufunso emphasized that while completely eliminating exam malpractice may be challenging, it can be significantly diminished if adequate checks are enforced.

Regarding the existence of “miracle centres,” he pointed out that most tutorial centers in the state have distanced themselves from such activities due to the associated risks.

He stated, “I can confidently inform you that the majority of tutorial centers have ceased to participate in such activities because they are risky, and we advise against it. What amount would a student pay you to jeopardize their future and career, and risk imprisonment? If you’re incarcerated, these students will carry on with their lives. Therefore, all tutorial centers now adopt the perspective that it is more prudent.”

Nonetheless, he called on JAMB to conduct internal assessments and ensure that weaknesses in their system are addressed to prevent manipulation.

Similarly, Emehinola Omodara, the Director of Toppers Coaching Centre in Ogun State, called for JAMB to reassess its system and eliminate any vulnerabilities that could foster exam malpractice.

Omodara remarked, “You cannot make accusations without proof. JAMB needs to reassess their system and improve upon it. They are making efforts, but there are several gaps that must be addressed to earn the public’s trust.

“If they organize their processes correctly, there would be no need for miracle centres. They should not be deflecting responsibility but should examine their own staff members and investigate how these leaks are occurring.”

Additionally, Taiwo Folorunsho, the founder of Campusinfo Consult Limited, highlighted the necessity for a thorough enhancement of JAMB’s technology to effectively combat malpractice and rectify its operational flaws.