Boxes have a multitude of uses, and the word “box”, lends itself to diverse contexts. For “Ajala Travelers,” the box is a necessity for keeping goods for their endless journeys. In literature, idiomatically, it can be said that “one has been boxed into a corner;” another might say to deal with a conundrum: “think outside the box;” then there is the “Pandora’s box” that no one wants opened.

To “box one’s ear’s” refers to a hit on the head, especially around one’s ears. For those who celebrate Christmas, “Boxing Day,” which is the 26th of December, the second day of Christmastide is not to be joked with: A day to unbox gifts. So much for the box.

Another type of boxes exists in the telecommunications world: The SIM Box. Have you ever received an international call but saw a local phone number ring in? That is SIM Boxing in action. Let me explain.

SIM boxing happens when a person uses a special equipment, what is called a SIM Box containing tens to hundreds of SIM Cards—from 32, to 96, to 512 and more SIMs —to terminate international calls by bringing in the international call into the SIM Box using internet connections and regenerating the calls to the called party from one of the hundred SIMs in the box.

This way, the called party will see the local number of the SIM from the SIM Box, and not the original international number calling.

With SIM Boxes, the syndicate charges international call carriers lower rates than what regular Nigerian telecommunications operators would charge, as they do not have to pay the full cost of maintaining and operating a phone network.

Basically, they are bypassing the normal route for international phone call termination to terminate international calls cheaply and making windfall profits off it.

Take for instance, a telecommunications operator in Nigeria would ordinarily charge international carriers 10cents per minute for terminating an international call in Nigeria. However, by routing the call through a SIM Boxing syndicate, the international telecommunications carrier only pays a fraction of the charge to the syndicate, say 5cents per minute and does not have to pay the full 10cents per minute charge.

The SIM Boxer will terminate this call to the called subscriber at a rate of, say N15 per minute using one of the SIM cards in their SIM Box. The SIM Boxer thus makes a killing from the differential between the rate charged to the international carrier and the rate paid to telecommunications operators whose SIM they utilise in their SIM Boxes, at the expense of our national security and income of mobile network operators and quality of our service to consumers.

Asides the revenue loss that local mobile network operators suffer courtesy the activities of these syndicates, networks face congestion around areas where the illegal call routings via SIM Boxing occurs. With the huge traffic from the boxes, callers around the area see more dropped calls, poor call quality, and slower data speeds.

The introduction of the linking of National Identity Numbers (NIN) to SIMs is one way the Federal Government has worked to tackle this criminal enterprise. With every SIM in the country being linked to an NIN, an identity is tied to the owner of each line, and regulators now have visibility of ownership. That is not all. There is also the “Max-4 Rule” where a subscriber is not allowed to have more than four lines per network operator linked to his NIN. With this rule in place, coupled with the NIN-SIM Linkage, every telephone subscriber in Nigeria would not just be accurately identifiable but limited to having only four telephone lines per subscriber.

To enforce this rule, the Nigerian Communications Commission (NCC) on the 29th of March 2024 announced the deadline for Mobile Network Operators to bar all subscribers who had five lines and above, and whose NIN failed the verification test of biometrics matching.

Over the last few weeks, sources within the NCC have confirmed cases where a single NIN was linked to over 100,000 lines.

Some NINs had well over 10,000 SIMS linked to them, others over a thousand, others had hundreds. Many have questioned the reports and asked, what would any single reasonable person be doing with these number of lines? Justifiable questions, because no sane person—who is not running a business—should own more than five SIM cards.

Given the ‘Max 4 Rule’ in place and the NIN-SIM Linkage Policy, SIM Boxers have been boxed into a corner.

The applications they use require tens to thousands of SIM Cards, and the imperative to stay anonymous. If these policies are well and fully implemented, this is the death knell for SIM Boxing merchants.

But the regulator, NCC needs to be fast and ready for the battle ahead. SIM Boxing is a billion-dollar criminal enterprise. They are not going to go down without a fight. It is like taking a bone being chewed from the mouth of a bulldog.

Already, the battle seems to have kicked off. A lawyer, Barrister Olukoya Ogunbeje has recently taken the Federal Government, NCC and Mobile Network Operators to court, claiming that the barring of SIMs not linked to NINs goes against his fundamental human rights, and has cost him the loss of business opportunities.

Anyone who has Nigeria’s interest at heart ordinarily supports this policy. It then does not add up seeing a so-called activist lawyer take up such a matter that is clearly against the public interest—unless this is the Haka cry of SIM Boxers.

A most interesting observation with his case is that it is not even a class action, but individually driven. It begs the question then, who is funding Barr. Olukoya Ogungbeje? What is his interest in fighting this policy that puts paid to the business of a criminal enterprise? Is he funded by interests in the SIM Boxing world? Time would tell. But in the meantime, NCC must go head on without fear or intimation and clean the Augean stable of SIM ownership in Nigeria.

Suleiman Bala Bakori is a researcher, and writes from the FCT.

. New Fully Managed Solution Provides Visibility, Risk Monitoring, Prioritization, Investigation, and Proactive Notification to Prevent Cyberattacks  

April 4, 2024 – Sophos, a global leader of innovative security solutions that defeat cyberattacks, today announced a strategic partnership with Tenable, the Exposure Management company, to provide Sophos Managed Risk, a worldwide vulnerability and attack surface management service.

The new service features a dedicated Sophos team that leverages Tenable’s exposure management technology and collaborates with the security operations experts from Sophos Managed Detection and Response (MDR) to provide attack surface visibility, continuous risk monitoring, vulnerability prioritization, investigation, and proactive notification designed to prevent cyberattacks.

The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.

This is evident in the newest Sophos Active Adversary Report, also released, which identifies three tasks that organizations must prioritize to minimize the risk of brazen intrusions that lead to ransomware or other types of attacks.

These include closing exposed Remote Desktop Protocol (RDP) access, enabling multi-factor authorization and patching vulnerable servers, all of which were top entry points in breaches handled by Sophos Incident Response in 2023.

The Sophos Managed Risk service can assess an organization’s external attack surface, prioritize the riskiest exposures, such as open RDP, and provide tailored remediation guidance to help eliminate blind spots and stay ahead of potentially devastating attacks.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Specific key benefits of Sophos Managed Risk include:

• External Attack Surface Management (EASM): Advanced identification and classification of internet-facing assets, such as web and email servers, web applications, and public-facing API endpoints
• Continuous monitoring and proactive notification of high-risk exposures: Proactive notification when a new critical vulnerability is identified in an organization’s internet-facing assets
• Vulnerability prioritization and identification of new risks: Swift detection of high-risk and zero-day vulnerabilities, followed by real-time notification to ensure critical internet-facing assets are promptly identified, investigated and responded to by order of importance

“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”  

Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments.

“Sophos Managed Risk simplifies the difficult and resource consuming task of identifying vulnerabilities, really understanding the extent of risk exposure, and prioritizing necessary remediations,” said Kieron Stone, cybersecurity business development manager at Phoenix Software Ltd. “As a trusted managed service provider (MSP), this is a service we’re proud to stand behind, and nearly all our customers using it have already discovered significant vulnerabilities that they were previously unaware of. For organizations that don’t already have a well-defined vulnerability patching cadence, this is a must-have service for the identification of vulnerabilities and building that schedule; and for organizations that are already managing vulnerabilities, it’s a second set of eyes for added peace of mind that they’re not missing anything.”

Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions. Additionally, organizations can initiate inquiries via the Sophos Central platform, allowing users to directly engage with the Sophos Managed Risk team for tailored support, reports and to review their latest prioritized alerts.

“You can’t fix what you can’t see. Sophos Managed Risk is shining a light on areas of exposure that require remediation in order to keep customers protected. Combining Sophos’ elite MDR experts with Tenable’s industry-leading exposure management technology gives us a full picture view of vulnerabilities with the guidance we need to minimize risk,” said Brooks Roy, president at Communications Consulting, Inc. “The real value add for us as a channel partner is having the ability to easily manage Sophos Managed Risk’s prioritized alerts across our customer base on the Sophos Central dashboard.”

Sophos Managed Risk is available with a term license through Sophos’ global network of channel partners and Managed Service Providers (MSPs). A Sophos MSP Flex version will be available in 2024.

Inq. Digital Nigeria Limited has been announced as a sponsor of Payments Forum Nigeria [PAFON 1.0] maiden edition holding this Thursday in Lagos.

inq. Digital Nigeria Limited, a subsidiary of inq. Group is an emerging leading digital and cloud solutions provider that delivers simpler seamless solutions to complex business challenges.

With offices in Lagos, Abuja, Port Harcourt and Kano, inq. provides reliable and affordable Intelligent Connectivity, SDN/NFV, Cloud and Digital services (including Edge –AI) for Nigerian businesses including those in the payment space.

Participation is FREE, however, pre-registration is required: https://bit.ly/4c4N19H.

Speaking ahead of Payments Forum Nigeria [PAFON 1,0] scheduled to take place at Oriental Hotel, Lekki Road, Lagos on Thursday, March 21, 2024 by 9am under the theme: “Payments: Trust, Security and Privacy in AI Era”, Mr. Chike Onwuegbuchi, the co-founder of TechCastle Foundation, the organisers, said the goal is to enable information exchange and knowledge sharing on key industry insights issues amongst key stakeholders, with the objective of ensuring a collaborative and proactive approach to push for policies that enable growth, tackling/mitigating fraud and limiting occurrences and losses.

Speakers

The following speakers are lined up for the Forum: Chibuzo Efobi, Director, Payments System Management, Central Bank of Nigeria (CBN); Festus Amede, Chairman, Committee of Chief Information Security Officers of Nigerian Financial institutions (CCISONFI; Dr. Adewale Peter Obadare, Chief Visionary Officer (CVO), Digital Encode Limited; Adetokunbo Omotosho, Chief Executive Officer, Cybervergent; Roosevelt Elias, Founder, Payble; Ikenna Ndugbu, chief compliance officer, Moniepoint MFB, and Peter Evbota, Sales Director at inq. Digital Nigeria Limited.

Payments Forum Nigeria is organised by TechCastle Foundation and sponsored by: inq. Digital Nigeria Limited, Cybervergent, Moniepoint, Digital Encode Limited, Payble with support from the Central Bank of Nigeria (CBN).