On the night of February 28, a hacker operating from the Federal University of Technology, Akure (FUTA), connected a computer to the university’s network and began a cyberattack on the website of PREMIUM TIMES. With a mobile phone as his backup, the attacker continued the operation for the next five days.
At about 8:00 p.m., he started with a reconnaissance scan of the newspaper’s website using a web fuzzer popular with low-grade hackers.
The following morning, at about 6:15 a.m., the attacker returned with another open-source vulnerability scanner – WPScan, free tool bloggers use to test for security vulnerabilities on their sites.
About 90 minutes later, he ran his final probe – a custom script.
The following morning, Sunday, the attacker continued his attacks – a series of distributed denial of service, DDOS, attacks that lasted until that evening. On this day, it appeared his goal was simply to shut down the newspaper’s operations by overwhelming its servers.
He began the day – at about 9:28 a.m – with an attack that exploited the very old Character Generator Protocol found in many obsolete internet-enabled devices like printers.
He ended the day with another DDOS attack exploiting the publicly-accessible Network Time Protocol (NTP) servers. NTP is one of the oldest protocols used by internet-enabled devices to synchronize their clocks.
On that day, he launched a total of seven DDOS attacks.
On Tuesday, March 3, he returned with his final attempt for the campaign.