The inside man

"Na the rat when dey inside house dey invite those when dey outside say make them come chop"

"Na who know man dey kill man"

The above expressions are just a few selected from some of our local adages written here in pidgin English about the subject matter of this article. Both adages have the same underlying message or theme which is that it takes the collusion or betrayal of an insider in any system for it to be compromised and subsequently become the subject of attack by outsiders or intruders. Indeed they attest to the fact that the worst adversary or enemy anyone can encounter in one from within one's close or inner circle.

These traitors or inside men usually open the doors for secure systems which seem impenetrable to be exploited. It is for this reason that cases in which internal sabotage is suspected are usually referred to as 'inside jobs'.

Inside jobs are usually common place in the conventional financial space where disgruntled or greedy employees leak sensitive information or vulnerabilities of their workspaces for a fee to bad actors to take advantage of. These bad actors could do damage via virtual or cyber theft while in other cases through physical robberies.

There have been cases where due to compromise by bank staff, cyber criminals gain access to information about clients of the bank. These criminals then use such information to attempt to defraud such customers by tricking them to reveal further information such as dedit card data and the likes which they can then act upon.

I recall receiving several calls from such scam artists who due to compromise by either staff of the banks or identity management authority had gained access to the bank verification number (BVN) data of customers. With the information available from the BVN (name, date of birth, telephone number among others) , these scammers would pose as bank staff.

They would attempt to convince the customers that they were genuine by sounding off the information which they had gleaned from the BVN, any unsuspecting customer would indeed be convinced by this act and be cajoled to provide further confidential information or data at their prompting.

If the per chance a customer were to divulge sensitive debit card data , that would be the beginning of the end as the hacker(s) would then have access to the funds in the account and if the breach isn't detected and plugged quickly enough, the entire account could be drained completely.

A kidnapping event I heard of several years ago also lays credence to the collusion that usually occurs between bank staff and men of the criminal underworld. A certain philanthropist had unfortunately fallen into the hands of kidnappers. While negotiations were on to secure his release, the most bizarre things took place. The kidnappers informed him each time a deposit was made into one of the accounts he operated in a particular bank indicating the amount that had been paid in.

The revelation by the kidnappers led the man to one conclusion, the kidnappers had somebody on the inside in that bank who was feeding them with information about the transactions involving that account. Thus the man upon being freed from the kidnappers den had no other option but to close his account with the said bank as obviously the bank had been compromised.

Block chain technology is also not free from the activities of inside men . In the aftermath of the recent hacking of yet another DeFi platform, Velodrome Finance, investigations as to the source or culprit involved in the breach led to a shocking and disappointing revelation.

It turns out that the hack had been executed by one of the members of the development team who stolen funds worth 350K USDT. He cited a flimsy excuse of previously losing funds when crypto blizzard struck a year earlier as the motivation for him to pull the heist.

These are just a few instances were comes have been perpetrated successfully due to the collusion of inside men. For any system to truly remain impregnable to external invasion, there has to be fail safes out in place to mitigate the risk associated with insiders going rogue and opening the flood gates for external aggressors.