A Saturday PUNCH investigation has revealed how hackers, in collusion with operators of JAMB-accredited CBT centres, manipulated local servers by using compromised IP addresses to allow mercenaries to remotely write exams for candidates during the 2025 UTME.
The shocking mass failure in the 2025 Unified Tertiary Matriculation Examination (UTME), where 1.5 million out of 1.9 million candidates scored below 200, has been linked to a sophisticated hacking operation enabled by insiders at accredited test centres. An investigation by Saturday PUNCH has peeled back the layers on a widespread malpractice scheme, revealing how hackers manipulated the very systems designed to ensure integrity.
The scandal led to a dramatic moment when the Registrar of the Joint Admissions and Matriculation Board (JAMB), Prof. Is-haq Oloyede, broke down in tears while admitting technical errors had affected scores. While JAMB initially pointed to glitches, the probe points to a more sinister cause: deliberate, tech-driven fraud facilitated by the operators of so-called “miracle centres.”
According to the investigation, the entire operation relied on collusion from within. A hacker with a decade of experience, identified only as Ahmed, explained that centre operators supplied the crucial key: the Internet Protocol (IP) address of their local server.
“There are some centres that make their IPs available to hackers. With this, they are able to penetrate and gain access to questions and login details of candidates,” Ahmed stated.
This access allowed hackers to orchestrate a seamless fraud. Candidates would physically be present at the centre to pass biometric checks. Once logged in, hackers would remotely log them out. Outside, hired mercenaries would then take over their exam portal.
“While the questions are being answered by the mercenaries, we ask the candidates to time themselves for 20 or 25 minutes, then complain that their systems logged them out,” Ahmed detailed. “By the time they notify the examiners at the centres, we are already done answering the questions for them… They only need to click on ‘Submit.’”
An education consultant in Badagry corroborated the story, emphasising that an insider was essential. “This would be impossible without an insider from the centres… These people are being paid millions of naira.”
A CBT operator in Lagos confirmed that centre owners are often complicit, turning a blind eye because they profit hugely from the arrangement. “The owners of the centres know that their servers are compromised but they wouldn’t do anything about it because they are profiting from the fraudulent activities,” he said.
In response, JAMB spokesperson Fabian Benjamin clarified that the board’s main website was never breached, shifting the blame squarely onto the local networks of compromised centres.
“Our systems are locally connected. It is through a Local Area Network, not Internet-enabled… what some individuals claimed to hack was the local server of some centres in connivance with owners of such places,” Fabian said.
The fallout has been significant. The DSS and Police have arrested over 20 suspects, and JAMB has inaugurated a 23-member committee to investigate over 6,458 cases of tech-enabled malpractice. However, as stakeholders like Taiwo Folorunsho of Campusinfo Consult Limited argue, a lasting solution requires a comprehensive technological upgrade from JAMB to stay ahead of the hackers and eliminate the vulnerabilities that insiders are all too willing to exploit.