Several operators of Computer-Based Test centres accredited by the Joint Admissions and Matriculation Board (JAMB) have been implicated in widespread malpractice during the last Unified Tertiary Matriculation Examination (UTME).
Findings has revealed that these operators provided sensitive technical details to hackers, who infiltrated servers and manipulated the exams.
In May, JAMB suffered severe technical glitches that disrupted the 2025 UTME, resulting in mass failures as 1.5 million of 1.9 million candidates scored below 200 out of 400 marks.
The situation sparked outrage when JAMB Registrar, Prof. Is-haq Oloyede, broke down in tears on May 14, admitting that technical errors had affected candidates’ scores.
Authorities later arrested at least 20 suspects in Abuja, including hackers accused of breaching CBT centres’ servers.
By June, JAMB warned of rising use of Artificial Intelligence to impersonate candidates and exploit albinism claims to cheat the system.
In July, data from JAMB’s 2025 policy meeting exposed Imo and Anambra CBT centres as the worst offenders in fingerprint-pairing fraud.
Nationwide, 19 centres were caught: Anambra had six, Imo four, Abia and Edo one each, Kano two, while Ebonyi, Delta, Kaduna, Rivers, and Enugu recorded one centre each.
In August, JAMB announced that 6,458 candidates were under investigation for tech-driven malpractice during the 2025 UTME. A 23-member Special Committee on Examination Infraction was inaugurated to submit findings within 21 days.
Hackers revealed that so-called “miracle centres” — which guarantee candidates’ success — played a role in these glitches.
A veteran hacker, identifying himself only as Ahmed, explained that JAMB’s fight against malpractice was weakened by CBT operators’ collusion.
Ahmed revealed that centre operators provided hackers with Internet Protocol (IP) addresses to gain undetected access to servers, enabling mercenaries to take exams for candidates.
An IP address is a unique set of numbers assigned to devices connected to networks using Internet Protocol.
Ahmed explained, “There are some centres that make their IPs available to hackers. With this, they are able to penetrate and gain access to questions and login details of candidates. There is no way they can monitor all the IP addresses in Nigeria.
“While candidates are physically present at CBT centres, hired mercenaries remain outside with remote access to the centres’ servers to write the exams on their behalf.”
Candidates are deliberately logged out during the process to allow mercenaries to take over, with instructions to remain silent when their systems log out.
Ahmed added, “While the questions are being answered by the mercenaries, we ask the candidates to time themselves for 20 or 25 minutes, then complain that their systems logged them out. During this period, we already have access to their portals and are helping them attempt the questions with mercenaries.
“By the time they notify the examiners at the centres, we are already done answering the questions for them. When they are logged in again, they will see that all the questions have been answered. They only need to click on ‘Submit,’ and that is the end.
“The only thing we use to run this is just to get the IP address and insert some codes, which are simply numeric. After that, we input the digits, and that is all. This enables us to have access to anything related to the JAMB server.”
An education consultant in Badagry, Lagos, corroborated Ahmed’s revelations, confirming that compromised CBT operators enabled hackers to breach servers by supplying IP addresses.
He said, “This would be impossible without an insider from the centres. Without an insider, there is no way we could get the IP address to get it done. These are the backdoors to this activity. These people are being paid millions of naira. The parents of these candidates have already paid everything to the centres.
“There is nothing they can do to curb this malpractice; there will always be an insider who will show how to penetrate the server. Once we gain access to the server, our candidates already pass their exams because we will do it for them remotely.”
A Lagos-based CBT operator involved in the scheme admitted centres often knew their servers were compromised but ignored it due to profits.
He disclosed, “The owners of the centres know that their servers are compromised but they wouldn’t do anything about it because they are profiting from the fraudulent activities. The mercenaries are paying them huge amounts of money.
“These centres also have their contact persons in JAMB, who are like a backbone to them. The claim that JAMB’s technology is working against malpractice is not true. There are many students still being helped to pass their exams. What these people do is use the backdoor of a particular centre’s server to carry out their work seamlessly, using mercenaries to write the exams.
“JAMB is not even able to detect their faces or anything. Some of these people do not rely on insiders; they hack directly into the centre’s database.”
However, JAMB’s spokesperson, Fabian Benjamin, dismissed claims that its website could be hacked, clarifying that questions were not hosted online.
“Our systems are locally connected. It is through a Local Area Network, not Internet-enabled. So, no one can see it anywhere. No question has ever been on our website. The examination is not internet-enabled,” he said.
He added that local servers of some CBT centres were hacked in connivance with operators, not JAMB’s central systems.
Fabian explained, “There is no way somebody will see our questions, because they are like a text message in speed and delivery. We transmit our questions via a model to the centres, similar to that of a text message. It is a candidate’s biometric that grants access to the questions.”
Austin Ohaekelem, National President of the CBT Centre Proprietors Association of Nigeria, praised the JAMB registrar’s efforts to curb malpractice but insisted not all centres were fraudulent.
He noted that some genuine technical glitches were wrongly tagged as deliberate fraud.
Ohaekelem explained, “Somehow, there are still some glitches along the line either at the point of exam registration or during the exam that happened inadvertently. It is now being seen as a fraud and a deliberate act to sabotage the examination.”
He expressed concern over innocent CBT centres being blacklisted for unavoidable technical faults, citing biometric mismatches and registration network failures as examples.
Ogundokun Olufunso, Secretary of the Association of Tutorial School Operators in Oyo State, lamented candidates’ desperate tactics to bypass JAMB systems.
He said, “Sometimes, some students, out of desperation, connive with tech engineers. Sometimes, they do biometric manipulation. Other students fall victim without doing anything because when their biometric is not accepted, they will assume such a candidate is among those being investigated, and they will not let them sit the examination.”
Olufunso advised JAMB to strengthen internal checks to close loopholes enabling cheating.
Emehinola Omodara, Director of Toppers Coaching Centre in Ogun State, urged JAMB to “go back to the drawing board” to address systemic flaws fueling exam malpractice.
Similarly, Taiwo Folorunsho, founder of Campusinfo Consult Limited, stressed the need for JAMB to overhaul its technology to effectively combat cheating and operational lapses.
