The numbers tell a staggering story: N7.7 billion in stolen airtime and data, 400 seized laptops, 1,000 confiscated phones, and six suspects now in custody. What unfolded wasn’t a smash-and-grab operation but a sophisticated cyber heist that exploited Nigeria’s telecommunications infrastructure from the inside.
The Nigeria Police Force National Cybercrime Centre dismantled the fraud syndicate after a telecommunications company reported suspicious activity within its billing and payment systems. What investigators discovered was a breach that turned digital airtime into cold, hard cash.
How They Did It
The fraudsters compromised internal staff login credentials, granting themselves unlawful access to the company’s core systems. With those stolen keys to the kingdom, they manipulated the infrastructure designed to distribute airtime and data across millions of Nigerian subscribers.
Following weeks of intelligence-gathering, coordinated raids swept through Kano and Katsina states in October 2025, culminating in a final arrest in the Federal Capital Territory. Six suspects were apprehended: Ahmad Bala, Karibu Mohammed Shehu, Umar Habib, Obinna Ananaba, Ibrahim Shehu, and Masa’ud Sa’ad.
The Spoils of Fraud
The police also dismantled an empire built on stolen digital resources. Officers recovered two residential houses in Kano, two mini-plazas, retail outlets packed with over 400 laptops and roughly 1,000 mobile phones, plus a Toyota RAV4. Investigators also traced substantial funds sitting in the suspects’ bank accounts, all allegedly proceeds from the fraud operation.
The scale suggests this wasn’t amateur hour. Operating retail outlets stocked with hundreds of devices points to a well-organised distribution network, likely reselling the stolen airtime and data through seemingly legitimate storefronts.
What Happens Next
The suspects await formal charges once investigations wrap up. Inspector-General of Police Kayode Egbetokun praised the operation and reaffirmed the force’s commitment to protecting Nigeria’s digital and financial ecosystems.
This case highlights a troubling vulnerability: when insiders become threats, no amount of external security matters. The breach didn’t require hacking prowess; just stolen credentials and knowledge of where to strike.
