Behind the Green Blood Breach: Senegalâs National ID System Held Hostage
A ransomware gangâs bold attack exposes cracks in Senegalâs digital identity infrastructure, raising urgent questions about data security and international cooperation.
In the sweltering heart of Dakar, the Directorate of File Automation (DAF) was supposed to be the silent guardian of Senegalâs most sensitive personal data. But last week, that fortress fell silent for a different reason: a devastating cyberattack by a shadowy group calling itself Green Blood Group. As the government scrambles to restore critical systems, nearly 20 million Senegalese citizens are left wondering if their identities are safe - or already in the hands of criminals.
Fast Facts
- Senegalâs ID management office (DAF) was forced offline after a ransomware attack.
- Hackers claim to have stolen 139 GB of citizen and biometric data.
- Malaysian firm IRIS, responsible for new digital IDs, confirmed a breach of two DAF servers.
- The DAF website remains down; operations suspended for at least five days.
- Green Blood Group, a new ransomware gang, has targeted at least five organizations since January.
The breach became public after DAF issued a stark warning: operations suspended, systems under siege. The warning came on the heels of Green Blood Group posting proof of their hack - samples of stolen records, biometric details, and immigration documents - on dark web forums. The hackersâ haul reportedly includes data that could enable identity theft, fraud, and even espionage.
At the center of this digital storm is IRIS Corporation Berhad, a Malaysian tech firm contracted to overhaul Senegalâs national ID cards. An internal email from IRISâs senior general manager, Quik Saw Choo, leaked by the hackers, paints a picture of chaos: two DAF servers breached, card personalization data exfiltrated, and emergency measures taken to sever network connections and change passwords. IRIS scrambled to contain the damage, coordinating with Malaysian cybersecurity experts and proposing an urgent mission to Dakar.
The attack has paralyzed DAFâs operations for days, leaving millions unable to access essential services tied to identity verification. Meanwhile, a simmering payment dispute between Senegal and IRIS casts a shadow over their partnership, raising questions about the risks of outsourcing national security assets to foreign contractors.
The Green Blood Groupâs emergence in January marks a worrying escalation in the global ransomware arms race. Their tactics mirror those used in recent breaches of government ID systems in Argentina and Estonia - an ominous sign that cybercriminals are increasingly targeting the backbone of national identity. Despite police assurances that data âintegrityâ remains intact, the publication of stolen samples tells a more troubling story.
As the DAF struggles to rebuild, the breach exposes a critical vulnerability: the intersection of outdated infrastructure, international supply chains, and motivated cyber adversaries. For Senegal, and nations worldwide, the lesson is clear - digital sovereignty can be lost with a single click.
Conclusion
The Green Blood breach is a wake-up call not just for Senegal, but for any country racing to digitize its most sensitive records. As governments entrust private firms and foreign partners with the keys to their citizensâ identities, the stakes - and the consequences - have never been higher.
WIKICROOK
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- Biometric data: Biometric data is unique physical or behavioral information - like fingerprints or facial features - used for secure identification and authentication in digital systems.
- Exfiltration: Exfiltration is the unauthorized transfer of sensitive data from a victimâs network to an external system controlled by attackers.
- Digital identity: A digital identity is the unique set of data and traits that represent a person, organization, or device online, enabling secure access and interaction.
- Supply chain risk: Supply chain risk is the threat that a cyberattack on one company can spread to others connected through shared systems, vendors, or partners.
