Claim EFCC website volatile, misleading

Getting your Trinity Audio player ready...

Daniel Ojukwu

Claim: A man claims that because ports 21, 80, and 443 are open on the EFCC website, anyone can easily hack and delete data.

Verdict: Misleading. DUBAWA spoke with cybersecurity experts and reviewed port security to find that an open port is not always vulnerable.

Full Text

On May 9, an X user, @iam_enriched, shared a video (archived here) of a man alleging that the website of the Economic and Financial Crimes Commission (EFCC), Nigeria’s federal anti-graft agency, was susceptible to attacks.

‘EFCC database is weak, can be deleted’ is superimposed on the video as the unnamed man speaks first about how the fraudulent CBEX platform has open ports, and then about how the anti-graft agency investigating it also had open ports.

“How can we explain that EFCC’s website is not secure? How come a government institution’s database is not secure? This is the Port 80 TCP of CBEX. This is where they get your information from. It is open. cbex.cx is even more secure. They actually uploaded their website on Cloudflare, which is one of the strongest firewalls to protect their website,” he claimed.

“This is efcc.gov.ng. If you look at the port of EFCC, it has port 21 open, port 80 is open, 443 is open…. What does this mean in the world of cybersecurity? When port 21 is open, it simply means that it is an FTP port. This means they are uploading people’s data. It means if they catch a fraudulent person, they send your data. They did not close the outbound,” he added.

He claimed anyone with little hacking skills can delete their information from the EFCC database. 

The post by @iam_enriched as of May 23 has received thousands of engagements, including over 1,200 likes, 490 reposts, 194 replies, and 784 bookmarks.

This claim suggests that the EFCC’s website puts users’ data at risk of a hack and is susceptible to abuse by persons with criminal intent. This major concern prompted us to verify. 

Verification

DUBAWA performed an online search to verify what ports 21, 80, and 443 were. We found that Port 21 connects two computers, allowing Port 20 to share data.

As mentioned in the video, FTP refers to File Transfer Protocol, a protocol that allows file-sharing.

Nord VPN, a globally recognised Virtual Private Network, describes Port 80 as “the default network port for web servers using HTTP. It operates on the application layer of the TCP/IP networking model and serves as the communication gateway for HTTP requests and responses between client computers and servers.

“Whenever a web browser requests a web page from a server, it typically uses Port 80.”

The platform does, however, warn that “Port 80 is often a target for cyberattacks, including unauthorised access, data interception, and other malicious activities. Due to this, it’s essential to secure Port 80 and monitor and control the traffic passing through it.”

It does not say anything about closing the port.

Nord VPN says that Port 443 is similar to Port 80, but while Port 80 allows for transmission of unencrypted data, Port 443 deals with encrypted data, keeping it hidden and inaccessible to anyone with unauthorised access.

To further confirm how risky it was that the EFCC’s website had these ports open, DUBAWA spoke with Madumere Chukwuka, PhD, a cybersecurity expert and researcher at King’s College, London.

Chukwuka said the video did not expose any lapses, as having the ports open does not reflect any gaps until they are exploited.

“Just because ports like 80 (HTTP), 443 (HTTPS), and 21 (FTP) are open doesn’t automatically mean there’s a vulnerability,” he explained. “These are standard service ports required for websites (80/443) and file transfers (21).

“What really determines if a system is vulnerable is how securely these services are configured and whether they’re running with known vulnerabilities.

“For example, Port 443 isn’t a problem unless the HTTPS server is misconfigured or uses outdated Transport Layer Security (TLS) versions. Port 21 is only risky if anonymous access is allowed or if weak credentials are used. Port 80 isn’t inherently vulnerable, but running outdated web applications could be.

“So, the presence of open ports just shows that services are reachable—it’s the service vulnerabilities and weak configurations behind them that matter for security.”

Chukwuka further explained that ports operate like doors and are not porous on their own unless the framework behind them is weak.

“Think of open ports as doors; they only become a problem if what’s behind them is weak or exposed. So yes, unpatched versions and misconfigurations can be exploited, but simply having the port open isn’t enough for an attack,” he added.

Adebisi Mololuwa, an Information Security Analyst and instructor at Torilo Academy, agreed with Chukwuka’s submission. 

He said, “The post is misleading and lacks a fundamental understanding of cybersecurity concepts. The creator of the video clearly doesn’t grasp how open ports and security measures actually work.”

Conclusion

The claim that the open ports meant the EFCC’s website was susceptible to cyberattacks is misleading. Open ports are common for websites, and weaker frameworks are needed for a website to be vulnerable.