• When every call leaves a trail: Why can’t Nigeria still find kidnappers?

    When every call leaves a trail: Why can’t Nigeria still find kidnappers?
    Image source: Wunmi Eunice/TechCabal.

    Share

    Share

    On the morning of October 23, 2025, Gbolahan Olaniyi was settling into what seemed like another routine day on the farm he manages at Oke Ako Village at Ikole Local Government, Ekiti State, southwestern Nigeria. 

    From his small office, he worked through reports from the previous day’s harvest while, outside, more than 250 hectares of maize, soybeans and cassava stretched toward the horizon. Workers moved across the fields, tractors rumbled along dusty tracks, as the harvest season was in full swing.

    Then a tractor operator failed to return.

    At first, it seemed like a minor delay. Olaniyi tried calling him, but the call would not connect. Concerned, he climbed onto his office-assigned motorcycle and headed into the fields to find out.

    What he found was unsettling. The tractor stood at an odd angle, half-turned into the bush, as though it had been abandoned in a hurry. Olaniyi got off his bike, picked up a cutlass, and walked toward it. He called the driver’s name once. Then again.

    Silence.

    A whistle suddenly pierced the stillness.

    Seven armed men emerged from the trees on either side of the path, AK-47 rifles in hand. The tractor driver had already been captured. He had been shot in the hand and tied to a tree. The abandoned tractor was bait. Olaniyi had walked straight into an ambush.

    “The kidnappers took everything from me—my phone, face cap, nose mask and even my customised farm boots,” Olaniyi recalled. The boots, supplied through a state government programme, carried identifying marks. “They cut out the markings before wearing them themselves.”

    Within minutes, the two men were being marched deeper into the forest.

    “There were about 15 local vigilantes and security personnel assigned to the farm, yet the kidnappers still took us into the bush,” he said. 

    Escape from kidnapper’s den Day: Left Picture -Olaniyi Gbolahan Emmanuel at Ifaki-Ikole-Omuo Road, Ikole, Ekiti at 09:12AM, December 2; Right Picture: At Federal Road F215 Owo-Tegina, Yagba, Kogi State, Nigeria, AT 06:13 PM, December 2, 2026. Image source: Gbolahan Olaniyi.

    What followed was a 42-day ordeal through remote forests spanning multiple states. Olaniyi and other captives were forced to trek for hours, sleep in makeshift camps, and endure constant threats and the instant execution of four kidnapped victims who tried to run away from the heavily armed kidnappers. 

    In one case, Olaniyi said he was forced to dig a shallow grave to bury one of the victims. Throughout the ordeal, one thing stood out: the men holding them captive relied heavily on mobile phones.

    They beat hostages while forcing them to speak to their families on video calls, using the scenes of violence to pressure relatives into paying ransoms. In one conversation with Olaniyi’s employer, the gang demanded ₦100 million ($73,566) for his release. 

    They constantly requested airtime and mobile data to keep their phones active. At one point, a kidnapper handed Olaniyi a phone and instructed him to buy ₦10,000 ($7.36) worth of data for two mobile numbers. For a fleeting moment, Olaniyi held something investigators often struggle to obtain: a direct line to one of the men holding him captive.

    Yet even with phone numbers, calls, and other digital footprints, the kidnappers remained beyond the reach of authorities. No rescue came for Olaniyi or the other captives. Gbolahan’s mother and relations were forced to pay ₦30 million ($21,955) in ransom on the pretense of his release. After the ransom arrived in cash, the kidnappers refused and demanded more money. 

    Their freedom only arrived on December 2, 2025, when Olaniyi said he and four others escaped after a dispute over ransom proceeds prompted their guards to abandon their post.

    “Once we were free, we avoided the front of the camp, where the kidnappers were sleeping, and slipped out through the back of the hill instead. Then we ran into the forest,” Olaniyi said. “We were incredibly fortunate that night because there was a bright full moon. It was December 2, and the moonlight helped us find our way as we escaped through the bush.”

    That contradiction lies at the heart of one of Nigeria’s most enduring security puzzles. Kidnappers rely heavily on telecommunications networks to run their operations. They call victims’ families, negotiate ransoms, send messages, make video calls, buy airtime, and increasingly use digital payment channels. Each interaction generates data. Every call leaves a trace. 

    Yet despite this growing digital footprint, hundreds of kidnappings occur every year, and relatively few perpetrators are identified or prosecuted through telecommunications evidence alone.

    Research firm SBM Intelligence recorded 7,568 people abducted in 1,130 kidnapping incidents between July 2023 and June 2024. The report estimated that kidnappers demanded about ₦10.9 billion ($7.98 million) in ransom during the period.

    For many Nigerians, that reality is difficult to reconcile. In a country where SIM cards are linked to National Identification Numbers (NINs), telecom operators collect extensive subscriber data, and many people believe that security agencies have legal authority to access call records and location information, tracking kidnappers should seem straightforward.

    The gap between what technology can theoretically enable and what happens on the ground is often far wider than it appears.

    “Effective tracking relies heavily on seamless coordination between military intelligence, civil security agencies, and telecommunication providers, which can introduce bureaucratic or technical delays when time is of the essence,” Edward Buba, former Director of Defence Military Operations at Defence Headquarters, told TechCabal on the telephone.

    The myth of the instantly traceable phone call

    Image source: TechCabal

    When kidnappers call victims’ families, many Nigerians assume security agencies can simply trace the number and locate them within minutes. Popular movies, crime dramas, and years of telecom expansion have reinforced the belief that every phone call leaves an immediate digital trail leading directly to a suspect’s location.

    The reality is far more complicated.

    Nigeria’s security agencies have extensive legal powers to access telecommunications data. Under the NCC’s Lawful Interception of Communications Regulations, law enforcement agencies can obtain subscriber information, call records, location data, and, where legally justified, intercept communications during criminal investigations.

    But having access to telecommunications data is not the same as having the ability to pinpoint a caller’s location in real time.

    Although the law empowers security operatives, Rotimi Akapo, Partner and Head of the Telecommunications, Media, and Technology Practice at Advocaat Law Practice, a Lagos State-based commercial law firm, clarified that security operatives needed more than kinikan kinikan for that to happen. 

    “These limitations include due process requirements that require compliance with legal procedures, including obtaining appropriate authorisations,” Akapo told TechCabal via telephone. 

    “This is necessary to balance national security interests with constitutional privacy rights. As a result, security agencies cannot lawfully engage in unrestricted surveillance of every citizen’s communications.”

    Instead, law enforcement agencies rely on tools such as call records, mobile network location data, communication histories, and intelligence from different sources, including individual eyewitnesses. 

    These can help them determine where a suspect was, who they communicated with, and the people they may be connected to. But they do not provide the instant, pinpoint tracking that many people assume is possible.

    A phone number alone does not automatically reveal where someone is standing at a particular moment, according to several security experts.

    That reality became clear to Olaniyi during his captivity. He recalled that he overheard one of the kidnappers speaking on the phone with someone in Patigi, a town in Kwara State near the River Niger.

    “After I regained my freedom, I checked Google Maps,” he said. “From where we were being held, we never even moved in that direction. That showed me just how vast the area is and how difficult it would be for anyone to track them.”

    For law enforcement agencies, finding kidnappers is rarely as simple as following a single digital clue. Instead, it involves piecing together information from different sources to build a clearer picture of who they are and where they might be. That process can take hours, days, or even longer.

    The criminals have adapted

    Image source: TechCabal

    Security experts who spoke to TechCabal noted that the challenge was not that Nigeria’s security agencies lacked tracking tools. The bigger problem is that kidnappers and other non-state actors have become increasingly sophisticated in how they evade detection.

    Dengiyefa Angalapu, a research analyst at the Centre for Democracy and Development (CDD), an Abuja-based non-profit policy advocacy think tank, said many Nigerians assume that linking SIM cards to the National Identification Number (NIN) should make it easy to trace kidnappers. 

    In reality, while telecom operators keep detailed call records—including the numbers involved, call duration, timing and frequency of communication—those records alone rarely reveal a criminal’s real identity or location.

    “In many cases, kidnappers do not use their own phones. They often use the victim’s phone to contact family members and negotiate ransom payments,” Angalapu said.

    As a result, law enforcement agencies analysing call records frequently end up seeing the victim’s contacts rather than information that leads directly to the kidnappers. Even when criminals use their own devices, they often rely on SIM cards registered in other people’s names or dedicate specific numbers solely to ransom negotiations.

    Nigeria is not alone in requiring SIM registration. Kenya and South Africa also mandate that SIM cards be linked to verified identities, with Kenya validating registrations against a government database and South Africa enforcing the process under its Regulation of Interception of Communications Act (RICA). By contrast, the United Kingdom does not require identity verification for prepaid SIM cards, while the United States generally requires identity checks only for postpaid mobile contracts.

    Security agencies can also use cell-site analysis to estimate the location from which a call was made by identifying the telecom towers that handled it. But kidnappers have adapted to this as well.

    “Many groups deliberately travel away from their hideouts before making ransom calls,” Angalapu explained. “They might move several kilometres away, make the call, and then return to where they are holding the victim.”

    In some kidnapping networks, the person negotiating the ransom may even be operating in a different state from those guarding the hostages. Such division of roles makes tracking and disruption far more difficult.

    Geography adds another layer of complexity, according to Angalapu. While telecom-based location tracking can be relatively precise in cities with dense tower networks, rural areas present a different challenge. A single telecom mast may cover dozens of kilometres of farmland, forests and rugged terrain.

    “Knowing that a phone connected to a particular tower does not necessarily tell you where the kidnappers are,” Angalapu said. “It may only narrow the search to a very large area.”

    At the same time, criminals are increasingly moving their communications to encrypted platforms such as WhatsApp, Telegram and Signal. Although investigators can sometimes access metadata, end-to-end encryption makes it much harder to obtain the content of conversations.

    The challenge becomes even greater when dealing with insurgent and extremist groups.

    According to Aliyu Dahiru, Northwest Editor and Head of Radicalism and Extremism Desk at HumAngle, a media publication that covers conflict across Nigeria, terrorist groups such as Boko Haram and  Islamic State West Africa Province (ISWAP) have developed far more advanced digital capabilities than many people realise.

    “It is important to distinguish between different types of armed groups operating in Nigeria,” Dahiru said. “Groups such as Boko Haram and ISWAP are far more sophisticated when it comes to technology than many people realise.”

    Some of these terrorists have built expertise through years of interaction with international extremist networks, learning how to use encryption, secure communication channels and digital tools to avoid detection.

    “ISWAP, in particular, has members with significant technical expertise,” Dahiru said. 

    “Some have links to broader Islamic State (ISIS) networks and have learned how to use digital tools, encryption and online platforms in ways that can make detection difficult.”

    In some cases, the groups even develop their own coded communication systems. While reporting the terrorists, Dahiru said he found that symbols and emojis can carry hidden meanings understood only within those networks. 

    “Take the emoji with the red face, for example. It originally represents someone whose face has become hot after eating chilli peppers,” Dahiru said. “But people use it differently. If someone—especially a woman—looks very attractive, many people use that emoji to say, “You look so beautiful” or “You’re so gorgeous.” It has taken on a completely different meaning in everyday conversation.”

    The limits of NIN-SIM registration

    Image source: TechCabal

    When Nigeria began implementing the mandatory NIN-SIM linkage in April 2022, the government said it would become a powerful weapon against kidnapping and other crimes. The logic is that if every phone number is tied to a verified identity, criminals would have nowhere to hide.

    Reality has proved far more complicated.

    The policy has improved subscriber identification by making it easier to determine who is officially associated with a SIM card. But according to telecommunications lawyer Rotimi Akapo, expectations about its impact on security may have been overly optimistic.

    He argues that the NIN-SIM linkage policy was never designed to solve Nigeria’s broader security challenges. While linking SIM cards to verified identities has improved the quality of subscriber records, it addresses only one part of the problem.

    “NIN-SIM linkage solves an identity problem, not a crime problem,” he said.

    He argued that kidnappings, terrorism and other forms of organised crime are driven by factors far beyond identity verification, including weak intelligence gathering, porous borders, arms trafficking, insurgency financing and gaps in law enforcement. 

    He added that even a registered SIM card does not necessarily identify its actual user, as identity theft, proxy registrations, fraudulent enrolment, pre-registered SIM cards and weaknesses in the quality and accuracy of identity data continue to provide loopholes that criminals can exploit.

    The National Identity Management Commission (NIMC), however, says the solution is not to create a single mega-database, but to improve how government systems communicate with one another. 

    “The National Identification Number (NIN) and the Bank Verification Number (BVN) serve different statutory and operational purposes,” NIMC told TechCabal in response to questions. 

    “Rather than creating a new identifier, the government’s strategy focuses on secure linkage and interoperability between NIN and BVN through approved data-sharing frameworks, legal mandates, privacy safeguards, and standardised identity verification services.”

    According to the commission, achieving that interoperability remains challenging because of issues such as data governance, regulatory alignment, cybersecurity requirements, privacy protections, and the integration of legacy government systems.

    NIMC also said that significant safeguards have been built into Nigeria’s identity infrastructure to reduce fraud and strengthen trust in the system. 

    “NIMC’s identity ecosystem incorporates biometric deduplication, secure identity validation processes, encryption technologies, access controls, data integrity protections, and continuous monitoring mechanisms,” the commission said. 

    “The Commission also evaluates emerging technologies and international best practices to strengthen resilience against identity fraud, synthetic identities, presentation attacks, and unauthorized use of personal information.”

    From the telecom operators’ perspective, the challenge is not a lack of cooperation. 

    Gbenga Adebayo, President of the Association of Licenced Telecommunication Operators of Nigeria (ALTON), said telecom companies routinely provide information requested by security agencies and remain an active part of investigations.

    “When required, we provide the information that is needed. We are making the information available at all times,” Adebayo told TechCabal in a phone conversation. 

    “There are different layers to security. We can only support them. The matters are more complex because they involve intelligence and security operations.”

    Adebayo added that while public attention often focuses on cases where criminals evade capture, there have also been numerous successful operations enabled by collaboration between telecom operators and security agencies. However, those successes are often overshadowed by the more visible failures.

    Technology cannot replace intelligence

    Image source: TechCabal

    Perhaps the biggest misconception about kidnapping investigations is the belief that telecommunications data alone can solve them. While phone records, location data and digital surveillance tools can provide valuable leads, experts say they are only one part of a much larger intelligence puzzle.

    Angalapu noted that successful rescue operations typically combine telecommunications analysis with human intelligence, surveillance, informant networks, local knowledge and careful operational planning.

    “The challenge is not that security agencies lack tracking tools,” he said. “The challenge is how effectively those tools are integrated into broader intelligence and operational efforts.”

    Nigeria has spent heavily on surveillance technology in recent years. A study by the Institute of Development Studies found that the country was Africa’s largest purchaser of AI-powered surveillance systems, spending an estimated $470 million on technologies such as facial recognition and automatic number plate recognition as part of a wider continental investment in digital monitoring infrastructure. 

    While the full scope of those capabilities remains largely outside public view, Angalapu said security agencies often possess far more intelligence than many Nigerians realise.

    “I have been in rooms where security agencies said they had intercepted phone calls and radio communications from terrorists,” he said. 

    “I have also heard officials say they know where some of these groups are operating but are concerned about the potential for collateral damage if military action is taken, particularly when hostages are being used as human shields.”

    That gap between identifying a suspect’s location and deciding how to respond helps explain why advanced tracking tools do not always lead to swift rescue operations. 

    In many kidnapping cases, security agencies may have intelligence pointing to where criminals are operating, but acting on that information requires careful assessment of the risks to hostages and surrounding communities.

    “The Commission continues to enhance system automation, service availability, and secure integration capabilities to support faster identity verification responses for legitimate security operations,” the commission noted. “Specific operational timelines may vary depending on the nature of the request, authorisation requirements, and applicable legal processes.”

    For Maurice Magaji, Niger State’s Commissioner for Homeland Security, however, the conversation extends beyond technology and tracking capabilities. He argues that discussions about security often overlook the rights of communities that live under constant threat from bandits and kidnappers. 

    While public attention frequently focuses on the risks of collateral damage during security operations, Magaji said equal attention should be paid to the rights of villagers whose communities are attacked, whose livelihoods are destroyed, and whose family members are abducted or killed.

    “There is often concern about what happens when security agencies act,” he said. “But what about the rights of people whose communities are invaded, whose cattle are stolen, and whose loved ones are murdered? Those rights matter too.” 

    Niger state’s Borgu local government area was the site of an attack on November 22, 2025, when more than 300 schoolchildren and their teachers were kidnapped from a Catholic school. On January 3, 2026, gunmen raided Kasuwan Daji community in Niger State, killing over 30 people.

    According to Magaji, the growing sophistication of criminal groups has made rescue operations far more complex than many Nigerians realise. Bandits now deploy advanced tactics, operate across large territories, and in some cases use explosives and coordinated networks that complicate military responses. 

    Even when authorities possess intelligence on where criminals may be operating, launching an operation without careful planning can endanger hostages and civilians alike.

    “The challenge is not always knowing where these groups are,” he said. “The challenge is how to act in a way that protects innocent people.”

    For that reason, Magaji believes technology must be complemented by community cooperation, intelligence sharing, and coordinated action across security agencies. 

    Tracking tools may help narrow the search, but restoring security ultimately depends on combining digital intelligence with local knowledge and operational judgment.

    “There is also an international dimension to this conversation,” he said. “Bandits attack communities, kill people, rape women and destroy livelihoods, yet there is often limited attention paid to the rights of those victims. Instead, discussions frequently focus on human rights concerns when there is collateral damage during security operations.”

    He pointed to incidents in which armed groups invade villages, steal cattle and terrorise residents while local communities are left with few means of defending themselves.

    The persistence of insecurity, he argued, raises broader questions about how criminal networks sustain themselves. 

    In parts of Niger State, authorities have observed armed groups operating with expensive equipment and brand-new motorcycles, suggesting access to funding and logistical support that remains poorly understood.

    “The level of sophistication we see among some of these criminal groups raises important questions about how they are being sustained,” Magaji said.

    For Angalapu, improving the governance of Nigeria’s surveillance infrastructure may be just as important as investing in new technologies. Intelligence becomes most valuable when it can move seamlessly between agencies and be converted into action on the ground.

    “If that intelligence can be shared effectively across the police, military, forest guards and other security actors, it could significantly improve operational outcomes,” he said.

    A recurring criticism of Nigeria’s identity ecosystem is the risk posed by rogue Front-End Partners (FEPs)—third-party entities licenced to act as the consumer-facing interface, and other third parties involved in citizen enrolment and verification. 

    NIMC said it has strengthened oversight mechanisms designed to detect and prevent abuse, including transaction monitoring, activity logging, anomaly detection, compliance audits, role-based access controls, and strict credential management policies. 

    “The Commission continuously reviews partner activities to identify unusual enrollment patterns, excessive verification requests, credential sharing, unauthorized access attempts, and other indicators of misuse,” NIMC said. It added that violations can lead to suspension, revocation of access, investigation, and, where necessary, prosecution.

    NIMC also said it has established procedures to respond to suspected data breaches or identity misuse, including investigations, remediation measures, coordination with relevant authorities, and stakeholder notifications when required. 

    Yet for many Nigerians, the effectiveness of these safeguards is judged less by the controls in place and more by outcomes on the ground. Despite years of investment in identity systems, surveillance technologies, telecommunications monitoring, and intelligence-gathering capabilities, kidnapping remains one of the country’s most persistent and difficult security challenges.

    “The investment appears to be there, and some capabilities clearly exist,” Angalapu said. “The question is whether those investments are producing measurable security improvements.”

    For Magaji, that is why citizens also have a role to play.

    “That is why we continue to urge citizens to work with us, share information and support efforts to restore peace and security,” he said.

    In the end, every phone call may leave a digital trail. But finding kidnappers still depends on something technology alone cannot provide: actionable intelligence, effective coordination, local cooperation and the ability to translate information into successful operations without putting lives at greater risk.