Nigeria And The Cyber Frontier In Crime, By Dele Agekameh
The advent of mobile phones in the early 2000 brought a great relief to Nigerians. However, the revolution in communication also brought with it some pains as some unscrupulous Nigerians quickly cashed in to peddle their nefarious trade – fraud. This was followed by the email, a communication system that has now relegated the old system of posting letters to the background. Email is faster; with the speed of electrical current you get your message across and also receive a response within minutes or even seconds. But, as it is, it is as if the more the growth recorded through technological advancement the more sophisticated the criminals around becomes. Hardly will a day pass without you receiving five, ten or more scam messages on your Blackberry phone, all designed to make you fall a “Mugu”, the underworld term for foolishness.
On December 19, 2013, I had my first raw deal with these crooks. I was in my house in Lagos sleeping when, at about 1:30am, I opened my eyes and saw my blackberry beeping. I quickly reached out to it. What I saw jolted me. My bank in America had sent me a mail to the effect that there was an “unusual activity” on my small account. Apparently, some smart alecs had cloned my Debit Card and were on a spending spree that night in far away New York city. I quickly called their information desk, which immediately put a lien on the account. Though the bank promptly did a refund and changed my card within a week, I am sure the whole thing originated from Nigeria and I seriously suspect someone who is very close to me as the brain behind the scam.
That was not all. Five months later, precisely on May 1, 2014, the crooks were at it again. This time, my e-mail account was hacked. This was purely a criminal act aimed at extorting money from people on my contact list, a commonplace occurrence in today’s digital world. Ordinary criminals with advanced to minimal computer know-how and time to spare can, in the comfort of their homes, rake in millions of other people’s hard earned money with the use of a simple computer and an internet connection. It is a reality of our world today.
In this case, a generic message was sent to everyone on my contact list, explaining that I was stranded in Rome with financial difficulties that a thoughtful loan of 950 Euros can fix, if the recipient would only be so kind. These messages went out at around 2.00am while I was fast asleep, with no difficulty, at my home in Lagos, Nigeria. The following morning, I was woken up by endless calls from friends who had received the message, much to my surprise. Little did I know that more surprises awaited me from the cunning cyber-criminals.
Promptly, the password was changed and the security questions reset, but it did not end there. Incoming mails had been cunningly re-routed to another email address set up solely for the purpose of this particular attack on my privacy, as I found out. My email account is “firstname.lastname@example.org” but mails had been set to be forwarded to “email@example.com” without even being retained by the original account. Attempts at signing into the compromised account proved abortive and may not have been possible but for the measures put in by Yahoo in such cases. It took answering security questions that were set back in 2009 to prove to the Yahoo mail service that the account was indeed mine, because it had been completely taken over by the criminals.
It literally took hours to purge my account of the attackers’ imprint, and measures are still being taken to ensure that nothing else has been compromised. A large amount of mails in my inbox were lost however. It later became clear that this was the modus operandi of these cyber criminals who operate from multiple locations around the world and have syndicates spread across continents. The account activity log showed that the breach originated in Netherlands and the operation somehow shifted to South Africa in a matter of minutes where the larger part of it took place. For these people, it is obviously a full-time job considering the kind of delicate, victim-specific operations they carry out.
Although Nigeria will make many lists of countries where most cyber frauds originate, there are worse countries on those lists like Egypt, Ukraine, Malaysia and even the United States (U.S.). It is a global phenomenon. The credit card rings are serious, and every financial institution in the world is a potential target. This, however, is a tip of the iceberg of cybercrimes, cyber-terrorism, espionage and cyber-conflicts in the modern world. Like in the physical world, where clandestine activities are not only carried out by criminals looking for ill-gotten proceeds, governments all over the world and other players are also involved in some of these activities on the internet.
Indeed, modern warfare has expanded into cyberspace. A big example is the group known as the “Shanghai Group”, which is said to be an arm of the Chinese military that has targeted U.S trade and critical infrastructure, collecting data discreetly through electronic means. U.S gas pipelines access, its power grid and companies like Coca-Cola have been reported to have been victims of this group. The U.S itself has been involved in Cyber-warfare. In collaboration with Israel in 2010, it developed a malicious software called “Stuxnet” and launched an attack on Iran’s Uranium enrichment program. In 2013, the U.S also joined a cyber-terrorism group called “Anonymous”, in league with South Korea, to attack “critical websites” in North Korea, including the state-owned network station.
As cyber-criminals and terrorists are on the increase, countries around the world too are raising cyber-warriors to protect themselves and, it must be said, attack others. Even in the midst of this international cyber-warfare, there are yet groups of hackers whose scope of activities cannot be determined but have attained global fame for their successful activities against all levels of organisations and governments. An outstanding example is the Chaos Computer Club in western Germany that hacked into the National Aeronautics and Space Administration’s (NASA) network in the United States and remained undetected for three months. Its “Trojan Horse”, which is a malicious computer program, was able to access over 135 computers across Europe. It is currently acting as a kind of non-governmental organization. In February, it filed a criminal complaint against the German government, accusing it of complicity with the U.S National Security Agency and British intelligence in spying on German citizens. The group also requested Edward Snowden, now famous (or infamous) U.S whistleblower, to be allowed a safe passage as a witness.
In a world where countries now sponsor “Trojan Horses” and collect confidential information secretly, in addition to the activities of criminals looking to make a quick buck and non-state players like “Wiki-leaks”, one only wonders where African countries are positioned on this new frontier. Currently, Nigeria still imports 90% of software used in the country and the 100 plus IT companies in Nigeria mainly engage in integration, maintenance and customisation services for commercial packaged software for public institutions, banks, and energy and telecom companies. No recognizable government’s interest in developing an airtight cyber-security unit to protect government information and the privacy of citizens. Where are our cyber warriors?
Nigerians who have picked up expertise and show promise in cyber security are picked up easily by foreign countries or have joined the criminals that have ensured inclusion of Nigeria on the least of countries with the most computer fraud cases. In saner climes, these individuals would be found, rehabilitated and drafted into the government efforts, where they exist, to protect the information of its citizens. On the new frontier of cybercrimes and terrorism, it appears that information is the currency, weapon and the target, and as such, its protection becomes the only concern. Now that banks, mobile communications companies and the government have stepped up efforts to collect information on users and citizens, the question is: Have they stepped up efforts to protect this data?