[ISN] Fighting cyber crime in Nigeria
InfoSec News
isn at c4i.org
Thu Jun 8 05:04:17 EDT 2006
http://www.tribune.com.ng/08062006/infosys2.html
By OLUWASEUN AYANTOKUN
Info Systems
Lagos
8th June, 2006
When efforts are being made to remove the rebellious shoot of the
proverbial tump, it obstinately sprouts another.So is cybercrime,
which has continued to grow by leaps and bounds, just as the
government frantically keeps on fighting financial crimes. hile the
war is yielding results by enhancing the image of Nigeria
abroad,cybercrime has continued to dent it. The Internet creates
unlimited opportunities for commercial, social and educational
activities. But as we can see with cybercrime, the net introduces its
own peculiar risks.
The convenience associated with IT and the Internet is now being
exploited to serve criminal purposes. Cybercrime covers internet fraud
not just online 419 - the use of computers and or the internet to
commit crime. Computer-assisted crime include e-mail scams, hacking,
distribution of hostile software (viruses and worms), denial of
service attacks, theft of data, extortion, fraud and impersonation.
Recently, a report indicated that Nigeria is losing about $80
million(N11.2 billon) yearly to software piracy.The report was the
findings of a study, conducted by Institute of Digital
Communications(IDC), a market research and forecasting firm, based in
South Africa, on behalf of Business Software Alliance of South Africa.
As it is now, cybercrime is an image nightmare for Nigeria.When you
come across phrases like "Nigerian scam", the assumption that crosses
your mind is that all (or conservatively, most) scam emails originate
from Nigeria, or Nigerians.
In 2004, the federal government established a cybercrime working
group,the Nigeria Cyber Working Group(NCWG),with the purpose of aiding
Nigeria's demystification of the hydra-headed monster.The NCWG is an
Inter-Agency body made up of all key law enforcement, security,
intelligence and ICT agencies of government, plus major private
organisations in the ICT sector.
Some of these agencies include the Economic and Financial Crimes
Commission (EFCC), Nigeria Police Force (NPF), the National Security
Adviser (NSA), the Nigerian Communications Commission (NCC),
Department of State Services (DSS), National Intelligence Agency
(NIA),Nigeria Computer Society(NCS), Nigeria Internet Group(NIG),
Internet Services Providers' Association of Nigeria (ISPAN); National
Information Technology Development Agency (NITDA), and Individual
citizens representing public interest. The working group has two
chairpersons and one coordinator.
The duties of the Working Group include: Engaging in public
enlightenment programs, building institutional consensus amongst
existing agencies, providing technical assistance to the National
Assembly on cyber crime and in the Drafting of the cyber crime act;
laying the groundwork for a cyber crime agency that will eventually
emerge to take charge of fighting cyber crime in Nigeria. In addition,
the working group was tasked with the responsibility of working with
global cyber crime enforcement agencies in the USA , the UK and other
countries, who are at fore-front of fightingcyber crime.
All this has quite created a lot of talk about fighting cybercrime
without a significant result to show for it.Early this year, an
on-line news magazine doubted Mr Nuhu Ribadu, the executive chairman
of the Economic and Financial Crimes Commission, who vowed that
Nigeria would"deal fatal blow" to cybercrime networks? According to
Mr. Ribadu, Nigeria "will monitor cybercafes and take on a
'significant' number of cases against such criminals based in Nigeria"
The news magazine,InfoSec News queried,"prosecution of cyberscams is
fine, but are there sufficient laws for this? If there are laws, why
weren't they enforced so far, and if there are no laws, why is this
not the first step?" How effectively then can the war against
cybercrime be prosecuted since there is an awareness of the menace it
poses to society? "Fighting cybercrime requires not just IT knowledge
but IT intelligence on the part of the security agencies.
For now,there is an IT security divide - a serious shortage of skills
to deal with the threats associated with IT. Shouting and moaning
about cybercrime isn't enough. All the talk is meaningless unless the
gap is closed. Security agencies need to be equipped with the skills,
the know-how and the insight necessary to fight cybercrime
effectively.While resources are needed to fight the menace, it is
imperative to avoid the misdirected approach of'throwing money' at the
problem. The approach must be based on policies and strategies. Such
policies must be based on knowledge. Knowledge not just for the
operatives, but also for those that will commit resources. For
example, do the decision makers have any REAL, PRACTICAL appreciation
of technology, not to talk of cybercrime? What is their stake on the
basics of information security in today's high-tech, business
environment? The cybercriminals seem to have the technology advantage.
"Essentially, cybercrime is information and intelligence- based
activity. You cannot fight cybercrime with ignorance, strong
directives or boastful talk, Mr Jide Awe, an ICT expert, said in a
conference paper presented in 2004. Furthermore, legislation needs to
keep pace with e-crime, especially as it becomes more prevalent and
sophisticated. "Apart from awareness and culture, security measures
(technical and non technical) will need to be put in place and
enforced, as part of the solutions. This might involve raising
penalties and increasing the seriousness of e-offences. The right
culture should create a high level of awareness amongst stakeholders",
added the ICT expert.
Cybercrime cannot be divorced from the prevalent high level of
corruption and wide spread poverty and unemployment in the Nigerian
society.Heavier punishments and enlightenment, closing down cyber
cafés, issuing draconian directives may therefore not be meaningful
without addressing the causes. To fight crime you attack the causes of
crime.Littlewonder then that after the initial excitement after the
set up of the NCWG and some spineless fight by the security agencies,
the noise died down.
Also in terms of strategy, it is crucial to thoroughly address issues
relating to enforcement whenever the bill before the National Assembly
to curb the crime is passed into law. "Mishandling of enforcement can
backfire. Enforcement can only work if it avoids harassment, abuse of
privacy and extortion. Care must be taken not to throw out the baby
with the bath water. Don't create a situation where genuine users of
the Internet are frustrated out and unable to benefit from the
Internet.In today's world, computing tools and the Internet are used
to effectively promote social development and business growth.
Strategies must strike a balance between security concerns and other
developmental needs",Mr Awe suggested.
In April, at Heinrich Boll Foundation (HBF) Conference Hall where some
stakeholders in the ICT industry gathered to discuss how to facilitate
information security, reduce security breaches, and steps to contain
cyber crime in Africa,Dr. Martins Ikpehai, chief executive officer,
Computer Audit andSecurity Associates Ltd, Lagos stated that"Computer
security and cyber crime awareness should be created with a view to
sensitising all users of the internet facility with the emerging
indicators of crime and fraud being committed through computer".
Other participants at the three-day conference agreed in various
papers presented that the law enforcement agencies and judiciary in
the continent have roles to play in devising ways of curbing internet
fraud and enhancing their skills in computer security and risk
management.The group was also hopeful that the Computer Security and
Cybercrime Bill it sponsored to the National Assembly, will be passed
on time and that its passage would mark the beginning of the war
against internet crime in the country.
Of course how far can the country go withiut an active legislation in
place?According to the participants,it is also very necessary for
relevant authorities to conduct survey and research with a view to
containing cyber-related crimes and computer security breaches.Mr Awe
who also paticipated at the conference charged the information
security expertise in the continent toidentify threats to computer
security, protect both internal and external threats among which human
error is a major concern which needs human approach. The situation on
the ground, therefore, shows the country still has a long way to go.
© 2004 - 2006 African Newspapers of Nigeria Plc.
More information about the ISN
mailing list