[ISN] Fighting cyber crime in Nigeria

[InfoSec News]

http://www.tribune.com.ng/08062006/infosys2.html

By OLUWASEUN AYANTOKUN
Info Systems 
Lagos
8th June, 2006

When efforts are being made to remove the rebellious shoot of the 
proverbial tump, it obstinately sprouts another.So is cybercrime, 
which has continued to grow by leaps and bounds, just as the 
government frantically keeps on fighting financial crimes. hile the 
war is yielding results by enhancing the image of Nigeria 
abroad,cybercrime has continued to dent it. The Internet creates 
unlimited opportunities for commercial, social and educational 
activities. But as we can see with cybercrime, the net introduces its 
own peculiar risks. 

The convenience associated with IT and the Internet is now being 
exploited to serve criminal purposes. Cybercrime covers internet fraud 
not just online 419 - the use of computers and or the internet to 
commit crime. Computer-assisted crime include e-mail scams, hacking, 
distribution of hostile software (viruses and worms), denial of 
service attacks, theft of data, extortion, fraud and impersonation.

Recently, a report indicated that Nigeria is losing about $80 
million(N11.2 billon) yearly to software piracy.The report was the 
findings of a study, conducted by Institute of Digital 
Communications(IDC), a market research and forecasting firm, based in 
South Africa, on behalf of Business Software Alliance of South Africa. 
As it is now, cybercrime is an image nightmare for Nigeria.When you 
come across phrases like "Nigerian scam", the assumption that crosses 
your mind is that all (or conservatively, most) scam emails originate 
from Nigeria, or Nigerians.

In 2004, the federal government established a cybercrime working 
group,the Nigeria Cyber Working Group(NCWG),with the purpose of aiding 
Nigeria's demystification of the hydra-headed monster.The NCWG is an 
Inter-Agency body made up of all key law enforcement, security, 
intelligence and ICT agencies of government, plus major private 
organisations in the ICT sector.

Some of these agencies include the Economic and Financial Crimes 
Commission (EFCC), Nigeria Police Force (NPF), the National Security 
Adviser (NSA), the Nigerian Communications Commission (NCC), 
Department of State Services (DSS), National Intelligence Agency 
(NIA),Nigeria Computer Society(NCS), Nigeria Internet Group(NIG), 
Internet Services Providers' Association of Nigeria (ISPAN); National 
Information Technology Development Agency (NITDA), and Individual 
citizens representing public interest. The working group has two 
chairpersons and one coordinator. 

The duties of the Working Group include: Engaging in public 
enlightenment programs, building institutional consensus amongst 
existing agencies, providing technical assistance to the National 
Assembly on cyber crime and in the Drafting of the cyber crime act; 
laying the groundwork for a cyber crime agency that will eventually 
emerge to take charge of fighting cyber crime in Nigeria. In addition, 
the working group was tasked with the responsibility of working with 
global cyber crime enforcement agencies in the USA , the UK and other 
countries, who are at fore-front of fightingcyber crime.

All this has quite created a lot of talk about fighting cybercrime 
without a significant result to show for it.Early this year, an 
on-line news magazine doubted Mr Nuhu Ribadu, the executive chairman 
of the Economic and Financial Crimes Commission, who vowed that 
Nigeria would"deal fatal blow" to cybercrime networks? According to 
Mr. Ribadu, Nigeria "will monitor cybercafes and take on a 
'significant' number of cases against such criminals based in Nigeria" 
The news magazine,InfoSec News queried,"prosecution of cyberscams is 
fine, but are there sufficient laws for this? If there are laws, why 
weren't they enforced so far, and if there are no laws, why is this 
not the first step?" How effectively then can the war against 
cybercrime be prosecuted since there is an awareness of the menace it 
poses to society? "Fighting cybercrime requires not just IT knowledge 
but IT intelligence on the part of the security agencies.

For now,there is an IT security divide - a serious shortage of skills 
to deal with the threats associated with IT. Shouting and moaning 
about cybercrime isn't enough. All the talk is meaningless unless the 
gap is closed. Security agencies need to be equipped with the skills, 
the know-how and the insight necessary to fight cybercrime 
effectively.While resources are needed to fight the menace, it is 
imperative to avoid the misdirected approach of'throwing money' at the 
problem. The approach must be based on policies and strategies. Such 
policies must be based on knowledge. Knowledge not just for the 
operatives, but also for those that will commit resources. For 
example, do the decision makers have any REAL, PRACTICAL appreciation 
of technology, not to talk of cybercrime? What is their stake on the 
basics of information security in today's high-tech, business 
environment? The cybercriminals seem to have the technology advantage.

"Essentially, cybercrime is information and intelligence- based 
activity. You cannot fight cybercrime with ignorance, strong 
directives or boastful talk”, Mr Jide Awe, an ICT expert, said in a 
conference paper presented in 2004. Furthermore, legislation needs to 
keep pace with e-crime, especially as it becomes more prevalent and 
sophisticated. "Apart from awareness and culture, security measures 
(technical and non technical) will need to be put in place and 
enforced, as part of the solutions. This might involve raising 
penalties and increasing the seriousness of e-offences. The right 
culture should create a high level of awareness amongst stakeholders", 
added the ICT expert.

Cybercrime cannot be divorced from the prevalent high level of 
corruption and wide spread poverty and unemployment in the Nigerian 
society.Heavier punishments and enlightenment, closing down cyber 
cafés, issuing draconian directives may therefore not be meaningful 
without addressing the causes. To fight crime you attack the causes of 
crime.Littlewonder then that after the initial excitement after the 
set up of the NCWG and some spineless fight by the security agencies, 
the noise died down.

Also in terms of strategy, it is crucial to thoroughly address issues 
relating to enforcement whenever the bill before the National Assembly 
to curb the crime is passed into law. "Mishandling of enforcement can 
backfire. Enforcement can only work if it avoids harassment, abuse of 
privacy and extortion. Care must be taken not to throw out the baby 
with the bath water. Don't create a situation where genuine users of 
the Internet are frustrated out and unable to benefit from the 
Internet.In today's world, computing tools and the Internet are used 
to effectively promote social development and business growth. 
Strategies must strike a balance between security concerns and other 
developmental needs",Mr Awe suggested. 

In April, at Heinrich Boll Foundation (HBF) Conference Hall where some 
stakeholders in the ICT industry gathered to discuss how to facilitate 
information security, reduce security breaches, and steps to contain 
cyber crime in Africa,Dr. Martins Ikpehai, chief executive officer, 
Computer Audit andSecurity Associates Ltd, Lagos stated that"Computer 
security and cyber crime awareness should be created with a view to 
sensitising all users of the internet facility with the emerging 
indicators of crime and fraud being committed through computer".

Other participants at the three-day conference agreed in various 
papers presented that the law enforcement agencies and judiciary in 
the continent have roles to play in devising ways of curbing internet 
fraud and enhancing their skills in computer security and risk 
management.The group was also hopeful that the Computer Security and 
Cybercrime Bill it sponsored to the National Assembly, will be passed 
on time and that its passage would mark the beginning of the war 
against internet crime in the country. 

Of course how far can the country go withiut an active legislation in 
place?According to the participants,it is also very necessary for 
relevant authorities to conduct survey and research with a view to 
containing cyber-related crimes and computer security breaches.Mr Awe 
who also paticipated at the conference charged the information 
security expertise in the continent toidentify threats to computer 
security, protect both internal and external threats among which human 
error is a major concern which needs human approach. The situation on 
the ground, therefore, shows the country still has a long way to go. 

© 2004 - 2006 African Newspapers of Nigeria Plc.