A SOCIO-TECHNOLOGICAL ANALYSIS OF CYBER CRIME AND CYBER SECURITY IN NIGERIA
The Global Information Infrastructure creates unlimited opportunities for commercial, social and other human activities. However, it is increasingly under attack by cybercriminals; as the number, cost, and sophistication of attacks are increasing at an alarming rate. This study sets out to examine the sociological and technological factors that impact cybercrime and cyber security and thereby articulates the relevant circumstances and threats of cybercrime in Nigeria. The study approached the issue of cybercrime from theoretical and investigative points of views. Structured interviews with law enforcement agencies and governmental institution for cyber security were also conducted. Data obtained through these research instruments were subjected to descriptive analysis and frequency counts in order to explain the activities of Nigerian cybercriminals based on existing theories of crime, and to understand their intents, purposes and methods. Four theories of crime, namely, Structural Functionalism Theory, Marxian Theory, Routine Activity Theory and Technology Enabled Crime Theory were all found to be relevant to Nigerian cybercrime. At the level of existing laws, the study established that there are no existing laws in the Nigerian statues that directly address cybercrime.
TABLE OF CONTENTS
Title Page i
Table of Contents vii
List of Tables x
List of Figures xi
CHAPTER ONE: INTRODUCTION 1
Background to the Study2
Statement of the Problem5
Justification of the Study7
Scope of the Study8
Definition of Terms9
CHAPTER TWO: LITERATURE REVIEW 10
Cybercrime: Definition and Conceptualization10
Cybercrime Against Persons18
Cybercrime Against Property18
Cybercrime against Government18
Cyber-Security in Perspective19
General Perception of Cybercrime in Nigeria23
Evaluation of the Current Situation in Nigeria23
Structural Functionalism Theory24
Routine Activity Theory26
The Theory of Technology Enabled Crime26
The Theory of Differential Association28
Challenges of Cybercrime30
Complexities of Cybercrime31
The Phenomenon of Cybercrime33
The Nigerian Perspective37
CHAPTER THREE: RESEARCH METHODOLOGY 40
Law Enforcement Agencies40
Governmental Cyber-security Agencies41
CHAPTER FOUR: IMPLEMENTATION AND EVALUATION 46
Presentation of Results46
Interview with Law Enforcement Agencies46
Interview with Governmental Cyber-security Agency47
A Criminal Mail51
Computer as an Instrument Facilitating Crime53
Phishing and Personal Experience55
Discussion of Findings58
Approaches Adopted by Law Enforcement Agencies to combat
Cybercrime in Nigeria 58
Approaches Adopted by Governmental Cyber-security Agency in
Ensuring Cyber-security in Nigeria 58
Problems Confronting Law Enforcement Agencies and Governmental
Cyber-security Agencies in combating cyber-crime in Nigeria 59
Theories of Crime in relation to Nigeria Cybercrime60
CHAPTER FIVE: SUMMARY, CONCLUSIONS, RECOMMENDATIONS
AND SUGGESTIONS FOR FURTHER STUDIES 63
5.1 Summary of Findings 63
5.2 Conclusions 64
5.3 Recommendations 66a
LIST OF TABLES
4.1 Gender Status of the Practicing Scammers 50
4.2 Level of Study of Practicing Scammers 50
4.3 Occupational Status of the Practicing Scammers 50
4.4 World Internet Usage and Population Statistics 53
LIST OF FIGURES
4.1 Lottery Winning and Financial Scam 56
4.2 Pure 419 Scam for Phishing 57
From business, industry, government to not-for-profit organizations, the internet has simplified business processes such as sorting, summarizing, coding, editing, customized and generic report generation in a real-time processing mode. However, it has also brought unintended consequences such as criminal activities, spamming, credit card frauds, ATM frauds, phishing, identity theft and a blossoming haven for cybercriminal miscreants to perpetrate their insidious acts. The development of the internet and the widened access to computer technology has created new opportunities for work and business activities, as well as those who engage in illegal activities. The rise of technology and online communication has not only produced a dramatic increase in the incidence of criminal activities, but has also resulted in the emergence of what appears to be a new variety of criminal activities. Both the increase in the incidence of criminal activities and the possible emergence of new varieties of criminal activity pose challenges for legal systems, as well as for law enforcement agencies (Brenner, 2007).While technological advancements have produced radical shifts in the ability to reproduce, distribute, control, and publish information, the Internet in particular has radically changed the economics and ease of reproduction (Longe and Chiemeke, 2008). Computer networks have also radically changed the economics of distribution. With transmission speeds approaching a billion characters per second, networks enable the sending of information products worldwide, cheaply and almost instantaneously.
The Global Information Infrastructure (GII) presents vast opportunities, but it can also be dangerous for the innocent people. Fraudulent schemes, scams and con artists have certainly been around long before the introduction of the internet, however, with the
technology and explosive growth of the internet, fraud has quickly become a major concern for consumers, merchants and governments. Furthermore, the introduction and acceptance of the Global System for Mobile Communication (GSM) in Nigeria and the proliferation of digital devices (such as the MP3 players, IPOD, IPAD, cell phones, smart phones, GPRS enabled phones) and electronic platform services (such as blogs, instant messaging and other web 2.0 platforms) contributes to the increase in internet fraudulent acts.
BACKGROUND TO THE STUDY
Over the past twenty years, immoral cyberspace users have continued to use the internet to commit crimes; this has evoked mixed feelings of admiration and fear in the general populace along with a growing unease about the state of cyber and personal security. This phenomenon has seen sophisticated and extraordinary increase recently and has called for quick response in providing laws that would protect the cyber space and its users. The first recorded cyber murder was committed in the United States seven years ago. According to the Indian Express, January 2002, an underworld don in a hospital was to undergo a minor surgery. His rival went ahead to hire a computer expert who altered his prescriptions through hacking the hospital’s computer system. He was administered the altered prescription by an innocent nurse, this resulted in the death of the patient. Statistically, all over the world, there has been a form of cybercrime committed every day since 2006. Prior to the year 2001, the phenomenon of cybercrime was not globally associated with Nigeria. This resonates with the fact that in Nigeria we came into realization of the full potential of the internet right about that time. Since then, however, the country has acquired a worldwide notoriety in criminal activities, especially financial scams, facilitated through the use of the Internet. Nigerian cyber criminals are
daily devising new ways of perpetrating this form of crime and the existing methods of tracking these criminals are no longer suitable to deal with their new tricks. The victims as well show increasing naivety and gullibility at the prospects incited by these fraudsters. Since the issue of cyber security is raising a number of questions in the minds of Nigerians, it is only fair that we answer these questions.
Crime remains indefinable and ever strives to hide itself in the face of development. As measures and techniques for detecting crimes and criminals advance, criminals also look for means of hiding from these measures and the Internet currently serves as a hiding place for fraudsters who have simply migrated from the streets to an electronic platform offered by the World Wide Web. Different nations have adopted different strategies to contend with crimes depending on their nature and extent. Certainly, a nation with high incidence of crime cannot grow or develop. That is so because crime undermines development. It leaves negative social and economic consequence (Sylvester, 2001).For Nigeria, a nation in the process of saving her face regarding cybercrimes; efforts are now being directed at the sources and channels through which cybercrimes are perpetuated. The task of re-stigmatizing cybercrime and re-dignifying honest is not as easy as that of institutionalising a deterrence mechanism like Code of Conduct Bureau, Independent Corrupt Practices and other related Crimes Commission (ICPC), Economic and Financial Crime Commission (EFCC) and many more. This is after many years at the bottom of the ladder of the corrupt nations of the world, which is based on some index set by the Transparency International (TI), an anti- corruption crusader group. The Advance Fee Fraud popularly called “419” has given birth to cybercrime. Needless to say that cybercrime popularly called “Yahoo-Yahoo” is an offshoot of Advanced Fee Fraud. Advance Fee Fraud which became popular in the early ‘90s, has now produced its first offspring with mostly the unemployed and
undergraduates as its practitioners. The quest of social scientists and historians is, ‘how did a society that value hard work, cooperation and contentment become deeply rotten in corruption (Ogunsanya, 2006). The answer to this can be linked to the materialistic value of the country.
Majority of the cybercrimes perpetrated in Nigeria generally are targeted at individuals and not necessarily computer systems, hence they require less technical expertise. The damage done manifests itself in the real world. Human weaknesses such as greed and carelessness are generally exploited. The damage done is largely psychological and financial. These crimes are similar to theft, and the likes that have existed for centuries, even before the development of high-tech equipment. Through the internet, the same criminals or persons with criminal intents have simply been given a tool which increases their potential pool of victims and make them all the harder to trace and apprehend (Aghatise, 2006).The challenge in fighting cybercrimes today relates to the fact that cybercrimes have been in existence for only as long as the Global Information Infrastructure exists. This explains the unpreparedness of society and the world in general towards combating them. Numerous crimes are committed daily on the Internet with Nigerians at the forefront of sending fraudulent and bogus financial proposals all over the world. Criminals involve in the Advance Fee Fraud schemes (419) are now popularly referred to as “yahoo-yahoo” in Nigeria. The nation has therefore carved a position for herself as source of what is now generally referred to as “419” mails named after Section 419 of the Nigerian Criminal Code (Capp 777 of 1990) that prohibits Advance Fee Fraud.
Apart from the availability and usage of Internet facilities in cyber cafes for scam mails and other cybercrimes, the evolution of fixed wireless facilities in the Nigerian network landscape has added another dimension to the cybercrimes problem. Fraudsters
who can afford to pay for Internet connection vial fixed wireless lines can now perpetrate their evil acts within the comfort of their homes. In some cyber cafes, a number of systems are dedicated to fraudsters (popularly referred to as “yahoo boys”) for the sole purpose of hacking and sending fraudulent mails. Other cyber cafes share their bandwidth (popularly referred to as home use) to some categories of customers who acquire systems for home use in order to perpetuate cybercrimes from their homes (Longe and Chiemeke, 2008).
STATEMENT OF THE PROBLEM
The internet creates unlimited opportunities for commercial, social and other human activities. But with cybercrime, the Internet introduces its own peculiar risks. What are the menace cybercrime and cyber-security threats poses to Nigeria? The convenience associated with Information Technology and the Internet is now being exploited to serve criminal purposes. Cybercrime covers Internet fraud not just online Advance Fee Fraud (419), also the use of computers and or the Internet to commit crime. Computer-assisted crime includes e-mail scams, hacking, distribution of hostile software (viruses and worms), denial of service attacks, and theft of data, extortion, fraud and impersonation. Waziri (2009) spoke about the dreadful level of corruption as being a threat to Vision 20:2020. Cyber-crime is an obstacle that may shut the door of progress against the nation. This was why Aluko (2004) gave seventeen (17) ways of stopping financial corruption in Nigeria. One of these crimes according to him has to do with cybercrimes. The global village currently records an increasing criminal behaviour. News of cybercriminal activities continue to fill the pages of the newspaper, it is central to world news and has become a global problem. There is hardly a place where computers and internet facilities are found that cases of crime are not recorded. New modes of
operation are developing as the Global System for Mobile-telecommunication (GSM) is now used for browsing. A lot of young people are common among the perpetrators of these criminal activities. They spend hours browsing and sometimes stay awake all night to carry out their nefarious activities. The people involved are mostly found within the ages of fifteen to thirty years.
According to Erhabor (2008), cybercrimes are described as one of the fastest growing criminal activities on the planet. He repeated the fact that it covers a large range of illegal activity including financial scams, computer hacking, downloading of pornographic images from the internet, virus attacks, stalking and creating websites that promote hatred. In recent time, young students in the tertiary institution engaged in forgery of all kinds ranging from false admission paper to school fees receipts, certificates racketeering and examination malpractice that is, accessing useful information during examinations through the handset and other electronic devices. Ajao (2008) said Nigeria, Ghana and South Africa top cybercrime in Africa. Nigeria is not spared from the heartache caused by cybercrimes.
The fight against cybercrime and cyber security threats in Nigeria requires not just knowledge of Information Technology but Information Technology Intelligence on the part of the security agencies. In Nigeria, there is an Information Technology Security divide – a serious shortage of skills to deal with the threats associated with Information Technology. Shouting and moaning about cybercrime is not enough. All the talk is meaningless unless the gap is closed. Security agencies need to be equipped with the skills, the know-how and the insight necessary to fight cybercrime effectively. The findings above are worrisome and it is in order to curb and proffer solution to the above that the study intends to look at the sociological and technological factors influencing cybercrime and cyber security in Nigeria.
JUSTIFICATION OF THE STUDY
The Global Information Infrastructure creates unlimited opportunities for commercial, social and educational activities. However, it is increasingly under attack by cyber criminals; as the number, cost and sophistication of attack are increasing at alarming rates. The challenge in fighting cybercrimes and cyber security threats today relates to the fact that, they have been in existence for only as long as the Global Information Infrastructure exists. This explains the unpreparedness of society and the world in general towards combating them. In addition, the study is significant because its findings have potential for providing an aid in formulating appropriate legal and framework for cyber law and cyber security in Nigeria. It will also examine various dimensions of cybercrime and cyber security threats in Nigeria.
The general objective is to provide information and analysis which lawmakers, policy makers and law enforcement agencies in Nigeria can use in order to create legal definitions which are meaningful from sociological and technological perspectives of cybercrime and cyber-security.
The specific objectives are as follows:
1. To identify informal, sociological and technological causes of cybercrime and cyber security in Nigeria.
2. To identify and analyse the techniques used by cyber criminals and the use of cyber space for fraud.
3. To analyse the approaches adopted by Nigerian law enforcement agencies and cyber security stakeholders in combating cybercrime and ensuring cyber security.
4. To provide Nigerian based typologies of cybercrime.
This research study aims to assess the vulnerability of the Nigerian society to crime and abuse on computer networks and the Global Information Infrastructure at large. The study then attempts to answer the following questions:
1. How are Nigeria anti-graft agencies tackling cyber-crime and cyber security threats?
2. How effective and efficient are the efforts of the security agencies in combating cybercrime and ensuring cyber security in Nigeria?
3. What can be done to improve the state of cybercrime and cyber security in Nigeria?
4. What are the techniques used by scammers in perpetrating cybercrime in Nigeria?
SCOPE OF THE STUDY
In order to ensure effectiveness and focus of study, this research is limited to a particular information rich subset of stakeholders in cyber activities. The research will be limited to Law Enforcement Agencies in Nigeria, Cyber Security Governmental Agencies in Nigeria, practicing scammers, cybercriminals and scam baiter correspondence. The research sets out to examine the sociological and the technological factors that impact cybercrime and cyber security in Nigeria. It covers the events that occur from 2001 to 2010 and the unit of analysis is organization.
A mixed research approach is needed for adequate insight and knowledge into solving and achieving the research problem and objectives. The study will approach the issue of cybercrime from theoretical and investigative points of views. This study will use a combination of existing literature studies, direct in-depth primary research and secondary
materials from the Internet. The study population for this study includes, Law Enforcement Agencies, Cyber Security Governmental Agencies and Scam baiter correspondence.
DEFINITION OF TERMS
Advance Fee Fraud: Advance Fee Fraud is a rising type of Internet crime causing Internet users to lose significant amounts of money. The expression ‘Advance Fee Fraud’ (AFF) describes fraud cases in which criminal fraudsters convince a victim that the victim has won a prize or been selected for a business deal with easy money to be gained and the only condition to obtain the gain is that the victim has to pay a small amount of money in advance. When the victim pays the fee, it will not bring him closer to receiving the gain. In fact, he only risks losing more money as the fraudster will be encouraged to re-contact the victim to request the payment of additional fees for the same transaction.
Scam: A “confidence trick” is an attempt to defraud a person or group after first gaining their confidence, used in the classical sense of trust.
Denial of Service Attack: is an attempt to make a machine or network resource unavailable to its intended users.
Theft of Data: Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as USB flash drives, iPods and even digital cameras..