Cyber Crime; The Need for Awareness and Security in an Interconnected World
In a study conducted by the United Nations in 2013, over 60 percent of all internet users are in developing countries, with 45 percent of all internet users below the age of 25 years. By the year 2017, it is estimated that mobile broadband subscriptions will approach 70 percent of the world’s total population. By 2020, the number of networked devices will outnumber people by six to one, transforming current conceptions of the internet.
The Council of Europe Convention on Cyber-crime of 2015 defines cybercrime in the four different categories: (1) offences against the confidentiality, integrity and availability of computer data and systems; (2) computer- related offences, (3) content-related offences; (4) offences related to infringements of copyright and related rights.
Globally, cybercrimes are spread across a broad distribution of these different categories. Perceptions of relative risk and threat vary, however, between governments and private sector enterprises. While police-recorded crime statistics do not represent a sound basis for cross-national comparisons, such statistics are often important for policy making at the national level. Police-recorded cybercrime rates are associated with levels of country development and specialized police capacity, rather than underlying crime rates. In addition, most of the cybercrime cases investigated by the Police are fuelled by interactions in social media like Facebook, Twitter, LinkedIn, Instagram etc.
In many countries, the explosion in global connectivity has come at a time of economic and demographic transformations, with rising income disparities and reduced financial liquidity. Almost 80 percent of cybercrime acts are estimated to originate in some form of organized activity, with cybercrime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale, and ‘cashing out’ of financial information.
The strong positioning and metastasis of cybercrimes identified several high-profile malware and DDOs attacks globally. In addition the issue of Business Email Compromise (BEC) is gaining more footholds all over the world.
In March 2016, financial investigators suspected that unknown hackers installed a Remote Access Trojan (RAT) in the Bangladesh central bank’s computer systems, obtained credentials needed for payment transfers from Federal Reserve Bank of New York and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka.
The hackers were able to steal a total value of about $81 Million from the Federal Reserve’s Bangladesh account through a series of fraudulent transactions, but a typo in some transaction prevented a further $850 Million Heist. This happened more than a month after hackers breached Bangladesh Bank’s systems and attempted to steal nearly $1 billion from its account at the Federal Reserve Bank of New York.
In February 2016, Snapchat announced that a number of its current and former employees had their identities compromised by a cyber-attack. The company’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated the Chief Executive Officer and asked for employee payroll information.
“Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally,” Snapchat explained in a blog post.
In June 2016, Facebook’s CEO, Mark Zuckerberg’s Twitter and Pinterest’s accounts were hacked because he reused a password: “ dadada”. The same password had appeared in May 2016 in a database of more than 100 million usernames and passwords stolen in 2012 from LinkedIn Corp. Zuckerberg appears to have reused “ dadada” to log into Twitter and Pinterest, allowing hackers to take over those accounts. Fortunately for Zuckerberg, the consequences of his account takeovers weren’t severe. He is known to hardly use Twitter at all. He has tweeted only 19 times, most recently in January 2012.
Also in June, Zuckerberg’s Pinterest page said: “Hacked by our team.” The group claimed it was “just testing” Zuckerberg’s security.
Speaking at the 2nd Quarterly meeting of The Nigeria Electronic Fraud Forum ( NeFF), Chairman and Director of Banking and Payment System Department, Central Bank of Nigeria (CBN), Dipo Fatokun, while presenting a paper on “The Deep Web and its impact on the Global Financial Industry” said, “the reality we face today is that the conventional use of the World Wide Web is like dragging a net across the surface of the ocean, capturing less than 1% of web content.”
BEC is a sophisticated scam carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.
Victims may first receive “phishing” e-mails requesting additional details regarding the business or individual being targeted (name, travel dates, etc.). Intrusions can initially be facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link. The victim clicks on the link, and it downloads malware, allowing the actor(s) unfettered access to the victim’s data, including passwords or financial account information.
Juniper Research, an online market research firm in the United Kingdom, recently predicted that the current rapid digitization of business records and consumers’ lives will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Cybercrimes alone cost Nigeria about N127bn annually. South Africa’s economy lost almost R35 Billion in 2015 whilst about USD455 is lost globally.
In a corresponding fashion, the fight against cybercrime and other forms of attacks is also getting stronger and receiving more attention. This is further strengthened by the regulatory focus of the Central Bank of Nigeria in collaboration with other relevant stakeholder organizations like the Information Security Society of Africa, Nigeria (ISSAN), The EFCC, The Nigerian Police Force and others.
Recently, to address emerging cyber threats in Nigeria, the Federal Government set up computer emergency response teams through the Office of the National Security Adviser (NSA) and the National Information Technology Development Agency (NITDA). In addition, to further improve the nation’s cyberspace security, the Cybercrime Advisory Council was also inaugurated. According to the Minister of Communications, Adebayo Shittu, the council is expected to facilitate the implementation of the Cybercrime Act of 2015, as well as the National Cybersecurity Policy and Strategy.
Measures such as these do address the problem, but only to a limited extent. As emphasized at a recent Cyber Security Awareness Summit, it has become more imperative to create a security-aware community, with the adequate knowledge on the use of the cyberspace, including the risks and solutions. Consequently, the average person on the streets gets more aware regarding the ‘do’s’ and ‘do n’ts’ on the electronic banking and e-commerce space, and the activities of fraudsters will be checkmated while we are all able to carry on our businesses in a safer and more conducive environment.
Furthermore, it is also necessary to address the subculture amongst the Nigerian youths especially in relation to the notion that online fraud is an acceptable means of accumulating wealth. In addition, the issue of unemployment seriously needs to be resolved as that in itself, affects the desire among the youths and the usual offenders, to survive by any means necessary.
Dr. David Isiavwe is currently Chief Audit Executive of Union Bank and also President of the Information Security Society of Africa, Nigeria (ISSAN)