A Socio-Technological Analysis of Cyber Crime and Cyber Security in Nigeria
Chapter One
RESEARCH OBJECTIVES
The general objective is to provide information and analysis which lawmakers, policy makers and law enforcement agencies in Nigeria can use in order to create legal definitions which are meaningful from sociological and technological perspectives of cybercrime and cyber-security.
The specific objectives are as follows:
1. To identify informal, sociological and technological causes of cybercrime and cyber security in Nigeria.
2. To identify and analyse the techniques used by cyber criminals and the use of cyber space for fraud.
3. To analyse the approaches adopted by Nigerian law enforcement agencies and cyber security stakeholders in combating cybercrime and ensuring cyber security.
4. To provide Nigerian based typologies of cybercrime.
CHAPTER TWO
LITERATURE REVIEW
CYBERCRIME: DEFINITION AND CONCEPTUALIZATION
As technology has developed so have also the definitions of computer crimes or cybercrimes. It has been argued that since computer crime may involve all categories of crime, a definition must emphasize the particularity, the knowledge or the use of computer technology. In a communication from the commission of the European Union
in 2001 a single definition is introduced. In this communication, computer related crime is addressed in the broad sense as any crime that in some way or the other involves the use of information technology. This is a minimum consensus list not excluding extensions in domestic law. Content-related offences such as copyright infringements,
racism, xenophobia, and child pornography may by many observers normally not be understood as cybercrimes. Copyright infringements are based upon civil agreements and contracts and are not traditionally criminal offences in many countries. Copyright infringements will very often be enforced through civil remedies due to many of the
complicated issues. Child pornography has always been a criminal offence in the paper based version. Terrorists are using 512–bit encryption which is next to impossible to decrypt. An example may be cited as the Osama Bin Laden’s 9/11 attack, the LTTE attack on America’s army deployment system during the Iraq war. Various kinds of
cybercrimes are emerging in the world today, hacking, bombing, diddling, viruses, spoofing and salami attacks are all capable of breaching the security in the information systems of vital installations. One of the most important purposes in criminal legislation is the prevention of criminal offences. A potential perpetrator must also in cyberspace be given a clear warning with adequate foresee ability that certain offences are not tolerated,
and when criminal offences occur, perpetrators must be convicted for the crime explicitly done, satisfactorily efficient in order to deter him or her, and others from such crime. These basic principles are also valid for cybercrimes. These legal tools include an arsenal of well-defined cybercrime offences for use in prosecuting cyber criminals and procedural rules governing evidence-gathering investigation. Cybercrime is often
transnational in character; offenders can take advantage of gaps in existing law to avoid apprehension and or prosecution. The issue of cybercrime is one that has been discussed by many people with various perspectives on the issue, most coming at it from different sides than the others. Cybercrimes have gone beyond conventional crimes and now have threatening ramifications to the national security of all countries, even to technologically developed
countries as the United States. According to a publication on the web which states that “the adoption by all countries of appropriate legislation against the misuse of Information and Communication Technology (ICT), for criminal or other purposes, including activities intended to affect the integrity of national critical information infrastructures, is central to achieving global cyber security”. The publication further stated that since threats could originate anywhere around the globe, the challenges are inherently international in scope thus requires international cooperation, investigative assistance, and common substantive and procedural provisions”. In line with the above, Odinma (2010) states that “cybercrime is any illegal acts perpetrated in, on or through the internet with the intent to cheat, defraud or cause the malfunction of a network device, which may include a computer, a phone, etc. The illegal act may be targeted at a computer network or devices e.g. computer virus, denial of service attacks (DOS),
malware (malicious code). The illegal act may be facilitated by computer network or devices with target independent of the computer network or device”. Relating cybercrime to the military in a paper depicting his vested interest in the country’s military wellbeing, Umo (2010) outlines that cybercrime, cyber terrorism, cyber warfare, cyber security are one and the same thing. This is because, stealing or forgery directed at an individual or an organization is synonymous to waging war on the target of the crime.
CHAPTER THREE
RESEARCH METHODOLOGY
RESEARCH DESIGN
In this study, the descriptive and survey research method was adopted. The survey research method was adopted because of its usefulness in establishing existing or prevailing conditions of a given point in time (Travers, 1978). It gives valid and reliable information if well designed. Aina (2002) stated that research design consists of two essential processes; research methods and data collection instrument. According to Travers (1978) a survey research design often focuses on the characteristics of a population. Those include certain phenomena of interest in a population. Its result can be analysed easily for quick action or necessary intervention.
STUDY POPULATIONS
The population for this study includes:
1. Two law enforcement agencies
2. Two cyber-security governmental agency
3. Ten Practicing Scammers
4. Arrested Cybercriminals
5. One Hundred Scam Baiters’ Correspondence
Law Enforcement Agencies
Economic and Financial Crime Commission (EFCC)
According to Economic and Financial Crime Commission Establishment Act (2004), the agency is empowered to prevent, investigate, prosecute and penalize economic and financial crimes and is charged with the responsibility of enforcing the provisions of other laws and regulations relating to economic and financial crimes. The researcher is interested in this population set because the agency enabling Act places it at the frontline of all economic and financial crime activities in Nigeria. It will also help the researcher in understanding the available legal provisions in the Nigeria Criminal Law to address cybercrime.
CHAPTER FOUR
IMPLEMENTATION AND EVALUATION
PRESENTATION OF RESULTS
Interview with Law Enforcement Agencies
Based on the data collected, we discovered that the Economic and Financial Crime Commission (EFCC) as well as the Nigerian Police Force (NPF) become aware of cybercrime activities through complaints and reports by victims of cybercrime, online surveillance, and frequent assessment of cybercafés. They generally get evidences to ensure conviction through forensic analysis of suspects’ computer systems and devices used to perpetuate the crime. Apart from these means, oral testimony of victims, mails exchanged between the suspects and the victims and Internet Protocol address results from Internet Service Providers (ISPs) are also part of the evidences used to ensure
conviction of those who might be guilty.
CHAPTER FIVE
SUMMARY, CONCLUSIONS, RECOMMENDATIONS AND
SUGGESTIONS FOR FURTHER STUDIES
SUMMARY OF FINDINGS
The study is based on socio-technological analysis of cybercrime and cyber-security in Nigeria. In carrying out the study, the researcher made use of structured interview questions for law enforcement agencies and governmental cyber-security agencies in order to determine the approaches adopted to combat cybercrime and ensuring cybersecurity in Nigeria. Interactive questions for scammers in understanding the mode, methods and techniques used for engaging cybercrime activities and reviewed scammer and scam baiter correspondences in order to establish Nigerian based topology of cybercrime. The study also made use of structural functionalism, Marxist theory, Routine Activity Theory and Technology-Enabled Crime Theory in examining and explaining cybercrime and cyber-security threat in Nigeria. The findings from this study show that, the available enabling criminal laws used
the law enforcement agencies which are the Advance Fee Fraud Act of 2006, the Money Laundering Act of 2004 section 12(1) (c) – (d), the Economic and Financial Crime Commission Act of 2005, and the Evidence Act of 1948, are not sufficient enough to address the menace of cybercrime directly. As such, an appropriate cyber-law is
required urgently to tackle the activities of cybercrime and ensure cyber-security. The findings also shows that the government cyber-security agency ensures cyber-security through capacity building, workshops on cybercrime, public enlightenment programme, interactive session with the Bankers’ Committee and Law Enforcement Agencies, sponsored the cybercrime bill, working the Law Reform Commission in updating the evidence act, and partnering with private sector in setting network security rules.
However, these are not sufficient enough, as proactive measures are required to ensure cyber safety on the Internet. The findings also reveal Nigerian based typology of cybercrime and the clues in identifying fraudulent e-mail messages or fraudulent links within them. It also indicates that, Nigerian scammers pose more as governmental
organization when perpetrating their activities in order to establish authenticity of their transactions.
CONCLUSION
Undoubtedly, the liberalization of telecoms and Internet penetration policies of government have yielded unprecedented growth in Information and Communication Technology (ICT), leading to increased dependence on technology for the delivery of basic as well as critical services in Nigeria amongst citizens, businesses and governments. A cyber-security framework is therefore inevitable to compliment these great strides by government, secure and protect the underlying ICT infra-structures and boost consumers’ confidence as well as the general public. Cyber-security is a reality that has to be dealt with now as it would determine how we are conceived in a global village. Today’s world is in an important evolution such that physical transactions in all spheres of everyday life will be done online from bank transactions to controlling our hybrid power generating plants, and so on. Thus, there is a need for a cyber-activities regulation that safe-guards Nigerians within and foreigners interested in investing in Nigeria.
Cybercrime with its complexities has proven difficult to combat due to its nature. Extending the rule of law into the cyberspace is a critical step towards creating a trustworthy environment for people and businesses. Since the provision of such laws to effectively deter cybercrime is still a work in progress, it becomes necessary for individuals, organisations and government to fashion out ways of providing security for their systems and data. To provide this self-protection, individuals, organizations and
government should focus on implementing cyber-security plans addressing people, process and technology issues, more resources should be put in to educate and create awareness on security practices.
Therefore, there is no one measure that will cure the menace of cybercrime and ensure cyber-security. But it is the combination of measures together with the sincerity and rigour with which they are implemented and administered that will serve to reduce risks most effectively and efficiently. Also, the fight against cybercrime and cybersecurity threats in Nigeria requires not just knowledge of Information Technology but
Information Technology intelligence on the part of all citizens.
RECOMMENDATIONS
Research has shown that no law can be put in place to effectively eradicate the scourge of cyber-crime. Attempts have been made locally and internationally, but these laws still have short-comings. What constitutes a crime in a country may not in another, so this has always made it easy for cyber criminals to go free after being caught. These challenges
notwithstanding, governments should in the case of the idealists, fight them through education not law. It has been proven that they help big companies and government see security holes which career criminals or even cyber-terrorist could use to attack them in future. Most often, companies engage them as consultants to help them build solid security for their systems and data. “The Idealists often help the society: through their highly mediatised and individually harmless actions, they help important organizations to discover their high-tech security holes….” (The enforcement of law on them can only trigger trouble, because they would not stop but would want to defy the law. “Moreover, if the goal of the cyber-crime legislation is to eradicate cyber-crime, it may well
eradicate instead a whole new culture….” Investments in education are a much better way to prevent their actions.
Another means of eradicating cyber-crime is to harmonize international cooperation and law, this goes for the greed motivated and cyber-terrorists. They cannot be fought by education, because they are already established criminals, so they can not behave. The only appropriate way to fight them is by enacting new laws, harmonize
international legislations and encourage coordination and cooperation between national law enforcement agencies. Based on the findings of this study, cybercrime is definitely a threat to the economy of a nation, peace and security. Therefore, there is need for a holistic approach to combat this crime and ensure cyber-security in all ramifications. To this end, the researcher suggests the following as mechanisms to combat cybercrime and ensure
cyber-security in Nigeria;
1. First and foremost is to review existing criminal laws and enact Nigeria cyberlaw to address the dynamic nature of cyber security threats.
2. Forensic laboratories should be established with all investigating units of law enforcement agencies.
3. Ensure progressive capacity building programmes for the law enforcement agencies on cybercrime and cyber-security.
Finally, it is important to note that cybercrime cannot be divorced from the widespread corruption, harsh economic climate and abject poverty. To fight crime, Nigerian government must attack the cause and attacking the cause in this context comes by the way of good governance, transparent electoral processes and accountability in government all of which translates into food on the table, more good jobs, better schools, a fairer investment climate and ultimately a reduction in the tendency of our citizens to want to go into cybercrime.
REFERENCES
- Agba, P.C. (2002), International Communication Principles, Concepts and Issues. In Okunna, C.S. (Ed) Techniques of Mass Communication: A Multidimensional Approach. Enugu: New Generation Books.
- Aina, L. O. (2002). Research in Information Sciences: An African Perspective. Ibadan: Stirling-Horden. Pp.1-31.
- Aluko, M. (2004).17 ways of Stopping Financial Corruption in Nigeria.www.comcast.net. April 5, 2010.
- Ayofe, A. N. and Oluwaseyifunmitan, O. (2009).Approach To Solving Cybercrime and Cybersecurity. Int. J. Computer. Sci. Inform. Security Vol. 3, No. 1.
- Ayofe, A. N. and Oluwaseyifunmitan, O. (2009).Towards ameliorating Cybercrime and Cyber-security. International Journal of Computer Science and Information Security, 3, 1-11.
- Brenner, S. (2007). Law in an Era of Smart Technology, Oxford: Oxford University Press p.374.
- Choi, K. (2006). An Empirical Assessment of an Integrated Theory of Cybercrime Victimization. Paper presented at the annual meeting of the American Society of Criminology (ASC), Los Angeles, CA, USA.
