http://www.tribune.com.ng/08062006/infosys2.html By OLUWASEUN AYANTOKUN Info Systems Lagos 8th June, 2006 When efforts are being made to remove the rebellious shoot of the proverbial tump, it obstinately sprouts another.So is cybercrime, which has continued to grow by leaps and bounds, just as the government frantically keeps on fighting financial crimes. hile the war is yielding results by enhancing the image of Nigeria abroad,cybercrime has continued to dent it. The Internet creates unlimited opportunities for commercial, social and educational activities. But as we can see with cybercrime, the net introduces its own peculiar risks. The convenience associated with IT and the Internet is now being exploited to serve criminal purposes. Cybercrime covers internet fraud not just online 419 - the use of computers and or the internet to commit crime. Computer-assisted crime include e-mail scams, hacking, distribution of hostile software (viruses and worms), denial of service attacks, theft of data, extortion, fraud and impersonation. Recently, a report indicated that Nigeria is losing about $80 million(N11.2 billon) yearly to software piracy.The report was the findings of a study, conducted by Institute of Digital Communications(IDC), a market research and forecasting firm, based in South Africa, on behalf of Business Software Alliance of South Africa. As it is now, cybercrime is an image nightmare for Nigeria.When you come across phrases like "Nigerian scam", the assumption that crosses your mind is that all (or conservatively, most) scam emails originate from Nigeria, or Nigerians. In 2004, the federal government established a cybercrime working group,the Nigeria Cyber Working Group(NCWG),with the purpose of aiding Nigeria's demystification of the hydra-headed monster.The NCWG is an Inter-Agency body made up of all key law enforcement, security, intelligence and ICT agencies of government, plus major private organisations in the ICT sector. Some of these agencies include the Economic and Financial Crimes Commission (EFCC), Nigeria Police Force (NPF), the National Security Adviser (NSA), the Nigerian Communications Commission (NCC), Department of State Services (DSS), National Intelligence Agency (NIA),Nigeria Computer Society(NCS), Nigeria Internet Group(NIG), Internet Services Providers' Association of Nigeria (ISPAN); National Information Technology Development Agency (NITDA), and Individual citizens representing public interest. The working group has two chairpersons and one coordinator. The duties of the Working Group include: Engaging in public enlightenment programs, building institutional consensus amongst existing agencies, providing technical assistance to the National Assembly on cyber crime and in the Drafting of the cyber crime act; laying the groundwork for a cyber crime agency that will eventually emerge to take charge of fighting cyber crime in Nigeria. In addition, the working group was tasked with the responsibility of working with global cyber crime enforcement agencies in the USA , the UK and other countries, who are at fore-front of fightingcyber crime. All this has quite created a lot of talk about fighting cybercrime without a significant result to show for it.Early this year, an on-line news magazine doubted Mr Nuhu Ribadu, the executive chairman of the Economic and Financial Crimes Commission, who vowed that Nigeria would"deal fatal blow" to cybercrime networks? According to Mr. Ribadu, Nigeria "will monitor cybercafes and take on a 'significant' number of cases against such criminals based in Nigeria" The news magazine,InfoSec News queried,"prosecution of cyberscams is fine, but are there sufficient laws for this? If there are laws, why weren't they enforced so far, and if there are no laws, why is this not the first step?" How effectively then can the war against cybercrime be prosecuted since there is an awareness of the menace it poses to society? "Fighting cybercrime requires not just IT knowledge but IT intelligence on the part of the security agencies. For now,there is an IT security divide - a serious shortage of skills to deal with the threats associated with IT. Shouting and moaning about cybercrime isn't enough. All the talk is meaningless unless the gap is closed. Security agencies need to be equipped with the skills, the know-how and the insight necessary to fight cybercrime effectively.While resources are needed to fight the menace, it is imperative to avoid the misdirected approach of'throwing money' at the problem. The approach must be based on policies and strategies. Such policies must be based on knowledge. Knowledge not just for the operatives, but also for those that will commit resources. For example, do the decision makers have any REAL, PRACTICAL appreciation of technology, not to talk of cybercrime? What is their stake on the basics of information security in today's high-tech, business environment? The cybercriminals seem to have the technology advantage. "Essentially, cybercrime is information and intelligence- based activity. You cannot fight cybercrime with ignorance, strong directives or boastful talk”, Mr Jide Awe, an ICT expert, said in a conference paper presented in 2004. Furthermore, legislation needs to keep pace with e-crime, especially as it becomes more prevalent and sophisticated. "Apart from awareness and culture, security measures (technical and non technical) will need to be put in place and enforced, as part of the solutions. This might involve raising penalties and increasing the seriousness of e-offences. The right culture should create a high level of awareness amongst stakeholders", added the ICT expert. Cybercrime cannot be divorced from the prevalent high level of corruption and wide spread poverty and unemployment in the Nigerian society.Heavier punishments and enlightenment, closing down cyber cafés, issuing draconian directives may therefore not be meaningful without addressing the causes. To fight crime you attack the causes of crime.Littlewonder then that after the initial excitement after the set up of the NCWG and some spineless fight by the security agencies, the noise died down. Also in terms of strategy, it is crucial to thoroughly address issues relating to enforcement whenever the bill before the National Assembly to curb the crime is passed into law. "Mishandling of enforcement can backfire. Enforcement can only work if it avoids harassment, abuse of privacy and extortion. Care must be taken not to throw out the baby with the bath water. Don't create a situation where genuine users of the Internet are frustrated out and unable to benefit from the Internet.In today's world, computing tools and the Internet are used to effectively promote social development and business growth. Strategies must strike a balance between security concerns and other developmental needs",Mr Awe suggested. In April, at Heinrich Boll Foundation (HBF) Conference Hall where some stakeholders in the ICT industry gathered to discuss how to facilitate information security, reduce security breaches, and steps to contain cyber crime in Africa,Dr. Martins Ikpehai, chief executive officer, Computer Audit andSecurity Associates Ltd, Lagos stated that"Computer security and cyber crime awareness should be created with a view to sensitising all users of the internet facility with the emerging indicators of crime and fraud being committed through computer". Other participants at the three-day conference agreed in various papers presented that the law enforcement agencies and judiciary in the continent have roles to play in devising ways of curbing internet fraud and enhancing their skills in computer security and risk management.The group was also hopeful that the Computer Security and Cybercrime Bill it sponsored to the National Assembly, will be passed on time and that its passage would mark the beginning of the war against internet crime in the country. Of course how far can the country go withiut an active legislation in place?According to the participants,it is also very necessary for relevant authorities to conduct survey and research with a view to containing cyber-related crimes and computer security breaches.Mr Awe who also paticipated at the conference charged the information security expertise in the continent toidentify threats to computer security, protect both internal and external threats among which human error is a major concern which needs human approach. The situation on the ground, therefore, shows the country still has a long way to go. © 2004 - 2006 African Newspapers of Nigeria Plc. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 08 2006 - 02:33:54 PDT