EFFECTS OF CYBER CRIME IN NIGERIA”S FINANCIAL INSTITUTIONS

BY

SULEIMAN MOHAMMED,
INFORMATION COMMUNICATION TECHNOLOGY DIRECTORATE,
AHMADU BELLO UNIVERSITY ZARIA
GSM: 08028472651
E-mail: mosulex@yahoo.co.uk

ABSTRACT

Today, the same computer that has done so much for the human society is also being
used to inflict very deadly blows on the society through cyber crime. Thus, this paper
aimed at examining cyber crime problems in Nigeria financial institutions. The data for
this paper were drawn mainly from documentary sources. The paper concludes that
cyber crime cannot be fought with yesterday’s technology. It will always be a losing
battle if security professionals are way behind the cyber criminals in terms of computer
knowledge. it was recommend that, Legislation needs to keep pace with e-crime, and the
changing faces of technology as it evolves, while security agencies need to be trained in
the fundamentals of IT and equipped with the necessary hard wares, skills, the know-how,
and the insight necessary to fight cyber crime.

Being a seminar paper, presented at the School of Business and Management

1
INTRODUCTION

According to Criminal Justice Resource Manual [CJRM] (1979) computer crime

is any illegal act for which knowledge of computer technology is essential for successful

prosecution carried out with the use of computers / computer related devices.

Hacking is the computer equivalent of breaking and entering. A computer hacker

uses his or her skills to gain unauthorized access to another computer or computer

network and, once inside, can wreak havoc by altering important information, deleting

essential files, or just crashing the whole system. Many hackers who break into

commercial Web sites are looking for customers' private financial data (including bank

account and credit card numbers). A hacker who causes a network to crash can cost a

company productivity and financial loss.

The computer system is the most important and most valuable tool used in

perpetrating cybercrime. Michael and Nenno (1985:8) define a computer system as an

electronic machine capable of receiving, storing and manipulating data. The manipulation

of data, called processing, can involve computation (such as adding, subtracting,

multiplying, and dividing) as well as sorting, storing and retrieving data.

Nigeria is forging into information technology hence, the need to critically and

holistically take a look into the consequences associated with IT and the Internet as a tool

being exploited to serve criminal purposes. How the latest and greatest technologies have

created new security vulnerabilities.

THE NIGERIAN CYBERCRIME WORKING GROUP (NCWG)

An inter agency group made up of

2
 The Nigerian cybercrime working group NCWG (2006) defines Nigeria

cybercrime as computer aided crime originating from Nigeria which consists of the

following:

 Computer-aided crimes committed by Nigerians internationally

 Non-Nigerian computer-aided crime giving the semblance of a “Nigerian” origin

 Crimes committed against Nigerian information and telecommunications assets

A report by NCWG further indicated the following statistics about Nigerian Cyber crime:

 Annual global loss of $1.5 billion in 2002

 6% of global Internet spam in 2004

 Credit card scam and cyber crime.

 6% of global Internet spam in 2004

 15.5% of total reported FBI fraud in 2001

 Financial services continue to be the most targeted sector of cyber crime at 91.7%

of all attacks recorded in December 2007

 Highest median loss of all FBI Internet fraud of $5,575

 Verisign, Inc., ranked Nigeria 3rd in total number of Internet

 fraud transactions, accounting for 4.81% of global Internet fraud

 American National Fraud Information Centre reported Nigerian money offers as

the fastest growing online scam, up 900% in 2001

3
  American National Fraud Information Centre also ranked Nigerian money offer as

3rd largest Internet fraud in 2002, at 4% Nigerian Cyber crime impact per capita

is exceptionally high.

There is no doubt that cyber crime is an image nightmare for Nigeria. Dansadau (2006)

lamented that Nigeria has become “notorious for illegal and fraudulent activities on the

computer in the international arena” hence, the need for a coordinated legal regime that

will secure computer systems and networks in Nigeria. According to Dansadau (2006) a

bill being proposed by the Nigerian senate will cure the defect in our justice system, to

wit, the reception and the evidentiary weight attached to electronic documents. It will

make provisions for activities like unlawful access to computers. Unauthorized disclosure

of access code, fraudulent electronic mail messages, cyber terrorism, pornography,

Internet 419 and other general offences against critical information infrastructure is a

source of concern and embarrassment.

NCWG (2006) Cybercrime report indicated that in 2003 60% of 419 e-mails

emanate from Nigeria while in 2005 the report indicate that, 400million pounds relating

to 419 crimes had been seized in the past two years. There have been 12 convictions in

such cases brought during that time, (2003 – 2005).

Oyesanya (2004) revealed that, Nigeria is the third of the top 10 countries which

are highly susceptible to fraudulent attacks through electronic mails and web pages. The

top ten lists in descending order are United State, United Kingdom, Nigeria, Canada,

Romania, Italy, Spain, South Africa, Russia, and Ghana.

4
 As financial institutions in Nigeria are merging complex IT infrastructures and

merging their products and services online, their vulnerability to theft and intellectual

property theft is increasing.

"The retrieval of consumers' personal identity data and financial account

credentials is often achieved by stealing credentials directly using key-logging

mechanisms and phisher-controlled proxies or by misdirecting users to non-authentic

websites."The Internet creates unlimited opportunities for commercial, social and educational

activities. But as it can be seen with cyber crime the net introduces its own peculiar risks. The

convenience associated with IT and the Internet is now being exploited to serve criminal

purposes. Cyber crime covers Internet fraud not just online 419. Computer-assisted crime

includes e-mail scams, hacking, distribution of hostile software (viruses and worms), denial of

service attacks, theft of data, extortion, fraud and impersonation.

WHO IS A CYBER CRIMINAL

Individuals who perpetrate Cyber crime are usually called computer Hackers

(Pranksters), and Crackers.

Who is a computer Criminal? To understand computer criminal Onifade and Mohammed,

(2000: 25) categorizes them into two:

1. Serious Minded

2. Pranksters.

A serious minded computer criminal is curious, he tends to be relatively honest, work

in trust worthy position, bright, highly motivated, male 18 – 30 years of age and would

not cause any physical harm to another human being, and they usually have a purpose

5
 than showing off, while Pranksters are usually computer hackers. Onifade and

Mohammed further describes a Hacker as any dedicated person who enjoys learning the

intricate detail of computer systems and dedicates many computer hours to it. He deploys

computer virus as a tool in crippling computers protected by passwords.

Accordingly, Onifade and Mohammed (2000) sub divided Hackers into two:

1. External Hacker: This hacker gains access to the target computer from a remote

computer located outside the target computer. The most common tools used in this case

are the internet and satellites link.

2. Internal Hacker: This hacker is an employee, contractor or consultant employed by the

firm.

While describing a cracker Onifade and Mohammed (2000) stated that, a cracker is a

person who enjoys braking computer codes either in cyberspace or breaking into

computers illegally, he/she is very good with computer programming.

The most common hacking pathway is accessing and trapping signals in cyberspace:

Using the right kind of equipments (modems, satellites and soft wares), the hacker traps

signals in space relatively by decrypting the encrypted codes of data.

Fig 1: Shows the activity of a Hacker as he deploys the necessary tools in intercepting streams of signals

Space
Satellite

Stream Of Signals carrying

S
Earth
Satellite

Stream of
intercepting
Signals
Carrying Codes 6
from a Hacker
 All computers on the Internet communicate using standard protocols so that

information from any computer on the Internet can reach any other computer. Here the

trouble comes: Until you connect with a public network, you are reasonably safe from

external threats.

Michael and Nenno (1985: Pp, 104-105) while describing computer network

stated that, Information typically travels across networks in packets. A packet is a chunk

of data plus an address and other information that tells the network where to deliver that

data. Everything going over the Internet is broken down into packets: Web pages, e-mail,

download e.t.c. Each computer on a network is assigned a unique number called an IP

address. The IP address uniquely defines that computer on the network and provides

directions for packets to reach their destinations. IP addresses work a lot like a street

addresses. Part of the address identifies the network segment of the destination computer

and part of the address identifies the actual computer.

Majority of hackers are potential virus developers. Onifade and Mohammed (

2000) define computer virus as “a small program that impairs-or simply destroys-a

computer's ability to function properly”. Most viruses are designed to spread themselves

over the Internet (often via email programs) often masquerade as games or pictures and

use beguiling subject lines (e.g., "My girlfriend nude") to encourage users to open and

run them before they inflict harm on their host computers. Frequently, hackers use

.Source: Author’s Own, 2008

used to get deeper inside that network.

WHAT PROMOTES CYBER CRIME

People who commit cyber crime believe that the gains are greater than the risk.

This is probably a factor in most crimes but is even far more so with cyber crime. The

most cogent attraction is the anonymity that is associated with using computers. With the

internet, a cyber criminal has a feeling of being invincible and wears an air of “nobody

sees me” as he quietly deploys his weapon of mischief. For example, many who would

not steal a CD in a store will easily download music illegally on the internet without any

sense of guilt. It feels so meaningless when it is not something physical, and beyond that

you are not taking anything from anybody, you are just making a copy for yourself.

AN OVERVIEW OF FINANCIAL CRIMES ON THE INTERNET

According to Federal Bureau of Investigation crime and security survey (2000)

Report that, “ 59% of cyber crime, cited their internet connection as a frequent point of

attack; as compared to 38% cite their internal system as a frequent point of attack.”

Fig 2: A bar chart indicating internal / external systems as points of attack

Points Of Attack
Undecided
3%

Internal
Systems as
Point Of
Attack Internet as
38% Point Of Attack
8 59%
 Federal Bureau of Investigation crime and security survey [CSS] (2000)

These figures clearly show that cyber crime fraud on the internet is a vastly

growing problem.

Recently, a report by The Nigerian cybercrime working group NCWG (2006)

indicated that Nigeria is losing about $80 million (N11.2 billon) yearly to software

piracy.

The Nigerian cybercrime working group NCWG (2006) report also stated that,

internet web sites enables fraudsters to lure investors seduced by extraordinary rates of

return based on what are said to be prime bank securities from top international banks

where the international nature of the transaction allows the high rate of return.

Also, the internet belongs to no country and, thus, cyberspace generally cannot be

regulated by any country’s laws. In this case, money laundering is made a little easier.

Criminals are able to spread out their illegal funds in fake ventures around the world via

cyber space. You don’t have to travel from Nigeria to Singapore to register or run a

business web site meant for customers and clients in Singapore, the entire process could

take place online from the comfort of your own home.

Onifade and Mohammed (2000) listed other fraudulent financial crimes

perpetrated on the internet to include:

1. PUMP & DUMP

It was stated that, there are two elements to this particular electronic crime. First element

is the “pump “. Having bought cheap shares in a lesser known company, the fraudster

9
Source: federal bureau of investigation crime and security survey (2000)
will generate false publicity as to its value in an effort to pump up its price. Then comes

the “dump”. Having increased the price of the shares, the fraudster then dumps them and

abandons the company. He takes a profit and the fraudster then dumps them and

abandons the company. He takes the profit and the investors have at best, over valued

shares and at worst valueless shares.

2. PYRAMID FRAUDS

A variation of the advance fee fraud is the pyramid scheme. It entices the victim with

promises of extraordinary returns on investment. Those at the top of the scheme are

initially successful because monies received from later investors are used to pay them

their promised returns. The success of the pyramid then entices other investor who will

not be so lucky because ultimately the pyramid will collapse when it cannot obtain even

more new investors to generate enough money to pay its existing investors.

3. CYBER TERRORISM

Cyber terrorist have at their disposal weapon that can cause severe destruction. Weapons

such as logic bombs, electromagnetic bombs and high frequency guns all are capable of

causing computers to malfunction. The hackers stole computer “source codes” that are

critical to programming thereby crashing the system.

4. SEX TRADE

The illegal sex trade is also booming in cyberspace. Sites dedicated to pornography

continue to enjoy high level of patronage. Young girls and children from all over the

world could be lured by those in the sex trade business to carry out sexual acts in front of

cameras so that their images can be broadcast on pornographic sites to paying viewers.

10
 While resources are needed to fight the menace, it is imperative to avoid the misdirected

approach of "throwing money" at the problem. Invest based on priorities and strategies.

Computers have revolutionised the investigation of traditional crime and have opened up

a new sphere for the investigation of high-tech crimes where ICT equipment or data are

the object for the offending or the tool for the commission of an offence. Those who

investigate high tech crime are faced with many opportunities and challenges. The

biggest problems are not to do with the laws of evidence but rather with search and

seizure, the scale of material that is available, the volatility of data and the degree of

anonymity available using ICT.

How strong are the security agencies in the fundamentals of IT? You cannot fight

today’s crime with yesterday’s technology.

5. PHISHING ATTACKS: Phishing e-mails is an attempt to steal consumers' user

names and passwords by imitating e-mail from legitimate financial institutions. Phishing

is designed specifically to steal bank information. Sullivan (2004) stated that, it is scary

because, there are no back-end fraud detection solutions for phishing."

Fig 3: shows investigative and policing issues

CID

Treat
Hacker
File a
Report

IT Manager Management

11
 It will always be a losing battle if security professionals are way behind the cyber

criminals in terms of technological knowledge. It’s not just about computing skills, but IT

Security expertise is essential.

Furthermore, legislation needs to keep pace with e-crime, especially as it becomes

more prevalent and sophisticated. Apart from awareness and culture, security measures

(technical and non technical) will need to be put in place and enforced, as part of the

solutions. This might involve raising penalties and increasing the seriousness of e-

offences. The right culture should create a high level of awareness amongst stakeholders.

Security agencies should liaise with industry stakeholders. There is a need to create a

security-awareness culture involving the public, the ISPs, cybercafés, government,

security agencies and Internet users. There must be education about the problems, risks

and solutions. Existing and potential victims need to be considered.

It is important for law enforcement agencies and regulators in information

technology to work more closely with financial institutions to better understand the broad

range of system design and other issues that are under consideration as technology

mature. Clearly, only with such interaction, can financial institutions incorporate anti

cyber crime solution into their emerging systems.

To fight crime you attack the causes of crime. Onifade and Mohammed (2000)

identified:

Corruption in society, harsh economic climate, high unemployment,

12
disregard for the rule of law and lack of transparency and accountability in governance,

greed and unrealistic expectations as the root causes of cybercrime in Nigeria. Onifade

and Mohammed (2000) suggest that, Solutions should be practical, cost-effective,

acceptable and supported by all stakeholders.

Oyesanya (2004) stated that, the menace of fraudsters soliciting victims via email

prompted the Nigerian government in 2002 to create a National Committee to address the

problem. The National Information Technology Development Agency (NITDA) was

involved in this process and one of the committee's recommendations was a draft Cyber

crime Act which includes a Data Retention Provision that declares, all service providers

under this Act shall have the responsibility of keeping:

1. All transactional records of operations generated in their systems and networks

for a minimum period of five years.

Ribadu (2004) stated that, cash and assets worth more than $700 million were recovered

from suspects between May 2003 and June 2004. More than 500 suspects have been

arrested, more than 100 cases are before the courts and 500 others are under

investigation.

The Nigerian Cyber-crime Working Group in collaboration with Economic and financial

crimes commission has made tremendous strides in its counter Cybercrime efforts. The

two agencies had made hundreds of Cybercrime arrests, and recovered millions of Naira

in looted monies. Also, the EFCC has earned the respect of International anti-Cybercrime

law enforcement bodies.

Dixon (2005) acknowledged that the EFCC, strengthen international cooperation

in the fight against cybercrime and that the FBI has assigned an agent to work exclusively

13
with Nigeria's Economic and Financial Crime Commission to assist the commission in

becoming a more efficient Cybercrime fighting body.

Ayantokun (2006) advised banks to create information security awareness

programs and campaigns on behalf of their customers. "The goal of awareness campaign

is crucial to increase the level of security awareness of the banking customers and

encourage electronic interactions amongst the banks in Nigeria".

Nigerian Cybercrime has the potential to impact technology growth which is a

key requirement for productivity improvement, and ultimately for socio-economic growth

because, International financial institutions now view paper-based Nigerian financial

instruments with skepticism. Nigerian bank drafts and checks are not viable international

financial instruments.

 Nigerian ISPs and email providers are already being black-listed in e-mail

blocking blacklist systems across the Internet.

 Some companies are blocking entire Internet network segments and traffic that

originate from Nigeria.

 Newer and more sophisticated technologies are emerging that will make it easier

to discriminate and isolate Nigerian e-mail traffic.

It is therefore imperative to acknowledge that the activities of Hackers had impacted

negatively on the financial institutions, thus, derailing the mechanism of checking excess

liquidity, inflation and good economic planning, which has left the system very volatile.

14
 The menace of these Cyber criminals thrives in big cities of Lagos, Abuja, Kano,

Kaduna, Port Harcourt etc. Therefore, Law Enforcement Agents and Regulators in

collaboration with banks should embark on geographic targeting and accordingly deploy

their human and material resources to these areas to check the dreaded cankerworm.

Enforcing cyber crime law in Nigeria is a necessary compliment to the great strides

by Government to transform Nigeria into an ICT – driven economy. To do otherwise is to

deliberately endanger the same infrastructures we have worked so hard and invested so

much to build;

Absence of Cyber crime Enforcement constitutes real HURDLE to launch of full-

fledged e-Commerce; in this clime, there is an IT security divide, a serious shortage of

skills to deal with the threats associated with IT. Security agencies need to be equipped

with the skills, the know-how and the insight necessary to fight cyber crime effectively.

In view of the above therefore, (Onifade and Mohammed) suggested that:

1. Government should organise an awareness campaign to enlighten the public of

the dangers that each brave new technological miracle poses and take steps that

will protect us from financial exploitation of these technologies while still

allowing us to enjoy their benefits.

2. Government and cooperate organizations should innovate ways of improving on

the existing precautionary measures, since cyber crime is dynamic.

3. Learn from the ugly history of Cyber crime within the international financial

institutions so as to help build a more secure online future for Nigeria.

4. There is the need for in-house programmers who would be subjected to training

and re-training to enable them meets the dynamism of the system.

15
5. Organisations and corporations depending on computer network and computers in

general for the operations need to first of all understand how vital it is to look

after the welfare of the staff and workers responsible for maintening this system.

Attacks on computer networks or viral infections on systems in so many cases

come from employees themselves either due to careless behavior or as acts of

revenge against the organization by disgruntled staff. Proper training should be

given to staff on how to run and maintain the computer systems, all should be

done to avoid feelings of anger and mistrust against the organization by its

employees and precaution should be taken when employees leave the

organization, such that the computer security passwords and the like are changed

to avoid access from outside the organization.

6. Updated Anti virus programs have to be installed on computer systems to detect

and prevent virus attacks and infections on both incoming and Outgoing mail for

viruses, and take care not to open e-mail Attachments with suspicious filenames,

unless you are absolutely certain of their origin. New viruses are being developed

each day, so having an anti virus program running on system is not enough; these

programs have to be regularly updated to detect and recognize the new virus

strains on the loose.

7. Firewalls can be set up to protect systems from being hacked. Firewalls enable

users of a network of computers to browse freely within this network and even

access the internet while blocking out unauthorized access.

8. Avoid sharing your financial details to unknown sites trying to engage you in any

suspicious venture online.

16
9. Avoid sharing auxiliary storage devices with other people as they may be infected

with viruses.

10. A department dedicated to cyber crime investigation should be established in

every state police headquarters to tackle cyber crime offences.

11. Financial institutions need to incorporate encryption technologies in their systems

which make it virtually impossible to decode some of these transfers and

messages in such a manner as it cannot be decoded or fixed by anyone else except

the person the message was addressed to.

12. A system of reward to encourage informants who can provide high value

information to catch Cybercriminals. (But these types of fraud cases are tough to

solve because scammers use a variety of untraceable means - web-based e-mail

accounts, wire transfers and pay-as-you-go cell-phones, for example. Arrests are

extremely rare.)

17
REFERENCES:

United States of America (1979)

Criminal Justice Resource Manual. [CJRM] Department of Justice.

Nigerian cybercrime working group (2006)

[NCWG] inter agency working group Report

Gallo M.A. and Nenno, R .B. (1985). Computer and society with basic and Pascal.

Zaria: Prindle, Weber and Schmdt publishers.

Dansadau A. (2006, September 12)

Daily Trust Newspaper, Vol. 14 No 72.

Onifade .A. and Mohammed .M. (2000). Money Laundering and Cyber crime

Zaria: Hasha Ventures Publishers.

Oyesanya, F. (2004) A Performance Review of EFCC and The Nigerian Cyber-Crime

Working group. Retrieved October 6th 2007, from http://Studentpa.info/

Ribadu, N. (2004) Economic and Financial Crime Commission Report

Dixon .R.(2005, November)Nigeria tries to tackle cyber crime The Guardian London,UK

United States of America (2000)

Federal Bureau of Investigation crime and security survey (2000).Crime and security

report.

Ayantokun .O. (2006) Fighting cybercrime in Nigeria. Retrieved June, 8th 2006, from
http://www.tribune.com.ng/08062006/infosys2.html
18
Sullivan .B. (2004) Criminals taking advantage of online banking. Retrieved.

J une, 14 th 2004, from http://msnbcmedia.msn.com/

19