REVIEW OF LITERATURE

2.0 INTRODUCTION

Our focus in this chapter is to critically examine relevant literature that would assist in explaining the research problem and furthermore recognize the efforts of scholars who had previously contributed immensely to similar research. The chapter intends to deepen the understanding of the study and close the perceived gaps.

Precisely, the chapter will be considered in three sub-headings:

Conceptual Framework

Theoretical Framework and

Empirical Review of Related Literature

2.1 CONCEPTUAL FRAMEWORK

Concept of Cybercrime?

Cybercrime is a topical issue that has been discussed by many people from various perspectives (Ibikunle and Eweniyi, 2013). One reason for this is the huge losses that were attributed to it. It was estimated that, global losses to cybercrime is about

$400bn annually (CSIS, 2014). Others have put it at a higher value of $445bn4. As technology evolved, so did the definitions of cybercrime. According to Halder and Jaishankar (2011), cybercrime is an offence, with a criminal motive, committed against an individual or group of persons intentionally to harm the reputation of the victims as well as cause irreparable damage to hardware of sensitive infrastructure, including internet and mobile phones. Symantec Corporation, the world’s biggest computer security company, defined cybercrime as any crime committed using a computer, network or hardware devices (Theohary and Finklea, 2015).

To explain what cybercrime means, let us look at the slit meaning of the words ‘cyber’ and ‘crime’. The word ‘cyber’ has its origins from ‘cybernetics’, which refers to the science of communication that deals with the study of automatic control systems (much like the human nervous system/ workings of the brain) as well as the mechanical-electrical communication systems. Cyber is therefore a derivative of cybernetics used to describe interactions that relate to, or involve computers or networks. ‘Crime’ refers to the specific actions or inactions due to negligence that is injurious to public welfare or morals, and one that is legally prohibited. Cybercrime (e- crime or hi-tech crime) is a global phenomenon which takes place in the cyberspace i.e. in the world of computers and on the internet. Cybercrime involves using specialized applications in computers with the internet by technically skilled individuals to commit crime. The aftermath of such crimes may threaten a nation’s security architecture and financial health (Saul, 2007). So, cybercrime can simply be explained as a crime carried out with the aid of a computer system. It refers to criminal acts that are facilitated through the use of the internet.

Basic Concept of Cybercrimes

Cybercrime is an emerging trend that is gradually growing as the internet continues to penetrate every sector of our society and the future is yet unknown. Cybercrime may be divided into two categories (Carter, 1997):

Crimes that affects computer networks and devices directly. Examples are malicious code, computing viruses, malware etc.

Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer networks or device. Examples include Advance fee fraud such as Yahoo, Money theft through the ATM, SMS requesting you to provide bank details as BVN.

Types and Dimension of Cybercrimes

In the past, little was known about cybercrime, but as the internet grew worldwide, the unintended consequences of computerization manifested in global notoriety. It is a worldwide problem that costs countries, businesses and individuals billions of dollars. The first reported cybercrime was committed by employees of a company in the 1960s and involved the company’s mainframe computer (Maitanmi et al., 2013). In recent times however, it not only involves employees of companies or nations, but includes organized criminal gangs, terrorists, rogue governments and individuals (in isolated cases).

Lewis (2002), identified four important elements when assessing the risks of cyber crime. First, infrastructure as a target: cyber warfare and terrorism were placed in the historical context of attacks against infrastructure. Second, routine failure versus cyber attack: examining cyber attacks against a backdrop of routine infrastructure failures. Third, weapons of mass annoyance: the measurement of the dependence of infrastructure on computer networks and the redundancy already present in these systems. Finally, hacking and terror: for the case of cyber-terrorism, the use of cyber weapons in the context of the political goals and motivations of terrorists, and whether cyber-weapons are likely to achieve success.

According to Broadhurst (2006), computer crime encompasses criminal activities which can aptly be categorized by its unique typology of computer-related crime, comprising conventional crimes in which computers are instrumental to the offence. This is the case of child’s pornography and intellectual property theft; attacks on computer networks; and conventional criminal cases in which abound undeniable evidence in digital form. The kinds of criminality include the following and is not limited by the underlisted issues:

i.Interference with lawful use of a computer: cyber vandalism and terrorism; denial of service; insertion of viruses, worms, ransomware and other malicious code.

ii.Dissemination of offensive materials: pornography/child pornography; on-line gaming/betting; racist content; treasonous or sacrilegious content.

iii.Threatening communications: extortion; cyber-stalking.

iv.Forgery/counterfeiting: ID theft; IP offences; software, CD, DVD piracy; copyright breaches et cetera.

v.Fraud: payment card fraud and e-funds transfer fraud; theft of Internet and telephone services; auction house and catalogue fraud; consumer fraud and direct sales (e.g. virtual ‘snake oils’); on-line securities fraud.

vi.Others include illegal interception of communications; commercial/corporate espionage; communications in furtherance of criminal conspiracies; electronic money laundering.

Hassan et al. (2012), categorized cybercrimes into cyber terrorism, Cyber fraud, malware, cyber stalking, spam, wiretapping, logic bombs and password sniffing. Wada and Odulaja (2012), included phishing and fake copy-cat websites to the types of existing cybercrimes. These are distinguished below.

(i)Cyber Terrorism - Lewis (2002), defines cyber-terrorism as the malicious act of using computer network to disrupt the normal processes of critical national infrastructures (such as energy, transportation, government operations), including the coercion or intimidation of public and private citizens. Hassan et al, (2012), described cyber extortion as a sort of cyber terrorism whereby the website, e-mail server, i or computer system leveraging on ransomware is put under attack by hackers for denial of services and demand for ransom.

(ii)Fraud (Identity Theft) - Fraud refers to the act of depriving a person dishonestly of something, which such an individual are supposedly entitled to possess. It verbally means an act of deception deliberately carried out to gain unlawful advantage. For fraud to be ascertained, there must be established, a case of dishonest intention to benefit (on the part of the perpetrator) at the detriment of other individual or organization (Eseoghene, 2010). The concept of Identity Theft is simple; someone gains access to someone’s personal information and uses it for his/her own benefit.

(iii)Malware – “Malware”, also known as malicious software, refers to the use of software or code designed to by-pass some security checks in computers/mobile devices and harness data without consent (MacAfee, Apr 23, 2013). Malicious logics include developmental faults such as Trojan horses, logic or timing bombs, trapdoors and zombies. It also includes operational faults such as viruses or worms (Avizienis et al, 2004). Powell and Stroud (2003) describes these faults as follows:

i.Trojan horse performs illegal action with the impression of being legitimate. This may involve the disclosure or modification of information which is essentially an attack against integrity and confidentiality.

ii.Logic bomb remains dormant in the host system until a certain time or an event occurs, or certain conditions are met, before it begins to delete files, slow down or crash the host system.

iii.Virus replicates itself and joins another programme when it is executed, thereby turning into a Trojan horse (a virus can carry a logic bomb). Worm replicates itself and propagates without the users being aware of it (a worm can also carry a logic bomb).

iv.Trapdoor provides a means of circumventing access control mechanisms.

v.Zombie can be triggered by an attacker in order to mount a coordinated attack.

(iv)Cyber Stalking – According to Ellison and Akdeniz (1998), cyber stalking refers to the use of the internet, e-mail, or other electronic devices to stalk another person. Cyber stalking can be used interchangeably with online abuse or online harassment. The perpetrator does not present a direct physical threat to a victim, but follows the victim’s online activity, gathers information and eventually makes threats towards the victim.

(v)Spam – This refers to unsolicited bulk electronic mail (e-mail) and short message services (SMS) sent indiscriminately to prospective victims of crime via electronic messaging systems. It is possibly the most practical cyber attack weapon because of its low operating cost (which ends with the maintenance of mailing lists) and the difficulty that would be associated with holding anyone accountable for mass mailings. The perpetrators, known as spammers, rely on users not reading the fine print of agreements, resulting in them agreeing to send messages indiscriminately to their contacts.

(vi)Wiretapping/Illegal Interception of Telecommunication –

Telephone fraud has always been a problem. However, with an increase in the use of cellular phones as well as the ability to purchase goods and services with credit cards over phones, the problem has increased dramatically in recent years. Criminals use wiretapping methods to eavesdrop on communications and gain access to information which they should not be privy to.

(vii)Password Sniffing - Password sniffers are programmes which are designed to collect the first 128 or more bytes of network connections within a defined network being monitored (Hassan, et al, 2012). Crackers have them installed on networks used by systems that they intend to hack or penetrate. The sniffer collects information when users type in information such as usernames and passwords, usually required when using common internet services. Other programs sort through collected information, pull out important pieces such as the usernames and passwords, and cover up their existence in an automated way.

(viii)Phishing - High-tech identity theft that steals personal information and identity of unsuspecting users as well as commits acts of fraud against the legitimate individual or organization that have been victimized. The perpetrators send false emails fraudulently designed to mimic legitimate businesses, requesting for personal information which if released can allow them access one’s bank accounts, including details of debit and credit cards.

(ix)Fake Web-Sites - There is the emergence of fake ‘copy-cat’ websites that take advantage of customers who are unfamiliar with internet usage or unsure of the real web site address of a legitimate company. Customers unwittingly enter their personal details into the fake web sites of criminals who either use the details themselves to commit crime or sell on the details to other interested fraudsters.

Causes and Effects of CyberCrime in Nigeria

Causes of CyberCrime

The root causes of cybercrimes are not far-fetched. One only has to take a quick glance around the society to observe illicit wealth acquisition and its display. This is coupled with the fact that, the perpetrators are highly exalted. The problem is made worse by the high youth unemployment, the absence of enforceable prohibitive laws and the general laissez faire attitude of individuals and businesses regarding cyber security (Hassan et al., 2012). Evidence has also shown that, a significant proportion of these crimes are perpetuated by people in their youthful age. It is however worth noting that some of these attacks are also perpetrated within organizations. Many internet users are easily lured by unknown mails and web site addresses, falling victim to spyware and phishing.

Hassan et al. (2012) identified urbanization, high unemployment, quest for wealth, poor implementation of cybercrime laws, inadequately equipped law enforcement agencies, and negative role models as some of the causes of proliferated cybercrimes in Nigeria. Akwara et al., (2013), in their study examined the relationships among unemployment, poverty and insecurity in Nigeria.

They found that unemployment causes poverty, and that a positive causal relationship exists between the latter and insecurity. Other causes of cybercrime according to them are: corruption, gullibility/greed, proliferation of cyber cafes and the vulnerable nature of the internet. The main causes of cyber-crimes in Nigeria are briefly discussed below.

(i)Urbanization – Rapid urbanization in Nigeria which manifests mainly through the fast population growth is a challenging issue for policy makers. Urban population grows at an annual rate of 4.3% (WDI, 2016). This is much higher than the Sub- Saharan Africa average and continues to put pressure on available resources in Nigerian cities. For instance, only 32.8% of urban population had access to improved sanitation facilities in 2015, and about 68.5% of urban population had access to potable water supply within the period (WDI, 2016). According to Meke (2012), urbanization is beneficial only to the extent of availability of good jobs that have been created in cities, amidst high population growth rate. The study held that urbanization is one of the major reason that led to increases in cybercrimes in Nigeria. He also noted that urbanization and crime move in tandem.

(ii)Unemployment – Unemployment rate in Nigeria is high and stood at 23.1% in the fourth quarter of 2018. Youth unemployment rate is currently above 47%. According to Okafor (2011), high unemployment in Nigeria comes with socio- economic, political and psychological consequences. This phenomenon encourages the development of street youths and urban urchins (“area boys”) that grow up in a culture that encourages criminal behavior.

(iii)Quest for wealth - Carnal instinct that quests for wealth is another cause of cyber crimes in Nigeria. For any business to succeed, it is expected that, the rate of returns on the investment grow at a geometric rate, with minimal risk. Cyber criminals desire to invest minimal capital in a conducive environment that would reap maximum gains as they strive to become rich using the quickest means possible.

(iv)Poor Implementation of Cybercrime Laws and Inadequately Equipped Law Enforcement Agencies – According to Laura (2011), African countries have received intense criticism for inadequately handling of cybercrimes due to inadequate infrastructure and competence of assigned law enforcement agencies. The private sector also lags behind in protecting itself from cyber savvy criminals, Nigeria inclusive. There is no sophisticated hardware to forensically track down cyber criminals. In some instances, the laws regarding cybercrimes are circumvented by criminals. It is worth noting that law enforcement agencies in Nigeria such as the EFCC and ICPC have successfully prosecuted cybercrime offenders over the years. Nevertheless, much improvement can still be made.

(v)Negative Role Models - Youths are mirrors of the society. According to Meke (2012), many parents transmit criminal tendencies to their children via socialization. If this continues unchecked and the values are absorbed by the younger generation, they will see nothing wrong with cybercrime.

(vi)Corruption – Nigeria has continued to occupy despicable position in the global ranking for corruption. In 2018, Nigeria was ranked the 144th most corrupt nation in the world out of 176 countries surveyed by the Transparency International5. People celebrate wealth without questioning the source of such wealth. It is common to hear of people with questionable character and wealth being celebrated in society. This misguided disposition towards wealth encourages the get-rich-quick mind set that can be pursued through cybercrime.

(vii)Gullibility/Greed – Most victims of cybercrime express some degree of gullibility and/or greed. Some people carry out transactions hoping to make profits without thorough investigations. Such people are preys for the cyber criminals.

(viii)Poverty - According to Jolaosho (1996), poverty refers to the inability to afford decent food, shelter, clothing and recreational activities. Hence, poverty is the absence of basic life essentials for survival and comfort of mankind. A poverty-stricken person may unwittingly turn to crime for survival. About 50% of Nigerians live in extreme poverty as at 2018.

(ix)The Proliferation of Cyber Cafes and the Porous Nature of the Internet - It is important to note that the nature of the internet is that geographical and political boundaries are not relevant as attacks can be generated by criminals from anywhere in the world and executed wherever the criminals deem fit. Also, the proliferation of cyber cafes has been another major cause of the rising cyber crime.

Various Cybercrimes in Nigeria

For Several decades, the internets have experienced an increase growth with the number of hosts connected to the internet increasing daily at a higher rate. As the internet grows to become more accessible and more facilities become reliant on it for their daily operation, likewise the rise in cybercrime. In Nigeria, cybercrime has become one of the main avenues for stealing of money and business spying. According to Check Point, a global network cyber security vendor, as of 2016, Nigeria is ranked 16th highest country in cyber-attacks vulnerabilities in Africa (Castells 2002) in (Yar 2006). Nigerians are known both home and abroad to be rampant perpetuators of cybercrimes. The number of Nigerians caught for duplicitous activities carried by broadcasting stations is much more in comparison to other citizens of different countries. Recently the United States of America (US) apprehended 6 Nigerians (18/06/2020) in the US for cyber related crime as published by the Nigerian new publishers. The contribution of the internet to the development of Nigeria has had a positive impact on various sectors of the country. However, these sectors such as the banking, e-commerce and education sector battles with the effect of cybercrimes. More cybercrimes are arising at an alarming rate with each subsequent crime more advanced than its previous ones.

Banking Sector and Cybercrimes

The life wire of the banking sector is the internet. Presently, banks all over the world are taking advantage and incorporating opportunities brought about by Electronic banking (e-banking) which is believed to have started in the early 1980’s. As the security level in this sector becomes stronger, the strength and tactics of these fraudsters increases also. Various threat attacks have been explored in which, many of them are successful. Generally, cybercriminals carry out fraudulent activities with the ultimate goal of accessing a user’s bank account to either steal/transfer funds to another bank account without rightful authorization. However, in some rare cases in Nigeria, the intention of cyber-criminals is to cause damage to the reputation of the bank by denying service to users [6] and sabotaging data in computer networks of organizations.

Bank Verification Number (BVN) Scams:

The BVN is a biometric identification system which consists of an 11-digit number that acts as a universal ID across all the banks in Nigeria. BVN was implemented in 2015 by the Central Bank of Nigeria. It was introduced to link various accounts to the owner thereby ensuring that fraudulent activities are minimized. For fraudsters, opportunities to extort money and to carry out other fraudulent activities arose from the implementation of the BVN. It was detected that fake and unauthorized text messages and phone calls were sent to various users demanding for personal information such as their account details. In addition, phishing sites were created to acquire such information for unhealthy activities on the bank account of individuals.

Phishing

Phishing is a theft of identity. It involves stealing personal information from unsuspecting users and it is also an act of fraud against the authentic, authorized businesses and financial institutions that are victimized. In Phishing mail messages, the fraudsters’ tries to find a way to convince and gain the trust of users. Phishing mails are mostly carried out on bank customers either through mail, text Messages or phone call requesting individual bank information for the purpose of criminal activity. In some cases social media platforms like what-Sapp, Facebook, etc are used to initiate communication just to establish trust and confidence, there by exploiting individuals for the said motive subsequently.

Cyber-theft / Banking Fraud

Hackers target the vulnerability-ties in the security of various bank systems and transfer money from uncountable accounts to theirs. Most cyber-criminals transfer little amounts like 5 naira which are sometimes overlooked by the user without questions raised by the users who assumes this was deducted for either SMS or ATM withdrawal charges. Doing this for over a million accounts enriches most fraudsters usually treated as legitimates deductions unknown.

Sales Fraud & Forgery

In our society today, fraudulent sales of products that do not exist or that are imitations are increasingly common. The purchase of an item before actually seeing it has created ways for fraudsters to make money via the sale of fake products or in some cases, the total absence of the product. Many persons have fallen victim of this particular crime on popular E- commerce websites, where the hackers’ makes used of a cloned websites to perpetrates there crimes.

Education Sector and Cybercrime

The educational sector in Nigeria suffers greatly from electronic crimes which are perpetuated mostly by students in tertiary institutions (Universities, Polytechnic and monotechnic and others).

Cyber-Plagiarism

Information housed on the internet has made an effective alteration on the methods in which people educate themselves. The term ‘Copy and Paste’ is the most common phrase used when referring to cyber- plagiarism. Cyber-plagiarism can be defined as copying and pasting online sources into word processing documents without reference to the original writer /owner. In the educational sector in Nigeria, students, particularly those in the tertiary institutions carry out this crime without enforcing the due penalty.

Pornography

Cyber-pornography is the act of using cyberspace to create, display, distribute, import, or publish pornography or obscene materials, especially materials de-picting children engaged in sexual acts with adults or adults as well. Cyber-pornography is a criminal offense, classified as causing harm to persons, especially the youth and the entire societal moral decadence as well.

Bank Cards Theft

The theft of bank cards has evolved from the physical theft of the card to simply the theft of the numbers. Today, bank card hackers do not need to be in the same country to steal other people’s identities. Fraudsters make use of hidden cameras to record ATM card pins and numbers in distinct places such as an eatery payment using POS, or at the ATM. According to the Federal Bureau of Investigation (FBI), a method known as ATM skimming can be used and it involves placing an electronic device on an ATM that scoops information from a bank card’s magnetic strip whenever a customer uses the machine (FBI, 2011).

Also, another cybercrime carried out via this means in Nigeria includes internet order fraud. Internet order frauds involves fraudster inputting stolen cards numbers on online platforms in order to access money illegally.

Cybercrimes on Social Media

In Nigeria, Social networks have gained a very high ground in every sector. The banking industry, government, business, universities use this platform to promote and communicate with each other. Social networking sites such as Facebook, Twitter, LinkedIn and Instagram serve as a fertile ground for cybercriminals to launch new attacks. Users create semi-public profiles and can directly communicate with friends without restriction.

Charity Funds

Fraudulent people host fake social network pages for charity soliciting for money. In most cases, these fake social pages are backed up with pictures showcasing various illnesses. Many kind hearted people donate to this cause thereby increasing the pockets of cyber criminals unknown (FBI, 2011).

Stalking, harassment and Blackmailing Scam

This are threatening and blackmailing acts carried out on the internet by fraudsters on a victim. In most cases, the perpetuator’s identity is unknown by the use of a false alias or by blocking the identity by keeping all information hidden while relating with the said victims.

Personal Social Site-Hijacking

This is a major crime all over the world. Many social networking pages have been hijacked by hackers who demands money in turn for releasing the personal social page. This has occurred in sites like Twitter, Facebook and Instagram. These fraudsters go as far as sending messages from the authorized page to friends and family requesting for money or any other kind of assistance (FBI, 2011). Also, another common scenario also occurs when the fraudster creates a social page pretending to be someone else especially celebrities.

Ways To Detect Cybercrimes

The following are some of the ways by which cybercrimes can be detected

Email inspection: inspecting your mails before opening is a very useful way of detecting unusual or strange activities. Email spamming and cyber stalking can be detected by carefully investigating the email header which contains the real email address, the internet protocol address of the sender as well as the date and time it was sent (FBI, 2011). While this may not be the only trick, a genuine address should contain https. The s stands for protected (secured); otherwise any address with no s attached to the http is likely to be cybercriminal sites and should be treated as such.

Intrusion Detection System (IDS)

This is applicable for more serious attacks like breaking into a bank network to steal customer’s sensitive data which cannot be discovered by mere inspection or reviewing. Intrusion detection techniques such as Honey pots, Tripwires, Anomaly detection systems, Operating system commands and Con- figuration checking tools are always employed. Another well-known system is Snort; it is a robust open source tool which exists for monitoring different network attacks. It was first developed in 1998 and gradually evolved into a mature software and even better than many commercial IDS. The system employs the rules established by the administrator to monitor traffic and detect strange behaviors (FBI, 2011).

Effects of Cybercrime

Hassan et al. (2012) identified reduction in competitive edge of organizations, time wastage and slow financial growth, slow production time and increase in overhead cost, as well as defamation of the image of a nation as some effects of cybercrime. Other major effects include monetary losses and loss of privacy. Some of the effects of cybercrime are briefly explained below:

(i)Reduction in Competitive Edge- An organization can lose its competitive advantage and suffer losses when a hacker steals its confidential information and future plans and sells it to a competitor. The time spent by IT personnel on rectifying harmful incidents caused by computer criminals could have been used to earn profit for the organization.

(ii)Productivity Losses and Rising Cost- Cybercrime also reduces the productivity of an organization, as businesses take measures to prevent it by securing their networks. This is time consuming and also affects productivity. In addition, to control viruses and malware, organizations buy security softwares to reduce the chances of attacks. Computer crime therefore increases overhead cost and reduces profit margins. Other effects include the consumption of computer and network resources, and the cost in human time and attention of deleting unwanted messages.

(iii)Monetary Losses- The financial costs to economies and businesses from cyber- attacks include the loss of intellectual property, financial fraud, and damage to reputation, lower productivity, and third party liability. Opportunity cost (lost sales, lower productivity, etc) make up a proportion of the reported cost of cyber-attacks and viruses. However, opportunity costs do not translate directly into costs to the national economy. Businesses face greater damage from financial fraud and intellectual property theft over the Internet. Thus, where cybercrime is rife (especially relating to businesses and financial institutions) there are bound to be untold financial consequences. A research report by Ponemon Institute (2016) shows that, cybercrime cost in six countries (U.S.A, Japan, Germany, U.K, Brazil and Australia) in 2016 ranged from USD$4.3 million to USD$17.3 million annually. The study used a sample of 237 companies in the six countries.

(iv)Destroys Country’s Image- One key negative effect of cybercrime is that it tarnishes a country’s image. Once a country is labeled as a harbor for cybercrime activities, potential investors are cautious in investing in such countries. This has some dire implications for the nation’s macroeconomic stability.

(v)Retards Financial Inclusion- proliferation of cybercrime in a particular country discourages financial inclusion, due to the fear of being a victim of cyber attack.

Measures to Prevent Cybercrime

Cybercrime cannot be easily and completely wiped out, but can be reduced. However, collaborative efforts of individuals alongside with government intervention could go a long way to reduce or minimize it to a reasonable level. Measures to take can be categorized into two [3]:

1.Governments intervention: Although the country has found herself in great mess by the inability of the government to provide basic necessary amenities such as jobs, security and the likes for her citizens which indirectly has led to high rate in cybercrime, there is still need for the nation to come up with adequate laws to tackle this issue. These laws should be formulated by the government and should strictly be adhered to. However, a bill was passed in the year 2015 that would protect and punish electronic fraud and other cyber related crimes. The full implementation of this bill will hopefully bring a strategic approach to fight against cybercrime. Some of the bills are highlighted below: There will be seven years jail term for offenders of different types of computer related fraud, computer related forgery, cyber-pornography, cyber-stalking and cyber-squatting (FBI, 2011).

Defines the liability of service providers and ensures that the use of electronic communications does not compromise national interest. It provides a legal framework to punish cyber criminals thereby improving electronic communication. It specifies all criminal acts and provides guidelines for the investigation of such offences. If these laws are effectively enforced, cybercriminals will be deterred and penalized. This will indirectly reduce the incident of cybercrimes rates, and increase customers. confidence while transacting business online and also correct the negative impression about Nigeria and the citizens.

Social media as a tool for combating cybercrime in Nigeria

Social media is used as a good platform for committing crimes. This is a well-known and undeniable fact. If the social media can be used as an effective tool for detection and prevention in real life, could they also be useful in the detection and prevention of online crime?

Online crime is a more complicated and sophisticated type of criminal activity and it is; therefore, more difficult to find different tools of deterrence than those used to deter ordinary real-life crimes. The reporting system that is quite popular for crime detection and deterrence purposes may not be sufficient for the purposes of online crime detection.

The social media can prove effective in the detection of ‘constant’ organized crime groups (Golbeck & Klavans, 2015), but hacker groups are not always constant, and therefore, require other methods of detection.

Surprisingly, cybercriminals can be discouraged from using social media as they do not give complete anonymity and it is not impossible to trace them. This is because, in most cases, cybercriminals do not know each other personally and their actions are coordinated using online technologies.

A hacker who wants to remain anonymous will resort to fake names or photos, and thus, a representative of a law enforcement agency can categorize these potential perpetrators. However, anonymity can also be used by regular citizens, who do not wish for their identity to be revealed for personal reasons.

It is reasonable to examine the conduct of a person using a fake photo. Terrorists tend to use fake names or nicknames and publish various posts, mostly on Facebook, Twitter or other online forum boards, with incitement to hatred or violence, or use propaganda to disseminate terrorist ideas or group activity.

In such conditions, it is better to group all posts written by this person under one name for comparison and to judge whether they conform to pursue one aim. It is true that, to detect a cyber-terrorist, it is not sufficient to follow where his posts lead to, but also to closely compare grammar and cultural references. Even though one can glean much information about this perpetrator, it is questionable whether one can identify him, because using a fake account possibly allows him to remain in deep secrecy.

On the other hand, the logic of their ‘posts’ will enable law enforcement agencies to understand when the next terrorist attack may happen. If it is relatively easy to trace terrorists, it is almost impossible to trace cybercriminals who are engaged in commercial crime.

For example, the identity of ‘spammers’, who are mostly online criminals, is almost impossible to trace. The social media in this case may help to prevent victims from getting into the hands of spammers. Raising awareness is one of the effective methods of preventing spam. There are posts on various social media, including Facebook, LinkedIn and Twitter, containing warnings about the activity of various scammers, not to open emails from unknown sources. These warnings help to make users aware of the dangers of opening ‘spam’. Social media are a locus where awareness campaigns can be conducted on a large scale to reach a wider audience. The law enforcement agencies, in cooperation with social media owners and enthusiasts, can conduct massive campaigns and warn a huge number of users about new threats. They can also launch safe modes or antivirus means to help users detect or to understand whether or not a browser is safe.

It is difficult to deter online crime using social media when it is committed on behalf of law enforcement agencies. For instance, there is a well-known virus called FBI, where the perpetrator pretends to be an FBI agent inviting you to open a spam message or follow its content. For the FBI and other law enforcement agencies, it is feasible to conduct campaigns on the social media where emails coming from another agency should not be regarded as coming from the FBI and should not be opened at any price.

How can the social media be effectively used to detect cybercriminals? The utility of social media is in the fact that it unites not only people to befriend each other, but also people who unite in order to commit crime.

In Nigeria, this may a be very effective tool, because the large number of people using WhatsApp on their phones makes the awareness campaign highly effective by reaching nearly all of the citizens in Nigeria. The difficulty arises when a virus or spam message is sent using a social media site. There was a Trojan virus called SASFIS, which enabled messages coming from Facebook, and induced users to open it. After opening this virus, the whole software was infected.

In Nigeria, many users received the SASFIS file from Facebook and, as a result, this virus infected their software. In this case, if the Nigerian law enforcement agency had cooperated with WhatsApp, this threat would have been prevented. Moreover, Facebook and other social media sites could have introduced a set of tools aiming to prevent spam and viruses appearing or penetrating sites visited by local users in Nigeria.

The Impact of CyberCrime on the Economy

Advancement in ICT no doubt brought with it, unlimited opportunities (particularly internet and financial softwares) for banking institutions in Nigeria. It facilitated ease of transactions and reduced cost for both depositors and the banking institutions. However, it also introduced its own peculiar risks through cybercrimes which have negatively impacted the industry and the economy in no small measure. The threats are enormous to citizens of any nation. Some of the impacts of cybercrime on the Nigerian economy are discussed below:

i.Cybercrime is no doubt providing a dent on Nigeria’s image which remains a crucial source of national embarrassment for the country. The fear of cybercrime has made several persons to avoid the use of ICT. This has a negative impact on the welfare of the citizenry and investors. Confidence in a nation’s financial system could be eroded by activities of cyber criminals. Potential investors and tourists are equally scared and the image of citizens is tainted.

ii.Citizens face reputational risk - in today’s global economy, a nation cannot afford to have its reputation and that of its financial system tarnished by being associated with cybercrime. It becomes a problem for a citizen to engage in meaningful social interaction with the rest of the world when every citizen is perceived as a potential scammer.

The perceived loss of confidence may also affect the country’s developmental progress, as foreign investments find it difficult to flow into the economy. This gives the nation an economic pariah status. The lack of confidence in the banking sector as a result of cybercrime can also be devastating on the economy.

Impact on the financial Services Industry

It is well-known that a buoyant economy thrives on an effective and efficient financial system. Cyber-attacks are usually skewed toward deriving financial gains. Banks, other financial institutions, businesses and individuals bear the losses of such acts. Some economic impacts of cybercrime in Nigeria include:

a.Increases in the operating cost of businesses due to huge expenses incurred on purchase of security software applications to reduce the rate of cyber- attacks.

b.Failure of institutions arising from huge losses from cybercrimes - this could lead to a loss in confidence in the financial institutions and a possible run on them (where banks are involved), with possible contagion effects.

c.Increase in provisions - while loan loss provisions are predictable with some level of recoverability, losses arising from cybercrimes are not predictable; leading to increase in irrecoverable provisions and a consequent depletion of capital for banks and business entities. This could undermine confidence level in the nation’s financial system.

d.Regulators and Supervisors of licensed deposit-taking institutions may be required to use taxpayers’ money to resolve problems arising from cybercrimes. This may be in the form of problematic deposit-taking institutions receiving a lifeline through Prompt Corrective Actions or where institutions (banks) eventually fail, there would be the depletion on the Deposit Insurance Fund (DIF) to pay off depositors. Some of the modes through which cybercrimes are perpetrated in Nigeria include: theft/cloning of customer bank cards; fraudulent transfer or withdrawal of customer funds; hacking of banking software for the transfer of funds; cloning of bank/business websites to deceive customers and sending of emails/text messages requesting for personal information or assistance from unsuspecting individuals. Over the years, Automated Teller Machine (ATM) cards and Web Based (Internet Banking) frauds have contributed significantly to fraud cases in the Nigerian banking system. Table 2 shows the contribution of cybercrimes to total fraud loss in the Nigeria banking system between 2011 and 2016.

Table 2: Contribution of Cybercrime to Total Fraud Loss in the Nigerian Banking Industry (2011 - 2016)

Year

Cybercrime losses(ATM & INTERNET) (N

billion)

Growth rate of cybercrime losses (%) year-on- year

Total Fraud Loss (N billion)

Contribution Of Cyber Crimes To Total Fraud

(%)

2011

0.115

-

4.071

2.82

2012

0.794

590.4

4.516

17.58

2013

2.268

185.6

5.757

39.40

2014

4.438

95.6

6.193

71.66

2015

1.361

-69.3

3.173

42.89

2016

1.058

-22.2

2.4459

43.26

Source: NDIC Annual Report (2011-2016)

The second column shows the actual losses from cybercrime over the years, while the third column depicts the year-on-year growth rate. Beginning from 2015, one can infer the gradual decline in losses from cybercrimes in Nigeria. It declined further in 2016 to 22.2%. That largely reflects the positive performance of agencies such as the EFCC in checking cybercrime. It is also suggestive of the effectiveness of the Nigerian Cybercrime Act, 2015. On the flip side, Table 2 shows that, in recent times, cybercrime losses contribute almost half of the total banking fraud losses reported. In 2011, it was only 2.8%. It increased significantly to 71.6% in 2014 and declined gradually to 43.2% in 2016. A major deduction from this is that, the cyber space is a key channel through which financial fraud is being perpetrated in the Nigerian banking industry. This therefore reiterates our earlier stance that increased efforts should be geared towards curbing this criminal activity.

Strategies for Combating Cybercrime in the Nigerian Economy

Cybercrime has grown rapidly in Nigeria following the introduction of modern telecommunication and broadband technologies. Nigeria was ranked 16th in cyber- attacks vulnerability in Africa in 2016 by Check Point (a cyber-security vendor). The prolific growth can be attributed to the availability of resources as well as the relative ease with which the perpetrators can acquire the skills for committing such crimes. Cyber-attacks will continue to rise as Nigeria becomes increasingly technology-driven, hence, the need for prompt corrective actions to prevent or mitigate them. Combating the threats of cybercrime and attendant reputational challenges has been high over the past decades. Despite the negative threats posed by cybercrimes to businesses, financial institutions, and the country, the advancement of cyber technologies has increased productivity levels and reduced cost of businesses. It is therefore imperative that certain measures are put in place to stem the growing menace. Such efforts would require inputs and active participation of all relevant stakeholders.

Cybercrime cannot be easily and completely eliminated, but can be minimized. To reduce cybercrime to a minimal level in Nigeria, there would be a need for an active collaborative effort between individuals, corporate organizations and the government.

Role of Individuals, Financial Institutions and Businesses

Fighting cybercrime is a huge task. This is because, as technology advances to combat cyber threats, criminals get sophisticated by coming up with novel ways of perpetrating their acts. Government and organizations globally have come up with laudable ways of addressing cyber related crimes, some of which are already being deployed within the shores of Nigeria. These include:

i.The use of robust firewalls to prevent attacks and filter malware or suspicious malicious codes.

ii.Consistent training of IT personnel to monitor and detect unusual traffic/intrusions within the deployed I.T infrastructure.

iii.The enactment of stringent laws and prosecution of individuals in breach of same.

iv.Deployment of secure user access interfaces to ensure that only authorized persons are given access to corporate networks.

v.Frequent updating and upgrading of software and applications to be in line with recent global best practice.

vi.There is the need for effective cooperation and collaboration among banking institutions. For example, when fraudsters use computers or other ICT infrastructure to transfer funds from an individual account, such funds are deposited or moved to an account in another financial institution. The institution involved should cooperate effectively when such fraudulent transfers are detected.

vii.Enhanced Public Awareness

There is the need for adequate public awareness on the activities of fraudsters and consumer education on the usage of critical computer applications. Education is seen as the most vital weapon for literacy. There is the need for regular Seminars and Workshops to be organized from time to time with emphasis on cyber-safety so that individuals will learn to keep their personal information safe. There is the need for proper consumer education on the need to:

a.Observe simple rules such as ensuring the installation and usage of dedicated anti-malware protection/tool on each individuals computer systems, and avoid pirated software.

b.Personal Identification Number (PIN), bank account and email access should never be shared to unknown persons as systems are fraught with security issues. Irrespective of design and sophistication.

c.Confidential information should never be shared/ disclosed to anybody, as no network can 100% guarantee security from malicious hacking.

d.Ignore any unsolicited e-mail or SMS requiring any financial information.

Hassan et al. (2012) noted that, laws to enforce property rights work optimally when owners of property rights take reasonable steps to safeguard their property. Even with enabling laws and enforcement, institutions that operates wide network facilities, should take definite steps to secure their network, information and computer systems from malicious activities of cybercriminals. To achieve some success in reducing the level of cybercrimes in Nigeria, financial institutions and businesses should ensure the following:

a.Frequent user awareness and sensitization of end-users on need to ensure cyber security at all times.

b.Formulation and implementation of policies aimed at deploying and maintaining robust IT infrastructure on which the businesses thrive.

c.Subjection of deployed IT infrastructure to simulated attacks in order to ascertain vulnerabilities with the aim to address them i.e. Vulnerability Assessment and Penetration Testing.

d.The acquisition of insurance cover for losses relating to cybercrimes and attacks.

e.Create a forum for collaboration and sharing information on the nature, perceived origins and frequency of cyber-attacks experienced.

f.Organizing workshops for the purpose of building capacity for public and security operatives on proactive and sustainable ways of countering cyber- crime in Nigeria.