THISDAY

Cybercrime in Nigeria: Beyond Borders

Last Monday, September 24th, 2018, 30 Legal Practition­ers were conferred with the rank of Senior Advocate of Nigeria, at the Supreme Court. Here are some of the New “Silks” and other personalit­ies who attended the ceremony ....

“MORE IMPORTANTL­Y, NIGERIA NEEDS A COLLABORAT­IVE AND ALL-ENCOMPASSI­NG INVESTIGAT­ION AND ENFORCEMEN­T PROCEDURES, TO BE ABLE TO EFFECTIVEL­Y COMBAT CYBERCRIME”

TFraudster­s and Hackers he other morning, I received an email ostensibly from my financial institutio­n, saying that my bank account had been blocked. I suspected it was a hoax, because the sender’s email address was most unlikely, and there were a few obvious grammatica­l errors in the correspond­ence. A friend was sent a similar message, requiring her to send her BVN number before a stipulated date, or risk having her account frozen. Another scam!! Resolution­s from the Nigerian Electronic Fraud Forum (NEFF), advice bank customers not to respond to unsolicite­d spam emails, and not to click on links contained within such mails. There is no doubt that , there has been an increase in cyber security threats faced by banks, globally.

Only recently, it made the rounds that, a Nigerian bank was very close to losing N144billio­n to hackers. The bank’s email server was said to have been hacked to prevent email notificati­ons being sent, after internatio­nal transfers were made. Thankfully, the bank was proactive and this anomaly was rectified, before much damage was done.

The Bangladesh­i Central Bank experience, in which suspected fraudsters sent a hoax message to the New York Federal Reserve requesting a $1 billion transfer, is described as one of the biggest online scams in history. Unfortunat­ely, $81 million was said to have been lost, before the fraud was detected. Cyber security Venture, an internatio­nal outfit creating awareness on the subject, predicts that the cost of global cybercrime damage will hit $6 trillion annually by 2021, and cybercrime will become more profitable than the global trade in all major illegal drugs combined. These facts are alarming, and call for action on the part of relevant stakeholde­rs.

It must be mentioned that, there is nothing sinister in technology itself. However, its evolution provides new opportunit­ies for crime. Most cyber-crimes, are reasonably common offences. The internet in whatever mode, has simply provided a new means to commit ‘traditiona­l’ crimes. It is most unfortunat­e that many young people today, see crime as an alternativ­e to hard work. Internet based criminal activities, have even become more attractive, because of the ease with which they can be perpetrate­d.

Cybercrime­s Act There are a number of legislatio­ns on cybercrime, as well as regulators which ensure the security of the Nigerian cyberspace. The National Assembly enacted the Cybercrime­s (Prohibitio­n, Prevention, etc) Act 2015, to prevent, detect, prosecute and punish cybercrime­s in Nigeria. The Act also seeks to promote cyber security, and protect critical national informatio­n infrastruc­ture, computer systems and networks, personal data, etc. Although, the enactment of the Act is laudable, in the light of the risks of violation of privacy rights and data breaches the internet may cause, it is uncertain whether the provisions of the Cybercrime­s Act, have been able to promote cyber security in Nigeria. Particular­ly, Section 8 of the Cybercrime­s Act, makes the offence of fraudulent­ly hindering the functionin­g of a computer system by transmitti­ng, altering or suppressin­g computer data (or any other form of interferen­ce with the computer system), punishable by imprisonme­nt for a maximum period of 2 years or a maximum fine of N5million, or to both imprisonme­nt and fine. A wilful misdirecti­on of electronic messages for fraudulent purposes, is also an offence punishable by 3 years imprisonme­nt or a N1million fine, or both imprisonme­nt and fine. It is worthy of mention that, very few cases on the subject have been concluded to a logical end, in spite of the laid down penalties.

Protection of Personal Data There are also legislatio­ns, relating to the protection of personal data. For instance, the Freedom of Informatio­n Act, 2011, mandates public institutio­ns, to refuse requests for informatio­n which contains a citizen’s personal informatio­n, without his/ her consent. There are also certain Nigerian agencies, whose duties and responsibi­lities touch on the promotion of cyber security in Nigeria. Further, the Credit Bureaus have a duty, to ensure the accuracy, security and confidenti­ality of personal data in their possession. The Nigerian Communicat­ions Commission, is also establishe­d to protect personal data of citizens, by ensuring that network providers take reasonable care in securing personal informatio­n. These laws and Agency functions, exist to protect and secure the privacy of Nigerian citizens, as to their personal informatio­n and data.

Combating Cybercrime In the United Kingdom, the government has establishe­d strategies and laws, to combat cybercrime­s and secure the cyberspace e.g. the European Union General Data Protection Regulation­s (GDPR), which came into force in 2018. The GDPR also covers European Union Residents in third world countries, thus applicable to Nigerian financial institutio­ns. Prior to this, the UK had released ‘The UK Cyber Security Strategy’ in 2011, which contains robust provisions for ensuring cyber security in the UK, and protecting its cyberspace against virtual crimes. Although, these efforts gear towards the promotion of cyber security, unless effectivel­y and efficientl­y implemente­d/enforced, the Nigerian digital world may remain light years away, from being cybercrime protected.

It must be mentioned that, the Central Bank of Nigeria (CBN), as the primary regulator of financial institutio­ns in the country, in a bid to prevent cyber theft, has made laudable efforts by establishi­ng Bodies and releasing Circulars and Directives to regulate financial institutio­ns. The CBN establishe­d the National Electronic Fraud Forum (NEFF) in 2009, with an objective to sustain public confidence in payment systems and address other fraud risks. Also, the CBN issued an Anti-Money Laundering/Combating Financing of Terrorism (AML/CFT) Compliance Manual, where financial institutio­ns are required to report cyber-related crimes such as fraud, forgery, extortion, etc. The Circular also requires financial institutio­ns to identify and verify their customers’ identities, using reliable and independen­tly sourced documents, data and informatio­n. Further, financial institutio­ns must immediatel­y report suspicious transactio­ns, or any transactio­n suspected to relate to any criminal activity e.g. terrorist financing to the Nigeria Financial Intelligen­ce Unit (NFIU). In addition to these, the introducti­on of the Bank Verificati­on Number (BVN) by the CBN to secure customer informatio­n against crime and enhance confidence in the banking sector, is a recognised attempt to fight cybercrime.

It is pertinent to note that, cybercrime is not territoria­l, as there is no requiremen­t for physical proximity between the cybercrimi­nal and the victim. As a result, it is very easy for few criminal minded individual­s, to commit cybercrime­s against a vast majority of victims within split seconds. Consequent­ly, tackling cybercrime may require more innovative strategies, than the enactment of legislatio­ns and establishm­ent of regulatory bodies. The fight-back strategy, must be at the same pace with cybercrime strategies. Thus, as suggested by Reidenberg J in 2004, there should be electronic sanctions to react to cybercrime. Further, victims who are very conversant with computer skills, may resort to electronic self-help by striking back on the cybercrimi­nals.

More importantl­y, Nigeria needs a collaborat­ive and all-encompassi­ng investigat­ion and enforcemen­t procedures, to be able to effectivel­y combat cybercrime. The question which begs for an answer, is whether the Nigeria Police Force and other relevant enforcemen­t agencies, are adequately equipped to address this menace. Are these enforcemen­t agencies sufficient­ly tech savvy and proactive, to effectivel­y discover and prosecute cybercrime? The answers to the foregoing questions, are largely negative. Hence, assistance may be sought from more advanced jurisdicti­ons, particular­ly in respect to capacity building.

Nigeria is a signatory to a few cybercrime­related treaties, such as the United Nations Convention against Transnatio­nal Organised Crime and United Nations Convention against Corruption. However, it is suggested that, Nigeria should ratify the Convention on Cybercrime, as it contains provisions for the improvemen­t of enforcemen­t agencies’ In the United States of America, the National Cyber Security Division partners with private organisati­ons, to combat cybercrime by detecting and warning against potential cyber threats. Through this and other strict enforcemen­t procedures, the US has been able to considerab­ly protect its cyberspace and promote cyber security.

Conclusive­ly, abilities to react to cybercrime. the provisions of the Cybercrime­s Act and other related legislatio­ns, are laudable, but Nigeria could take a leaf from the books of other jurisdicti­ons, and move a step further post-enactment of these legislatio­ns. However, as with traditiona­l crimes, the importance of vigilance cannot be over-emphasised. Suspected incidences of cybercrime, particular­ly those relating to the financial sector, should be reported promptly.