The world we are in today is all about Information Technology (IT) because we are in the age of Information Technology and the people with the right information, with proper way of disseminate this information and processing them is considered as the most successful. Information technology is the transfer of information using telecommunication and micro-based computer system. Nowadays, the computer has replaced manual records, and the fraudulent input document has been substituted by manipulating data held in a computer system. This manipulation does not need to be sophisticated. Computers have become the mainstay of business and government processes. Business has been using them for years and in most countries, there are drives towards electronic or joined up government. This is to allow the people to access government services from their desktop in their own home.According to Oxford Advance Learners dictionary (2001), crime is the activities that involve breaking the law or illegal act or activities that can be punished by law. Computer crime has been defined as the act of stealing or misusing the computer hardware or software (Olawepo 1999: 48). The larger the organization, the more they make use of computers for their day-to-day activities and more likely it is that someone is out there to commit a crime. Computer crimes were committed for many reasons, some which are rational, others of which may make no sense to the observer. There are those who will steal under the best of employment circumstances. Other would not steal even if they were the worst treated employees in the world. This is dependent on individual character. Olawepo (1999) observed that it is against the backdrop that management of computerized organizations should address all the energy at disposal, the issue of detection and preventing computer related crimes.
Finally, the growing danger from crimes committed against computers, or against information store on computers, is beginning to claim attention in national capitals. The existing laws are likely to be unenforceable against such crimes in most countries around the world, especially Nigeria. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
OBJECTIVES OF THE PAPER
a. This paper is aimed at highlighting the different type computer crimes and how it can affect Nigeria economy.
b. To let the computer users and the organization have knowledge of computer crime.
c. To discuss the danger of computer crimes to organization in Nigeria.
d. Due to the effect of computer crime, this paper brings about the preventive measure against the perpetrators.
e. To let us know why people commit computer crime.
f. The paper finally discussed and analyzed the case of one example of computer crime called “Cyber Crime”
TYPES OF COMPUTER CRIMES
The following are some of various types of computer crimes:
Data Interception: This type is exclusive to network environment with teleprocessing activities in which the criminal may tap the signal sent to a computer from remote source. One of common example of interception of data in transmission is commonly called hacking.
Data Modification: Alteration, destruction, or erasing of data in the computer, usually done with desire to misallocate money or to cover up management incompetence.
Theft of Software: Taking or copying data, regardless of whether it is protected by other laws, e.g., copyright, privacy, etc. The cause of this may be for profit purpose or for private use.
Network Interference: This is impeding or preventing access for others. The most common example of this action is instigating a Distributed Denial of Service (DDOS) attack, flooding Web sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that have been hacked to obey commands of the perpetrator.
Virus Dissemination: Introduction of software damaging to systems or data it contains.
Aiding and Abetting: Enabling the commission of a cyber crime especially some cyber café operators in Nigeria.
Computer-Related Forgery: Alteration of data with intent to represent as authentic.
Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its misrepresentation.
Misuse of Computer Assets: This is another form of computer crime, although it may be more correctly described as computer abuse. It involves the use of company assets, in this case computers, by employees for non-authorized activities.
Theft of Computer Hardware: There have been occasions where the theft of computer hardware, specifically computer memory chips, made them more valuable than anything. Examples of this are hardware destruction, illegal borrowing of hardware etc.
WHY DO PEOPLE COMMIT COMPUTER CRIME?
Computer is just a machine which cannot on its own has the capacity to perpetrate fraud, it is human being that initiate the act, and in particular by an insider. The most relevant question now is “why do computer users commit computer crime?” The factors that enhance the potential that a company will be the target of theft, fraud, embezzlement, and corruption includes computer crimes are categorized into two:
1. Motivational Factors: These related to the corporate reward system and company policies. The following factors encourage computer crime:
(a) Inadequate rewards; including pay fringe benefits, stock and stock options bonuses, job security, meaningful work, and promotional opportunity.
(b) Failure to control hostility, bias or unfairness generated by promotion or destructive competitiveness among departments, offices, or personnel.
(c) Inadequate security and control measures put in place; or otherwise conscientious employee may be tempted to commit computer crime.
(d) Failure to offer counseling when performance or behaviour fails below acceptable levels.
(e) An uncertain future where a company faces merger, acquisition or failure.
2. Personal-based factors: These related to the character of a particular perpetrator. The following are common problems that become personnel motivations for computer crime:
(a) Greed: An employee with tendency of greedy, manifestations or personal financial problem may decide to defraud his company merchandise.
(b) Crises: Unresolved problems relating to personal status or an employee in a state of acute or crippling financial crises may decide, against better judgment to defraud his company.
(c) Inadequate standard of personnel recruitment and selection.
(d) Inadequate orientation and training on security matters and on sanction for violating security rules.
(e) Blackmail: An employee may be pressurized to commit computer crime by a third party just to blackmail in order to cause several embarrassment or cause irreparable damage.
The 2006 Computer Crime and Security Survey, conducted by the Computer Security Institute in conjunction with the U.S. Federal Bureau of Investigation's International Computer Crime Squad [CSI/FBI 2006] (http://legal.practitional.com/computer-crime/glossary.htm), showed an alarmingly high number of businesses reporting difficulties with computer and Internet fraud. Among the findings: Of the organizations who acknowledged financial losses due to computer breaches, many could not quantify the losses.
· 65% detected computer virus;
· 48% reported between one and five security incidents of the year;
· 42% reported incidents that originated from sources within the organization;
· 32% of the respondents experienced incidents of unauthorized use of their computer systems during the last year;
· 47% reported theft of laptop computers and mobile devices;
In the area of e-commerce: All of the respondents experienced some sort of website incidents:
· 9% said they had experienced theft of proprietary information;
· 6% reported website defacement;
· 9% were victims of financial fraud.
· 3% were victims of sabotage
DISCUSSION AND ANALYSIS OF CYBER CRIME
Cyber crime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime (Moore, 2005). Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
To provide the most reliable picture of different type of crime, the Internet Crime Complaint Center's (IC3) statistics will be used. According to IC3 website (2009), from January 1, 2008 to December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet using computers.
These complaints were composed of many different fraud types such as auction fraud, non-delivery, and credit/debit card fraud as well as non-fraudulent complaints such as computer intrusions, spam/unsolicited e-mail, and child pornography. All of these complaints are accessible to federal, state, and local law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts.
From the submissions, IC3 referred 72,940 complaints of crime to federal, state, and local law enforcement agencies around the country for further consideration. The vast majority of cases was fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar loss from all referred cases of fraud was $264.6 million with a median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2007.
Amount Lost by Selected Fraud Type for Individuals Reporting Monetary Loss:
Complaint Type | Percentage of Reported Total Loss | Of those who reported a loss the Average (median) $ Loss per Complaint |
| Check Fraud | 7.8% | $3,000.00 |
| Confidence Fraud | 14.4% | $2,000.00 |
| Nigerian Letter Fraud | 5.2% | $1,650.00 |
| Computer Fraud | 3.8% | $1,000.00 |
| Non-delivery (merchandise and payment) | 28.6% | $800.00 |
| Auction Fraud | 16.3% | $610.00 |
| Credit/Debit Card Fraud | 4.7% | $223.00 |
Also IC3 observed that among perpetrators,
· 77.4% were male and 50% resided in one of the following states: California, New York, Florida, Texas, District of Columbia, and Washington.
· The majority of reported perpetrators (66.1%) were from the United States; however, a significant number of perpetrators where also located in the United Kingdom , Nigeria , Canada , China, and South Africa.
And among complainants,
- 55.4% were male, nearly half were between the ages of 30 and 50 and one-third resided in one of the four most populated states: California, Florida, Texas, and New York.
- While most were from the United States (92.4%), IC3 received a number of complaints from Canada, United Kingdom, Australia, India, and France.
- Males lost more money than females (ratio of $1.69 dollars lost per male to every $1.00 dollar lost per female). This may be a function of both online purchasing differences by gender and the type of fraudulent schemes by which the individuals were victimized.
- E-mail (74.0%) and web pages (28.9%) were the two primary mechanisms by which the fraudulent contact took place.
LOCATION OF PERPETRATORS
According to IC3 website (2009), in 2008, most scammers operated from the United States. The U.S. still held a huge lead in active internet users then, a gap that has since closed considerably. In 2008, China and the U.S. each have approximately 200 million internet users, and most of the world has grown commensurately. As the user populations have grown abroad, so have their scammer populations. Several countries stand out in 2008 as have disproportionately huge populations of scammers: Nigeria, Romania, the Netherlands and China. Lottery and fake money transfer (AFF) frauds seem to be the specialty of the Nigerians. The United States still leads in Identity Theft and Spoofing frauds.
However, these locations are among the most populous in the country. Controlling for population, the District of Columbia, Nevada, Washington, Montana, Florida, and Delaware have the highest per capita rate of perpetrators in the United States.
Top Ten Countries
- United States 66.1%
- United Kingdom 10.5%
- Nigeria 7.5%
- Canada 3.1%
- China 1.6%
- South Africa 0.7%
- Ghana 0.6%
- Spain 0.6%
- Italy 0.5%
- Romania 0.5%
Perpetrators also have been identified as residing in the United Kingdom, Nigeria, Canada, Romania, and Italy. Inter-state and international boundaries are irrelevant to Internet criminals.
CYBER CRIME IN NIGERIA
According to the above statistics, Nigeria was rated third among other countries. Majority of the cyber crimes perpetrated in Nigeria generally are targeted at individuals and not necessarily computer systems, hence they require less technical expertise. The damage done manifests itself in the real world. Human weaknesses such as greed and gullibility are generally exploited. The damage dealt is largely psychological and financial. These crimes are similar to theft, and the likes that have existed for century’s offline even before the development of high-tech equipment. Through the Internet, the same criminals or persons with criminal intents have simply been given a tool which increases their potential pool of victims and makes them all the harder to trace and apprehend (Aghatise, 2006).
Among categories of fraud identified by Peter & Grace (2001) are fraud committed against a number of individuals through print or electronic media, or by other indirect means. This would include Nigerian advance fee frauds (Smith, Holmes & Kaufmann 1999), share market manipulation, and deceptive advertising or investment solicitations pitched at a relatively large number of prospective victims.
SOME COMMON CYBER CRIMES IN NIGERIA
The following categories of crime are the most common ones in the Nigerian Internet landscape (Long and Chiemeka 2008:134).
(a) Hucksters: The hucksters are characterized by a slow turnaround from harvest to first message (typically at least 1 month), a large number of messages being sent to each harvested spam-trapped addresses, and typical product based Spam (i.e. Spam selling an actual product to be shipped or downloaded even if the product itself is fraudulent). 4 Email addresses are obtained from Internet access points using e-mail address harvesting software (web spiders) such as E-Mail Extractor Lite1.4. These tools can automatically retrieve e-mail addresses from web pages. They are therefore referred to as harvesters.
(b) Fraudsters: The fraudsters are characterized by an almost immediate turnaround from harvest to first message (typically less than 12 hours), only a small number of messages are sent to each harvested addresses (e.g. phishing, “advanced fee fraud”-419 from the Nigerian perspective). Fraudsters often harvest addresses and send only a message to them all at a particular time. The tool for getting addresses is mailing address extractors (Longe & Chiemeke, 2006).
(c) Piracy: Piracy involves the illegal reproduction and distribution of software applications, games, movies and audio CDs. (Longe, 2004). This can be done in a number of ways. Usually pirates buy or copy from the Internet an original version of a software, movie or game and illegally make copies of the software available online for others to download and use without the notification of the original owner of the software, this is known as Internet piracy. Modern day piracy may be less dramatic or exciting but is far subtler and more extensive in terms of the monetary losses the victim faces. This particular form of Cyber crime may be the hardest of all to curb as the common man also seems to be benefiting from it.
(d) Hacking: Young Nigerians can be observed on daily basis engaging in brainstorming sessions at Cybercafés trying to crack security codes for e-commerce, ATM cards and e-marketing product sites. The surprising thing is that even with their low level of education or understanding of the intricacies of computing techniques, they get results! Phishing is also becoming popular as criminals simulate product websites to deceive innocent Internet users into ordering products that are actually non-existent. Phising refer to imitating product and e-commerce web pages in order to defraud unsuspecting users. This method is used mostly to obtain credit card numbers.
MEDIUM FOR PERPETRATING CYBER CRIMES IN NIGERIA
The Cyber criminals apart from the mentality and the strength of their motivations, needs to see the path of crime ahead of him clear of obstacles. If every single individual were to put up obstacles of their own, no matter how small, the crime path will seem to be far less lucrative in the eyes of even the most desperate criminal (Aghatise, 2006). Progress is observable in the fight against Internet pornography (except in few cyber cafes) content filters are downloaded and installed to filter unwanted Internet content (Longe & Longe 2005: 1-7). On the other hand, even in Cybercafés with notices warning against spamming activities, bulk tickets are sold obviously meant for the purpose of sending Spam mails. This is to say that most cyber café in Nigeria are aiding and abetting the perpetrators, some of them do not bother the kind of site the Internet users are doing on the Internet.
SECURITY MEASURES FOR PREVENTING COMPUTER CRIME
1. Computer Access Control
Considering the facts that are various categories of computer related crime, different strategy should be used in controlling them. The following controls may be used to restrict unauthorized people access to sensitive system.
i. Password: The use of password will only allow the authorized users access to the system. The password should be enough so that it will be difficult to guess.
ii. Compartmentalization: This restricts users to specific files and program they have a job related need access. Regular updating is required to conform access to the needs of people moving from responsibility to responsibility within the organization.
iii. Use of Biometrics: These include the use of fingerprints, hand geometry, and voice recognition and so on to restrict access to unauthorized users.
iv. Automatic Logoff: This measure prevents unauthorized access to the system when authorized users failed to logoff.
Random Personal Information checks: This is used in identifying unauthorized login attempts. The system randomly transmits a question that only the authorized individual could answer and denied access unless the right answer is received.
2. Network Access Control
i. Encryption: This can be described as the use of codes to transform original data into a code which can only be deciphered by the software which handles the file. The transform data appears to be nonsense or jargon until the encryption key is applied to the data. Encryption key is a number which enables encrypted data to be decoded. In some cases hardware “key” must be attached to the computer before it can read encrypted files.
ii. Firewall: A firewall allows you to protect your computer from hackers, who often target the IP address ranges used broadband providers. The use of firewalls and similar safeguards prevent unauthorized access through the Internet. Firewalls, however, are only effective when they are properly sited within the company network and, when they are managed properly configured or otherwise not providing the security that users and management expect.
iii. Spy-ware: A spy-ware is a tool used by the cyber café operators to monitor people’s activities while browsing on the Internet. Spy-ware is a tool used for monitoring and gathering information about people and information gather are often used for malicious purpose (Agboola, 2005:1). This will go along way to know if the Internet user is visiting prohibited sites.
PERSPECTIVE ON LEGAL ISSUE
Offenders vary by both criminal act and the jurisdiction. As with any other crimes, the element of a computer-related offense must be established for successful prosecution, not a particular easy task in light of the nature of computer technology. For example, the criminal intent, of a specific computer crime may be difficult to prove. How can an investigator distinguish between a hacker who intentional steals or destroys electronic files and someone who accidentally destroyed files while perusing them?
Similarly, the physical act of a computer-related crime may be demonstrated best by an electronic impulse that, unfortunately, is difficult to define and track, considering that a computer crime can occur in 3 milliseconds. As a result, computer-related crime become easier to perpetrate and more difficult to identify, investigate, and prove.
RECOMMENDATIONS
Some of the suggestions to improve computer security include:
a. The use of more effective policies for security over proprietary information.
b. Implementing better internal accounting controls.
c. Improving interaction between the human resources department, the systems department and corporate security functions.
d. Continuous supervision of those with sensitive access to system.
e. The use of better software security.
f. Implementing better and regular computer audit software.
g. The use of adequate, physical security in the workplace.
CONCLUSION
Most of the recorded computer crimes cases in most organization involve more than individual and virtually all computer crime cases known so far are committed by employer of the organization. Criminals have also adapted the advancements of computer technology to further their own illegal activities. Investigators must know the materials to search and seize the electronic evidences to recover, and the claim of custody to maintain. Without question, law enforcement must be better prepared to deal with many aspects of computer-related crimes and the techno-criminals who commit them. This article is not meant to suggest that programmers or computer users are fraudulent people or criminal but rather to expose us to the computer-related crime and provides ways to prevent them.
REFERENCES
- Agboola O. (2005), Spay-ware: Concept, Danger, and relevance to Business Organization in Nigeria. A paper presented at 1st national Conference on Inter-Disciplinary, at Kwara State Polytechnic, Ilorin.
2. Aghatise, E.J (2006): Cyber crime Definition. Computer Crime Research Center. June 28, 2006. Available online at www.crime-research.org
- Ayeni J. O (1992) Fundamentals of Computing, Lagos, University of Lagos Press.
4. Consumer Fraud Reporting Crime Statistics (2009), Internet Fraud, Scam and Crime Statistics. Available online at http://www.ic3.gov/media/annualreports.aspx
5. David L.C. (2006), Computer Crime Categories: How techno-criminals operate. Retrieved from http://legal.practitional.com/computer-crime/glossary.htm on 25/10/2007.
6. Longe O.B & Longe F.A (2005): The Nigerian Web Content: Combating the Pornographic Malaise Using Content Filters. Journal of Information Technology Impact, Vol. 5, No. 2, pp. 59-64, 2005
- longe, O.B and Chiemeke, S.C (2008) Cyber Crime and Criminality in Nigeria – What Roles are Internet Access Points in Playing? European Journal of Social Sciences – Volume 6, Number 4(2008)
8. Longe, O.B.& Chiemeke, S.C. (2006): The Design and Implementation of An E-Mail Encryptor for Combating Internet Spam. Proceedings of the Ist International Conference of the International Institute of Mathematics and Computer Sciences. Pp 1 – 7. Covenant University, Ota, Nigeria. June, 2006
9. Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing.
10. Olawepo G.T (1999) Computer Installation Management, Ilorin, Litbort publisher.
11. Peter, G & Grace, D. (2001): Red Flags of Fraud. Trends and Issues in Crime and Criminal Justice, no. 200, Australian Institute of Criminology, Canberra. Available online at http://www.aic.gov.au.
12. Raji A.K and Abiodun E.T (2009), File organization and management, Ilorin, Rafmik International Limited.
13. Sams Nell (2002), Teach yourself the Internet in 24 hours, Sams Publisher.
14. Smith, R.G., Holmes, M.N. & Kaufmann, P. (1999): Nigerian advance fee fraud. Trends and Issues in Crime and Criminal Justice, No. 121. Australian Institute of Criminology, Canberra. Available online t http://www.aic.gov.au
- Wall, D.S. (2007) Cybercrimes: The transformation of crime in the information age, Cambridge: Polity.
- Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online, Routledge, London.
No comments:
Post a Comment
leave your opinion