Computer Crimes: Control, Prevention, and Detection

to Organizations in Nigeria

By

Raji, Ayodele Kamaldeen

Department of Computer Science, Kwara State Polytechnic, Ilorin.
080-38020843
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

ABSTRACT

The last half century or more witness some major progress in the development of various
technologies in almost all areas of human endeavour in both developed and developing countries.
Specifically, Information Technology has advanced so well that almost everyone anywhere uses
computers for their day-to-day activities. Today's computers are becoming more powerful, smaller,
cheaper, and more user-friendly as technology improves. As they have improved, computers have
proliferated in our society, our businesses, and our personal lives. Most modern businesses and
governments depend on their computer systems to support their operations, from personnel files to
financial management. In addition, computers played an important role in computational research
such as Bio-Informatics, Differential Calculus, and Evolutionary Genetics. In today's environment,
most businesses and government processes could not survive without the computer-especially e-
mail or totally web-based businesses. However, an organization that uses computer for its daily
transactions is liable to be the target of computer crimes. This article evaluates the concepts of
computer crimes, detection and the controls. An understanding of various types of computer-related
crimes is given. The paper finally exposed us to dangers it poses to organizations, factors that
encourage it, and recommending possible controls and preventive measures against computer
crimes.

2
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

INTRODUCTION

The world we are in today is all about Information Technology (IT) because we are in the age of
Information Technology and the people with the right information, with proper way of disseminate
this information and processing them is considered as the most successful. Information technology
is the transfer of information using telecommunication and micro-based computer system.
Nowadays, the computer has replaced manual records, and the fraudulent input document has been
substituted by manipulating data held in a computer system. This manipulation does not need to be
sophisticated. Computers have become the mainstay of business and government processes.
Business has been using them for years and in most countries, there are drives towards electronic or
joined up government. This is to allow the people to access government services from their desktop
in their own home.

According to Oxford Advance Learners dictionary (2001), crime is the activities that involve
breaking the law or illegal act or activities that can be punished by law. Computer crime has been
defined as the act of stealing or misusing the computer hardware or software (Olawepo 1999: 48).
The larger the organization, the more they make use of computers for their day-to-day activities and
more likely it is that someone is out there to commit a crime. Computer crimes were committed for
many reasons, some which are rational, others of which may make no sense to the observer. There
are those who will steal under the best of employment circumstances. Other would not steal even if
they were the worst treated employees in the world. This is dependent on individual character.
Olawepo (1999) observed that it is against the backdrop that management of computerized
organizations should address all the energy at disposal, the issue of detection and preventing
computer related crimes.

Finally, the growing danger from crimes committed against computers, or against information store
on computers, is beginning to claim attention in national capitals. The existing laws are likely to be
unenforceable against such crimes in most countries around the world, especially Nigeria. This lack
of legal protection means that businesses and governments must rely solely on technical measures
to protect themselves from those who would steal, deny access to, or destroy valuable information.

3
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

KEYWORDS

Cyber crime, Fraudster, Hacker, Hucksters, Nigeria, Crime, 419

OBJECTIVES OF THE PAPER

a. This paper is aimed at highlighting the different type computer crimes and how it can affect
Nigeria economy.
b. To let the computer users and the organization have knowledge of computer crime.
c. To discuss the danger of computer crimes to organization in Nigeria.
d. Due to the effect of computer crime, this paper brings about the preventive measure against
the perpetrators.
e. To let us know why people commit computer crime.
f. The paper finally discussed and analyzed the case of one example of computer crime called
“Cyber Crime”

TYPES OF COMPUTER CRIMES

The following are some of various types of computer crimes:

Data Interception: This type is exclusive to network environment with teleprocessing activities in
which the criminal may tap the signal sent to a computer from remote source. One of common
example of interception of data in transmission is commonly called hacking.

Data Modification: Alteration, destruction, or erasing of data in the computer, usually done with
desire to misallocate money or to cover up management incompetence.

Theft of Software: Taking or copying data, regardless of whether it is protected by other laws, e.g.,
copyright, privacy, etc. The cause of this may be for profit purpose or for private use.

Network Interference: This is impeding or preventing access for others. The most common
example of this action is instigating a Distributed Denial of Service (DDOS) attack, flooding Web
sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that
have been hacked to obey commands of the perpetrator.

4
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

Virus Dissemination: Introduction of software damaging to systems or data it contains.

Aiding and Abetting: Enabling the commission of a cyber crime especially some cyber café
operators in Nigeria.

Computer-Related Forgery: Alteration of data with intent to represent as authentic.

Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its
misrepresentation.

Misuse of Computer Assets: This is another form of computer crime, although it may be
more correctly described as computer abuse. It involves the use of company assets, in this
case computers, by employees for non-authorized activities.

Theft of Computer Hardware: There have been occasions where the theft of computer hardware,
specifically computer memory chips, made them more valuable than anything. Examples of
this are hardware destruction, illegal borrowing of hardware etc.

WHY DO PEOPLE COMMIT COMPUTER CRIME?

Computer is just a machine which cannot on its own has the capacity to perpetrate fraud, it is human
being that initiate the act, and in particular by an insider. The most relevant question now is
“why do computer users commit computer crime?” The factors that enhance the potential
that a company will be the target of theft, fraud, embezzlement, and corruption includes
computer crimes are categorized into two:

1. Motivational Factors: These related to the corporate reward system and company policies.
The following factors encourage computer crime:

(a) Inadequate rewards; including pay fringe benefits, stock and stock options bonuses,
job security, meaningful work, and promotional opportunity.

(b) Failure to control hostility, bias or unfairness generated by promotion or destructive

competitiveness among departments, offices, or personnel.

5
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

(c) Inadequate security and control measures put in place; or otherwise conscientious
employee may be tempted to commit computer crime.

(d) Failure to offer counseling when performance or behaviour fails below acceptable
levels.

(e) An uncertain future where a company faces merger, acquisition or failure.

2. Personal-based factors: These related to the character of a particular perpetrator. The

following are common problems that become personnel motivations for computer crime:

(a) Greed: An employee with tendency of greedy, manifestations or personal

financial problem may decide to defraud his company merchandise.

(b) Crises: Unresolved problems relating to personal status or an employee in a

state of acute or crippling financial crises may decide, against better judgment to
defraud his company.

(c) Inadequate standard of personnel recruitment and selection.

(d) Inadequate orientation and training on security matters and on sanction for violating
security rules.

(e) Blackmail: An employee may be pressurized to commit computer crime by a

third party just to blackmail in order to cause several embarrassment or cause
irreparable damage.

The 2006 Computer Crime and Security Survey, conducted by the Computer Security Institute in
conjunction with the U.S. Federal Bureau of Investigation's International Computer Crime Squad
[CSI/FBI 2006] (http://legal.practitional.com/computer-crime/glossary.htm), showed an alarmingly
high number of businesses reporting difficulties with computer and Internet fraud. Among the
findings: Of the organizations who acknowledged financial losses due to computer breaches, many
could not quantify the losses.

• 65% detected computer virus;

6
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

• 48% reported between one and five security incidents of the year;

• 42% reported incidents that originated from sources within the organization;

• 32% of the respondents experienced incidents of unauthorized use of their computer systems
during the last year;

• 47% reported theft of laptop computers and mobile devices;

In the area of e-commerce: All of the respondents experienced some sort of website incidents:

• 9% said they had experienced theft of proprietary information;

• 6% reported website defacement;

• 9% were victims of financial fraud.

• 3% were victims of sabotage

DISCUSSION AND ANALYSIS OF CYBER CRIME

Cyber crime refers to any crime that involves a computer and a network, where the computers may
or may not have played an instrumental part in the commission of a crime (Moore, 2005). Issues
surrounding this type of crime have become high-profile, particularly those surrounding hacking,
copyright infringement, child pornography, and child grooming. There are also problems of privacy
when confidential information is lost or intercepted, lawfully or otherwise.

To provide the most reliable picture of different type of crime, the Internet Crime Complaint
Center's (IC3) statistics will be used. According to IC3 website (2009), from January 1, 2008 to
December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%)
increase when compared to 2007 when 206,884 complaints were received. These filings were
composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet
using computers.

These complaints were composed of many different fraud types such as auction fraud, non-delivery,
and credit/debit card fraud as well as non-fraudulent complaints such as computer intrusions,
spam/unsolicited e-mail, and child pornography. All of these complaints are accessible to federal,

7
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

state, and local law enforcement to support active investigations, trend analysis, and public outreach
and awareness efforts.

From the submissions, IC3 referred 72,940 complaints of crime to federal, state, and local law
enforcement agencies around the country for further consideration. The vast majority of cases was
fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar
loss from all referred cases of fraud was $264.6 million with a median dollar loss of $931.00 per
complaint. This is up from $239.1 million in total reported losses in 2007.

Extracted from http://www.consumerfraudreporting.org/Scammers_caught.php

From the above chart, the following were discovered:

• Non-delivered merchandise and/or payment were, by far, the most reported offense,
comprising 32.9% of referred complaints.
• Internet auction fraud accounted for 25.5% of referred complaints.
• Credit/debit card fraud made up 9.0% of referred complaints.
• Confidence fraud ("con men"), computer fraud, check fraud, and Nigerian letter fraud
(Also called "Advance Fee Fraud" or AFF or 419) round out the top seven categories of
complaints referred to law enforcement during the year.

Of those complaints reporting a dollar loss, the highest median losses were found among:

8
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

• check fraud ($3,000),

• confidence fraud ($2,000),
• Nigerian (west African, 419, Advance Fee) letter fraud ($1,650)

Amount Lost by Selected Fraud Type for Individuals Reporting Monetary Loss:

Complaint Type Percentage of Of those who reported a loss the

Reported Total Loss Average (median) $ Loss per Complaint

Check Fraud 7.8% $3,000.00

Confidence Fraud 14.4% $2,000.00

Nigerian Letter Fraud 5.2% $1,650.00

Computer Fraud 3.8% $1,000.00

Non-delivery (merchandise 28.6% $800.00

and payment)

Auction Fraud 16.3% $610.00

Credit/Debit Card Fraud 4.7% $223.00

Also IC3 observed that among perpetrators,

• 77.4% were male and 50% resided in one of the following states: California, New York,
Florida, Texas, District of Columbia, and Washington.
• The majority of reported perpetrators (66.1%) were from the United States; however, a
significant number of perpetrators where also located in the United Kingdom , Nigeria ,
Canada , China, and South Africa.

And among complainants,

• 55.4% were male, nearly half were between the ages of 30 and 50 and one-third resided in
one of the four most populated states: California, Florida, Texas, and New York.
• While most were from the United States (92.4%), IC3 received a number of complaints from
Canada, United Kingdom, Australia, India, and France.

9
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

• Males lost more money than females (ratio of $1.69 dollars lost per male to every $1.00
dollar lost per female). This may be a function of both online purchasing differences by
gender and the type of fraudulent schemes by which the individuals were victimized.
• E-mail (74.0%) and web pages (28.9%) were the two primary mechanisms by which the
fraudulent contact took place.

Visit IC3 webpage on statistics (http://www.ic3.gov/media/annualreports.aspx) for detail

information.

LOCATION OF PERPETRATORS

According to IC3 website (2009), in 2008, most scammers operated from the United States. The
U.S. still held a huge lead in active internet users then, a gap that has since closed considerably. In
2008, China and the U.S. each have approximately 200 million internet users, and most of the world
has grown commensurately. As the user populations have grown abroad, so have their scammer
populations. Several countries stand out in 2008 as have disproportionately huge populations of
scammers: Nigeria, Romania, the Netherlands and China. Lottery and fake money transfer (AFF)
frauds seem to be the specialty of the Nigerians. The United States still leads in Identity Theft and
Spoofing frauds.

However, these locations are among the most populous in the country. Controlling for population,
the District of Columbia, Nevada, Washington, Montana, Florida, and Delaware have the highest
per capita rate of perpetrators in the United States.

10
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

Top Ten Countries

1. United States 66.1%

2. United Kingdom 10.5%
3. Nigeria 7.5%
4. Canada 3.1%
5. China 1.6%
6. South Africa 0.7%
7. Ghana 0.6%
8. Spain 0.6%
9. Italy 0.5%
10. Romania 0.5%

Perpetrators also have been identified as residing in the United Kingdom, Nigeria, Canada,
Romania, and Italy. Inter-state and international boundaries are irrelevant to Internet criminals.

CYBER CRIME IN NIGERIA

According to the above statistics, Nigeria was rated third among other countries. Majority of the
cyber crimes perpetrated in Nigeria generally are targeted at individuals and not necessarily
computer systems, hence they require less technical expertise. The damage done manifests itself in
the real world. Human weaknesses such as greed and gullibility are generally exploited. The
damage dealt is largely psychological and financial. These crimes are similar to theft, and the likes
that have existed for century’s offline even before the development of high-tech equipment.
Through the Internet, the same criminals or persons with criminal intents have simply been given a
tool which increases their potential pool of victims and makes them all the harder to trace and
apprehend (Aghatise, 2006).

Among categories of fraud identified by Peter & Grace (2001) are fraud committed against a
number of individuals through print or electronic media, or by other indirect means. This would
include Nigerian advance fee frauds (Smith, Holmes & Kaufmann 1999), share market
manipulation, and deceptive advertising or investment solicitations pitched at a relatively large
number of prospective victims.

11
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

SOME COMMON CYBER CRIMES IN NIGERIA

The following categories of crime are the most common ones in the Nigerian Internet landscape
(Long and Chiemeka 2008:134).

(a) Hucksters: The hucksters are characterized by a slow turnaround from harvest to first message
(typically at least 1 month), a large number of messages being sent to each harvested spam-trapped
addresses, and typical product based Spam (i.e. Spam selling an actual product to be shipped or
downloaded even if the product itself is fraudulent). 4 Email addresses are obtained from Internet
access points using e-mail address harvesting software (web spiders) such as E-Mail Extractor
Lite1.4. These tools can automatically retrieve e-mail addresses from web pages. They are therefore
referred to as harvesters.

(b) Fraudsters: The fraudsters are characterized by an almost immediate turnaround from harvest
to first message (typically less than 12 hours), only a small number of messages are sent to each
harvested addresses (e.g. phishing, “advanced fee fraud”-419 from the Nigerian perspective).
Fraudsters often harvest addresses and send only a message to them all at a particular time. The tool
for getting addresses is mailing address extractors (Longe & Chiemeke, 2006).

(c) Piracy: Piracy involves the illegal reproduction and distribution of software applications,
games, movies and audio CDs. (Longe, 2004). This can be done in a number of ways. Usually
pirates buy or copy from the Internet an original version of a software, movie or game and illegally
make copies of the software available online for others to download and use without the notification
of the original owner of the software, this is known as Internet piracy. Modern day piracy may be
less dramatic or exciting but is far subtler and more extensive in terms of the monetary losses the
victim faces. This particular form of Cyber crime may be the hardest of all to curb as the common
man also seems to be benefiting from it.

(d) Hacking: Young Nigerians can be observed on daily basis engaging in brainstorming sessions
at Cybercafés trying to crack security codes for e-commerce, ATM cards and e-marketing product
sites. The surprising thing is that even with their low level of education or understanding of the
intricacies of computing techniques, they get results! Phishing is also becoming popular as
criminals simulate product websites to deceive innocent Internet users into ordering products that

12
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

are actually non-existent. Phising refer to imitating product and e-commerce web pages in order to
defraud unsuspecting users. This method is used mostly to obtain credit card numbers.

13
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

MEDIUM FOR PERPETRATING CYBER CRIMES IN NIGERIA

The Cyber criminals apart from the mentality and the strength of their motivations, needs to see the
path of crime ahead of him clear of obstacles. If every single individual were to put up obstacles of
their own, no matter how small, the crime path will seem to be far less lucrative in the eyes of even
the most desperate criminal (Aghatise, 2006). Progress is observable in the fight against Internet
pornography (except in few cyber cafes) content filters are downloaded and installed to filter
unwanted Internet content (Longe & Longe 2005: 1-7). On the other hand, even in Cybercafés with
notices warning against spamming activities, bulk tickets are sold obviously meant for the purpose
of sending Spam mails. This is to say that most cyber café in Nigeria are aiding and abetting the
perpetrators, some of them do not bother the kind of site the Internet users are doing on the Internet.

SECURITY MEASURES FOR PREVENTING COMPUTER CRIME

1. Computer Access Control

Considering the facts that are various categories of computer related crime, different strategy should
be used in controlling them. The following controls may be used to restrict unauthorized
people access to sensitive system.

i. Password: The use of password will only allow the authorized users access to the
system. The password should be enough so that it will be difficult to guess.

ii. Compartmentalization: This restricts users to specific files and program they have a
job related need access. Regular updating is required to conform access to the needs of
people moving from responsibility to responsibility within the organization.

iii. Use of Biometrics: These include the use of fingerprints, hand geometry, and voice
recognition and so on to restrict access to unauthorized users.

iv. Automatic Logoff: This measure prevents unauthorized access to the system when
authorized users failed to logoff.

14
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

v. Random Personal Information checks: This is used in identifying unauthorized login

attempts. The system randomly transmits a question that only the authorized individual
could answer and denied access unless the right answer is received.

2. Network Access Control

i. Encryption: This can be described as the use of codes to transform original data into a
code which can only be deciphered by the software which handles the file. The transform
data appears to be nonsense or jargon until the encryption key is applied to the data.
Encryption key is a number which enables encrypted data to be decoded. In some cases
hardware “key” must be attached to the computer before it can read encrypted files.

ii. Firewall: A firewall allows you to protect your computer from hackers, who often
target the IP address ranges used broadband providers. The use of firewalls and similar
safeguards prevent unauthorized access through the Internet. Firewalls, however, are only
effective when they are properly sited within the company network and, when they are
managed properly configured or otherwise not providing the security that users and
management expect.

iii. Spy-ware: A spy-ware is a tool used by the cyber café operators to monitor people’s
activities while browsing on the Internet. Spy-ware is a tool used for monitoring and
gathering information about people and information gather are often used for malicious
purpose (Agboola, 2005:1). This will go along way to know if the Internet user is visiting
prohibited sites.

PERSPECTIVE ON LEGAL ISSUE

Offenders vary by both criminal act and the jurisdiction. As with any other crimes, the element of a
computer-related offense must be established for successful prosecution, not a particular
easy task in light of the nature of computer technology. For example, the criminal intent, of
a specific computer crime may be difficult to prove. How can an investigator distinguish
between a hacker who intentional steals or destroys electronic files and someone who
accidentally destroyed files while perusing them?

15
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

Similarly, the physical act of a computer-related crime may be demonstrated best by an electronic
impulse that, unfortunately, is difficult to define and track, considering that a computer
crime can occur in 3 milliseconds. As a result, computer-related crime become easier to
perpetrate and more difficult to identify, investigate, and prove.

RECOMMENDATIONS

Some of the suggestions to improve computer security include:

a. The use of more effective policies for security over proprietary information.

b. Implementing better internal accounting controls.

c. Improving interaction between the human resources department, the systems department and
corporate security functions.

d. Continuous supervision of those with sensitive access to system.

e. The use of better software security.

f. Implementing better and regular computer audit software.

g. The use of adequate, physical security in the workplace.

CONCLUSION

Most of the recorded computer crimes cases in most organization involve more than individual and
virtually all computer crime cases known so far are committed by employer of the
organization. Criminals have also adapted the advancements of computer technology to
further their own illegal activities. Investigators must know the materials to search and seize
the electronic evidences to recover, and the claim of custody to maintain. Without question,
law enforcement must be better prepared to deal with many aspects of computer-related
crimes and the techno-criminals who commit them. This article is not meant to suggest that
programmers or computer users are fraudulent people or criminal but rather to expose us to
the computer-related crime and provides ways to prevent them.

16
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

REFERENCES

1. Agboola O. (2005), Spay-ware: Concept, Danger, and relevance to Business Organization in

Nigeria. A paper presented at 1st national Conference on Inter-Disciplinary, at Kwara State
Polytechnic, Ilorin.
Aghatise, E.J (2006): Cyber crime Definition. Computer Crime Research Center. June 28, 2006.
Available online at www.crime-research.org
2. Ayeni J. O (1992) Fundamentals of Computing, Lagos, University of Lagos Press.
Consumer Fraud Reporting Crime Statistics (2009), Internet Fraud, Scam and Crime Statistics.
Available online at http://www.ic3.gov/media/annualreports.aspx
David L.C. (2006), Computer Crime Categories: How techno-criminals operate. Retrieved from
http://legal.practitional.com/computer-crime/glossary.htm on 25/10/2007.
Longe O.B & Longe F.A (2005): The Nigerian Web Content: Combating the Pornographic Malaise
Using Content Filters. Journal of Information Technology Impact, Vol. 5, No. 2, pp. 59-64,
2005
3. longe, O.B and Chiemeke, S.C (2008) Cyber Crime and Criminality in Nigeria – What
Roles are Internet Access Points in Playing? European Journal of Social Sciences – Volume
6, Number 4(2008)
Longe, O.B.& Chiemeke, S.C. (2006): The Design and Implementation of An E-Mail Encryptor for
Combating Internet Spam. Proceedings of the Ist International Conference of the
International Institute of Mathematics and Computer Sciences. Pp 1 – 7. Covenant
University, Ota, Nigeria. June, 2006
Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland,
Mississippi: Anderson Publishing.
Olawepo G.T (1999) Computer Installation Management, Ilorin, Litbort publisher.
Peter, G & Grace, D. (2001): Red Flags of Fraud. Trends and Issues in Crime and Criminal Justice,
no. 200, Australian Institute of Criminology, Canberra. Available online at
http://www.aic.gov.au.
Raji A.K and Abiodun E.T (2009), File organization and management, Ilorin, Rafmik International
Limited.
Sams Nell (2002), Teach yourself the Internet in 24 hours, Sams Publisher.

17
 Computer Crimes: Control, Prevention, and Detection to Organizations in Nigeria

Smith, R.G., Holmes, M.N. & Kaufmann, P. (1999): Nigerian advance fee fraud. Trends and Issues
in Crime and Criminal Justice, No. 121. Australian Institute of Criminology, Canberra.
Available online t http://www.aic.gov.au
4. Wall, D.S. (2007) Cybercrimes: The transformation of crime in the information age,
Cambridge: Polity.
5. Williams, M. (2006) Virtually Criminal: Crime, Deviance and Regulation Online,
Routledge, London.

17. Tedd Avey (2006), Controls for Preventing and Detecting for Computer Crime. Available
online at http://antifraud.aicpa.org/resources/Auditors. retrieved on 25/10/2007.

18. http://nsi.org/library/compsec/crimecom.html

18