Tuesday 24 September 2013

Nigeria’s Long Drawn Battle Against Cybercrime

The Central Bank of Nigeria reported recently that the Nigerian banking sector lost over N20 billion through internet fraud and the impact on the nation’s cashless policy is significant. With the reported theft of N2 billion from the Union Bank of Nigeria last week by three young undergraduates, Gbenga Oduntan writes that the time is now for the nation to as a matter urgency pass the Hon. Bassey Etim sponsored Cyber Security Bill, 2011 to safeguard banks and their clients’ funds
As Nigerian crimes go by the audacious suspected electronic theft of slightly over N2 billion from the coffers of Union bank Nigeria Plc by three fresh faced undergraduate students of a federal university recently deserves some commentary. While the mischief may be considered new in Nigeria, cyber criminals may have already succeeded in siphoning off between 60 million Euros and 2 billion Euros in fraudulent transfers from at least 60 banks globally, in the last few years according to a leading financial industry study. In Nigeria the CBN reported that banks lost N20billion in 2012 through internet fraud.

The devastating effects of this criminal industry on the nascent modern banking sector in Nigeria are only matched by the apparent unpreparedness of the very institutions that are charged with combating the problem. Bankers, regulators, the Central Bank, police departments, lawyers and even judges appear to have been caught on the wrong foot by the sheer speed and criminal efficiency of the Nigerian chapter of what is known globally as Operation High Roller. They are the new ‘Masters of the Universe’ a term which hitherto referred to the massively overpaid futures and hedge fund traders. At least hedge fund traders pretended to work and had plush registered offices on skyscraper pent houses to show for their legitimacy, the new punters on the other hand are armed with a laptop, sit on an arm chair anywhere within the various metropolises with their elite group of multi- tiered criminal networkers and literally overnight simply siphon off mindboggling amounts of monies from high balance accounts without as much as even caring to know where the banks are located in physical terms.  This astounding feat is possible only because of the wonders of internet banking transactions a modern day convenience made possible by the wonders of banking and globalisation of finance.

The hard hitting effects of cybercrime go beyond the banking industry. Other damaging effects include loss of intellectual property, direct financial loss from cybercrime, loss of sensitive business information (such as negotiating strategies), stock market manipulation, service disruptions, reputational damage to hacked companies, reduced trust online, military security problems and Internet Stalking and Harassment.

The pertinent questions that arise include how can Nigerian law and international law be brought to bear on the issue of cyber-crime in order not only to save bankers and indeed the country embarrassments? Why is it so easy for some of our youths to commit these crimes on the internet with very little risk of pre and post crime detection? How can we bring our law enforcement agencies to speed and improve their capacity and requisite skills to investigate and successfully prosecute these crimes? What positive legal consequences arise from the new Evidence Act especially with its provisions on electronically generated evidence?

Unfortunately Nigeria’s best legislative response to this modern problem is as of now non-existent since it is still in the form of the draft Cyber Security Bill 2011. The proposed bill Sponsored by Hon. Bassey Etim and just at the second reading stage at the lower parliamentary House of Representatives will eventually hopefully provide an effective, unified and comprehensive legal framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria and address international Cooperation. The Bill is far from completion and there is a lack of knowledgeable and committed champions of the Bill, thus, its due passage in good enough time is not certain. Lack of wide stakeholder integration -that old bug bear of Nigerian legislative action is also a problem here. At any rate the private sector is inherently distrustful of government regulation in this area.

In reality we are thus, left with aspects of the entire gamut of Nigerian criminal law which is unwieldy and perhaps outdated. Apart from the provisions of the Criminal Code on stealing, prosecutors must frame their charges from inexact provisions like ‘Obtaining Property by False Pretences’, Cheating, offences relating to posts and telecommunications; treachery and Disclosure of official Secrets or Abstracting Document (for security breaches). Other relevant instruments containing pertinent sections include the Money Laundering Act 1995 and the Advance Fee Fraud and other Related Offences Act. Even the 1999 Constitution of the Federal Republic of Nigeria (as amended) has useful provisions regarding a privacy right which is against illegal computer hacking or online stalking by private or official persons. Furthermore there are the recent institution making laws such as the Independent Corrupt Practices Commission (ICPC) Act 2000and of course the Economic and Financial Crime Commission (EFCC) Act, 2004.Capacity development in these agencies is however, not fast paced and most of them apart from the Police force are less than a decade old.

The new Evidence Act 2011 deserves separate mention. This Act repeals the Evidence Act, Cap. E14, Laws of the Federation of Nigeria, and it applies to all judicial proceedings in or before Courts in Nigeria. The major change here and one which will certainly improve the ability of the prosecution to secure convictions is that for the first time Nigerian law of evidence expressly permits introduction of electronic evidence in court trials and civil cases. Accordingly the Act is replete with provisions on validity of electronic records and even electronic signatures. The new Act, for instance, allows a court to presume that an electronic message forwarded by the originator through an electronic mail server to the addressee to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission: but the court shall not make any presumption as to the person to whom such message was sent.

The general lack of understanding of the peculiarities of cybercrimes and the gross under development of the law, however, persist and this poses serious dangers to the country and its economy. In the very competitive emerging markets’ world, a fit for purpose criminal justice system and up to date, sophisticated system of laws are sine qua non to the attraction of foreign direct investment (FDI). It is safe to say Nigeria would have been doing much better at this stage in terms of attraction of FDI if the much needed positive changes to its legal infrastructure had been handled with better alacrity since its return to civil rule in 1999. It is not difficult therefore, to conclude that the quick completion of a dedicated Cyber law Act is the best way forward for Nigeria.

Cybercrime and cyber security issues are not restricted by geographical boundaries and legal jurisdictions, hence Sections 29 to 34 of the proposed Bill helpfully covers extradition and mutual assistance requests. International developments worthy of mention and which have already been found useful by Nigerian banks in tracing fleeing suspects across the world include the Council of Europe’s Budapest Convention, 2001and the ITU Toolkit on Cyber security Legislation. Advanced common law jurisdictions are particularly relevant to us in Nigeria. In this case attention must be paid to the UK Computer Misuse Act 1990 and the Police and Justice Act 2006 (which covers broader issues than computer crime alone). Nigerian security operatives must indeed pay close attention to UK legislations not only because of their shared legal cultures but because traditionally Nigerians who have stolen much wealth, ranging from internet fraudsters to erstwhile Presidents have an uncanny liking for the supposed pleasures of London and they may often be apprehended or their toxic funds traced there. Example may be made here of Abacha’s stolen wealth which continues to percolate unreturned in British banks.

For similar reasons Nigerian law makers and cyber law practitioners must as well pay attention to the US jurisdiction and its impressive array of laws to combat cybercrimes. US laws in this area include the Communications Assistance for Law Enforcement Act (CALEA); Computer Software Privacy and Control Act; The Digital Millennium Copyright Act (DMCA) 1998; Economic Espionage Act (EEA); Electronic Communications Privacy Act 1986; Electronic Communications Privacy Act (ECPA); Fraudulent Online Identity Sanctions Act (FOISA); Internet Freedom Preservation Act of 2008; National Information Infrastructure Protection Act of 1996; The National Information Infrastructure Act (NIIA) 1996 and the Computer Fraud and Abuse Act and the CAN-SPAM Act. In addition to the formidable security agencies such as the FBI and Homeland Security take lead in investigating high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud. Strategies brought to bear on the problem include - National Cyber Investigative Joint Task Force, Electronic Crimes Task Forces (ECTFs), Cyber Task Forces, Infra Gard: Protecting Infrastructure, Cyber Crime Working Group and Cyber Action Teams.

International cooperation among states is fortunately on the increase. There is in fact a Draft African Union Convention on Cybersecurity in the offing. Latvia in August 2013 agreed to extradite a programmer to the United States to stand trial for his alleged role in a global cyber-theft ring that broke into a million computers. At least one set of Nigerian cyber criminals who defrauded a Nigerian bank to the tone of 400 million Naira have been arrested in Miami, Florida and returned by INTERPOL to Lagos. They have since been sentenced to long sentences and are serving in Kirikiri maximum security prisons.

The problem is however, not legal alone. Banks must maintain permanent 24-hour operations to detect unusual or anomalous activity. Why would Mr. Big outside his established normal behaviour suddenly become a multimillion Naira payee at 3 a.m. on Saturday night? Why would government department X’s account operate payments out with uncharacteristic frequency all of a sudden on a public holiday. Many leading Nigerian banks already have 24 hour contact centres but these are geared usually to help the hapless holiday maker in Dubai whose MasterCard is for some reason not allowing payments. What is recommended here is a dedicated high risk transaction 24-7 situation room equipped to monitor suspicious activity, and other non-transaction activities which take place during online banking sessions. The Nigerian bank customer does have his or her role to play as well. The vast majority of them who accept the option of internet banking must learn to be alert to unexpected changes when performing online banking transactions. Perhaps dedicated sessions to teach the use of computer banking directly to customers should be attempted as part of banking Corporate Social Responsibility (CSR) practice. This task may also be contributed to or funded by the Central bank of Nigeria. The benefits for the entire banking industry of such a scheme are manifest.

As to why young Nigerian internet fraudsters seem to operate with reckless abandon, clearly inadequate legal and regulatory environment alone does not explain all. There are societal factors to be discounted in this enquiry. It is, for instance, instructive that no lesser figure than the country’s President, Goodluck Jonathan recently at the opening of the 54th annual conference of the Nigerian Economic Society, NES, blamed Nigerians for the failure of anti-corruption campaigns, accusing them of aiding and abetting corruption through their actions. A general culture of quiet admiration of the nouveoux riche without any reservation is a fertile ground for the criminally minded. White collar criminals are particularly safe in the knowledge that no one would question unexplained newfound wealth. The justice gap (i.e. number of actual crimes against number of convictions) which exists in most human communities manifests in Nigeria in the form a phenomenal chasm. Hence it is common knowledge that if it can be done then you better attempt it as you can get away with it. Combine that with the near certainty that corruption will frustrate prosecution and/or conviction and it is little wonder that even more Nigerian undergraduates are not horning their skills at white collar crime even before they hit the job market. One of the undergraduates arrested for the Union Bank electronic heist has yielded to the EFCC, furniture worth N10m in a one bedroom apartment in Yaba, Lagos; four vehicles, landed properties in Kano and Kaduna and another four-bedroom duplex worth N45m in Lagos.

The EFCC and police have been deluged in recent years with other similar investigations and many suspects have successfully fled the country. The situation calls for an accelerated treatment of the dedicated cybercrime law. There is already a de facto state of emergency which must be recognised by all stakeholders. Not being a detective myself, I am still compelled to hazard a guess on where to look for the dare devils. One may suggest that defrauded banks should support the Nigerian police in conjunction with INTERPOL to search the white sandy beaches of Miami and the pent house suites of Hilton Paddington in London for their runaway preys?

Dr. Oduntan, a Senior Lecturer in International Commercial Law at the University of Kent, is on Sabbatical at Crescent University, Abeokuta where he is the Acting Dean of Law
Source: ThisDay

No comments:

Post a Comment