After last week’s exclusive story on Nigeria’s foremost hacking group, NaijaCyberHactivists, ARUKAINO UMUKORO completes the series with a story on schools where hacking is taught in Lagos State
The flyer was too good to ignore as it promised a 100 per cent job placement on completion of the course.
On visiting the computer centre, located at Allen Avenue in Ikeja, Lagos, our correspondent learnt that the training cost about N70,000 (for a six-week course) and over N200,000 (for a six-month course) on Information Security and Certified Ethical Hacking.
When he revealed his identity, the instructor declined to speak any further with our correspondent.
Such is the secrecy that surrounds schools where hacking is taught in Lagos State. A minimum of five of such schools are located in Ikeja, a commercial hub of the state.
Most of them claim to teach ethical hacking which experts describe as attacking a system on behalf of the company that owns that system, using the same methods, techniques and tools that are used by malicious hackers, but in a controlled manner with a professional services wrapper around it.
Our correspondent however got lucky when he visited New Horizons Systems Solutions Limited, Ikeja, Lagos, another computer training centre which offers CEH.
Initially, the instructors at the centre were reluctant to talk but after repeated calls and enquiries, SUNDAY PUNCH finally got in touch with the centre’s General Manager, Mr. Sunday Ayandele, via email.
“We are authorised to run CEH by the International Council of Electronic Commerce Consultants,” he explained, but noted there were other “non-authorised training centres running CEH courses illegally and at ridiculous amounts.”
Although there are no background checks on students, Ayandele explained that they were made ‘to sign a form’ as a way of vetting the students who take the CEH course and ensure they do not use it for illegal purposes.
Majority of the students at the hacking schools are young Nigerians who want to improve on their computer knowledge and make ends meet with the knowledge gained, whether ethical, legal or not.
Despite the lack of regulations to effectively police teaching centres, IT experts our correspondent spoke to agreed that even though hacking could be a legitimate endeavour, some use the knowledge for selfish reasons or undue economic benefits.
According to cybercrime statistics, 10.5 per cent of the world’s hackers are from the United Kingdom, 66 per cent are Americans, and 7.5 per cent are Nigerians. While 75 million scam emails are sent every day, claiming 2,000 victims daily with 25 per cent of cybercrime remaining unresolved.
This was why Mr. Toba Obaniyi, Chief Executive Officer of whogohost.com Limited, a Nigerian domain registrar and hosting company, noted that individuals and businesses with online domains should invest more to protect their sites from illegal hacking.
“Some people just build websites without knowing the security measures involved, which makes it so easy for hackers. Hacking can be as simple as someone knowing your password. Every server worldwide gets hits of about 1,000 hacks every day,” he said and advised that people should be more security conscious. “Keep updating your software, Internet security features, use strong passwords and change it frequently, don’t use unsecured networks or public cybercafes to log in confidential information. Hackers keep improving their skills, thereby constantly putting online security experts on their toes,” he noted.
Emmanuel Yusuf, a web designer/developer and owner of www.emblematik.com still remembers how one of his clients’ website was hacked last year.
“What the hacker did was to install a malicious script on every HTML (HyperText Markup Language) and Javascript file on the website. So when visitors get on the website, the script installs a program on their computers and allows easy access to their personal information. It was so terrible,” he said.
It took him two weeks to clean the over 200 files that were affected and another two weeks to delete the malicious script. “The process of sanitising a website after an attack could be tedious and crude but if done very well, the website will be safe again. Web security should be one of the things a web designer/developer must have in mind, especially when developing a dynamic website such as E-commerce site and web portals,” he said.
Beyond websites, phone, emails, social media accounts and other online platforms are also vulnerable to hacking.
“There is another term called ‘phishing,’ the act of tricking somebody to provide information such as usernames, passwords, credit card or bank details – and sometimes, indirectly, money, by masquerading as a trustworthy entity in an electronic communication,” explained Yusuf.
While there are highly skilled hackers who deal with websites, there are others labelled ‘crackers’ or script kiddies,’ who break into someone else’s computer system and intentionally breach computer security.
“Sometimes, we do it by breaking or buying codes online,” an Ikeja-based hacker, who is more involved in phishing, told SUNDAY PUNCH.
Pleading anonymity, he said some of his friends were better hackers than he is.
“One of my friends, who is a very good hacker has relocated to Malaysia. None of them will tell you directly that they know how to do these things, because they are illegal,” he added.
Sometimes, the best hackers don’t even need to use the computer to get privileged information from victims, said Mr. Olorunfemi Lawore, a certified ethical hacker and head of operations, GNT Nigeria, an IT training and consulting firm.
“All they need to do is knock on your inquisitiveness. It’s called social engineering. Kevin Mitnick, one of the best hackers in the world mostly used his mouth, and didn’t fancy using online tools,” he said.
From phishing emails and spams soliciting funds to fraudulent online bank portals, Internet fraud has not only hurt Nigeria’s image and perception abroad, it has also affected businesses in Nigeria, especially those in the IT sector.
“We would get a lot more foreign investors on the Internet and computer business if they know that Nigeria is safe. IT security itself is a self-sustaining economy on its own. Hacking also is the easiest way to steal from us, because apart from the bad name, many Nigerians lose lots of money and intellectual property daily due to hacking,” Lawore added.
There is no doubt that the country’s cyber space is not secure enough, said Mr Michael Oseji, Chief Executive Officer, QuestLogic Limited, an IT firm. “We have a lot of banks and retail outlets doing their transactions online, there are many online shoppers in Nigeria today and yet we don’t have the expertise to secure the cyberspace. The 419 tag does not also help. These may be why the majority of western websites don’t accept credit cards from Nigeria,” he said.
In 2011, at least 2.3 billion people, the equivalent of more than one third of the world’s total population, had access to the Internet. Over 60 per cent of all Internet users are in developing countries, with 45 per cent of all Internet users below the age of 25 years. By the year 2017, it is estimated that mobile broadband subscriptions will approach 70 per cent of the world’s total population. By the year 2020, the number of networked devices will outnumber people by six to one, transforming current conceptions of the Internet, stated the United Nations Office on Drugs and Crime, in its February 2013 (draft) Comprehensive Study on Cybercrime.
The report also stated that “in the hyper-connected world of tomorrow, it will become hard to imagine a ‘computer crime’, and perhaps any crime, that does not involve electronic evidence linked with Internet protocol connectivity.”
Such statistics have lent credence to why industry groups and IT experts in Nigeria are calling for the speedy passage of the much talked about cybercrime bill, which is expected to tackle various offences such as unauthorised access to computers and computer systems (including hacking), as well as procedural issues related to the collection and preservation of evidence, and partnership with international instruments and bodies involved in fighting cyber-crime.
A reliable source at the Computer Crime Prosecution Unit, of the Federal Ministry of Justice, which also advises on cybercrime policies, legislation and forensic issues, informed SUNDAY PUNCH that the bill had not been passed into law because some corrections were being made to the executive bill.
“There was a move to harmonise the several versions of bills before the National Assembly, synchronise the security positions and have one executive bill that would cover all the parts,” the source, who pleaded anonymity said.
Not only should the country have effective laws on cybercrime, the Nigeria Police Force, as well as other security and law enforcement agencies, should expand its capabilities to deal with these issues, noted Lawore.
“So that the bad guys cannot afford to do whatever they want to do and get away with it,” he said.
“When the former Inspector-General of Police, Tafa Balogun, established the Police Computer and Information Technology (training) school, there were very few online sites or blogs then; a lot of websites operating now were not there. So the basic training was on dealing with certain forms of online crime. But now, we are building the capacity of the police to tackle new ones like hacking. Recently, police public relations officers from different states finished a training course on cybercrime and social media. Some Nigerian police officers have also been sent abroad to undergo training on IT forensics. A lot of training is currently going on,” explained Frank Mba, Public Relations Officer of the Nigeria Police Force.
Until the right structures are put in place, the country’s cyberspace and its growing online platforms may remain vulnerable to all forms of online hacking; whether from hackers, crackers or script kiddies.
No comments:
Post a Comment