After last week’s exclusive story on
Nigeria’s foremost hacking group, NaijaCyberHactivists, ARUKAINO UMUKORO
completes the series with a story on schools where hacking is taught in
Lagos State
The flyer was too good to ignore as it promised a 100 per cent job placement on completion of the course.
On visiting the computer centre, located
at Allen Avenue in Ikeja, Lagos, our correspondent learnt that the
training cost about N70,000 (for a six-week course) and over N200,000
(for a six-month course) on Information Security and Certified Ethical
Hacking.
When he revealed his identity, the instructor declined to speak any further with our correspondent.
Such is the secrecy that surrounds
schools where hacking is taught in Lagos State. A minimum of five of
such schools are located in Ikeja, a commercial hub of the state.
Most of them claim to teach ethical
hacking which experts describe as attacking a system on behalf of the
company that owns that system, using the same methods, techniques and
tools that are used by malicious hackers, but in a controlled manner
with a professional services wrapper around it.
Continue after the cut...
Our correspondent however got lucky when
he visited New Horizons Systems Solutions Limited, Ikeja, Lagos,
another computer training centre which offers CEH.
Initially, the instructors at the centre were reluctant to talk but after repeated calls and enquiries, SUNDAY PUNCH finally got in touch with the centre’s General Manager, Mr. Sunday Ayandele, via email.
“We are authorised to run CEH by the
International Council of Electronic Commerce Consultants,” he explained,
but noted there were other “non-authorised training centres running CEH
courses illegally and at ridiculous amounts.”
Although there are no background checks
on students, Ayandele explained that they were made ‘to sign a form’ as a
way of vetting the students who take the CEH course and ensure they do
not use it for illegal purposes.
Majority of the students at the hacking
schools are young Nigerians who want to improve on their computer
knowledge and make ends meet with the knowledge gained, whether
ethical, legal or not.
Despite the lack of regulations to
effectively police teaching centres, IT experts our correspondent spoke
to agreed that even though hacking could be a legitimate endeavour, some
use the knowledge for selfish reasons or undue economic benefits.
According to cybercrime statistics,
10.5 per cent of the world’s hackers are from the United Kingdom, 66
per cent are Americans, and 7.5 per cent are Nigerians. While 75 million
scam emails are sent every day, claiming 2,000 victims daily with 25
per cent of cybercrime remaining unresolved.
This was why Mr. Toba Obaniyi, Chief Executive Officer of whogohost.com Limited,
a Nigerian domain registrar and hosting company, noted that individuals
and businesses with online domains should invest more to protect their
sites from illegal hacking.
“Some people just build websites without
knowing the security measures involved, which makes it so easy for
hackers. Hacking can be as simple as someone knowing your password.
Every server worldwide gets hits of about 1,000 hacks every day,” he
said and advised that people should be more security conscious. “Keep
updating your software, Internet security features, use strong passwords
and change it frequently, don’t use unsecured networks or public
cybercafes to log in confidential information. Hackers keep improving
their skills, thereby constantly putting online security experts on
their toes,” he noted.
Emmanuel Yusuf, a web designer/developer and owner of www.emblematik.com still remembers how one of his clients’ website was hacked last year.
“What the hacker did was to install a
malicious script on every HTML (HyperText Markup Language) and
Javascript file on the website. So when visitors get on the website, the
script installs a program on their computers and allows easy access to
their personal information. It was so terrible,” he said.
It took him two weeks to clean the over
200 files that were affected and another two weeks to delete the
malicious script. “The process of sanitising a website after an attack
could be tedious and crude but if done very well, the website will be
safe again. Web security should be one of the things a web
designer/developer must have in mind, especially when developing a
dynamic website such as E-commerce site and web portals,” he said.
Beyond websites, phone, emails, social media accounts and other online platforms are also vulnerable to hacking.
“There is another term called
‘phishing,’ the act of tricking somebody to provide information such as
usernames, passwords, credit card or bank details – and sometimes,
indirectly, money, by masquerading as a trustworthy entity in an
electronic communication,” explained Yusuf.
While there are highly skilled hackers
who deal with websites, there are others labelled ‘crackers’ or script
kiddies,’ who break into someone else’s computer system and
intentionally breach computer security.
“Sometimes, we do it by breaking or buying codes online,” an Ikeja-based hacker, who is more involved in phishing, told SUNDAY PUNCH.
Pleading anonymity, he said some of his friends were better hackers than he is.
“One of my friends, who is a very good
hacker has relocated to Malaysia. None of them will tell you directly
that they know how to do these things, because they are illegal,” he
added.
Sometimes, the best hackers don’t even
need to use the computer to get privileged information from victims,
said Mr. Olorunfemi Lawore, a certified ethical hacker and head of
operations, GNT Nigeria, an IT training and consulting firm.
“All they need to do is knock on your
inquisitiveness. It’s called social engineering. Kevin Mitnick, one of
the best hackers in the world mostly used his mouth, and didn’t fancy
using online tools,” he said.
From phishing emails and spams
soliciting funds to fraudulent online bank portals, Internet fraud has
not only hurt Nigeria’s image and perception abroad, it has also
affected businesses in Nigeria, especially those in the IT sector.
“We would get a lot more foreign
investors on the Internet and computer business if they know that
Nigeria is safe. IT security itself is a self-sustaining economy on its
own. Hacking also is the easiest way to steal from us, because apart
from the bad name, many Nigerians lose lots of money and intellectual
property daily due to hacking,” Lawore added.
There is no doubt that the country’s
cyber space is not secure enough, said Mr Michael Oseji, Chief Executive
Officer, QuestLogic Limited, an IT firm. “We have a lot of banks and
retail outlets doing their transactions online, there are many online
shoppers in Nigeria today and yet we don’t have the expertise to secure
the cyberspace. The 419 tag does not also help. These may be why the
majority of western websites don’t accept credit cards from Nigeria,” he
said.
In 2011, at least 2.3 billion people,
the equivalent of more than one third of the world’s total population,
had access to the Internet. Over 60 per cent of all Internet users are
in developing countries, with 45 per cent of all Internet users below
the age of 25 years. By the year 2017, it is estimated that mobile
broadband subscriptions will approach 70 per cent of the world’s total
population. By the year 2020, the number of networked devices will
outnumber people by six to one, transforming current conceptions of the
Internet, stated the United Nations Office on Drugs and Crime, in its
February 2013 (draft) Comprehensive Study on Cybercrime.
The report also stated that “in the
hyper-connected world of tomorrow, it will become hard to imagine a
‘computer crime’, and perhaps any crime, that does not involve
electronic evidence linked with Internet protocol connectivity.”
Such statistics have lent credence to
why industry groups and IT experts in Nigeria are calling for the speedy
passage of the much talked about cybercrime bill, which is expected to
tackle various offences such as unauthorised access to computers and
computer systems (including hacking), as well as procedural issues
related to the collection and preservation of evidence, and partnership
with international instruments and bodies involved in fighting
cyber-crime.
A reliable source at the Computer Crime
Prosecution Unit, of the Federal Ministry of Justice, which also advises
on cybercrime policies, legislation and forensic issues, informed SUNDAY PUNCH that the bill had not been passed into law because some corrections were being made to the executive bill.
“There was a move to harmonise the
several versions of bills before the National Assembly, synchronise the
security positions and have one executive bill that would cover all the
parts,” the source, who pleaded anonymity said.
Not only should the country have
effective laws on cybercrime, the Nigeria Police Force, as well as other
security and law enforcement agencies, should expand its capabilities
to deal with these issues, noted Lawore.
“So that the bad guys cannot afford to do whatever they want to do and get away with it,” he said.
“When the former Inspector-General of
Police, Tafa Balogun, established the Police Computer and Information
Technology (training) school, there were very few online sites or blogs
then; a lot of websites operating now were not there. So the basic
training was on dealing with certain forms of online crime. But now, we
are building the capacity of the police to tackle new ones like hacking.
Recently, police public relations officers from different states
finished a training course on cybercrime and social media. Some Nigerian
police officers have also been sent abroad to undergo training on IT
forensics. A lot of training is currently going on,” explained Frank
Mba, Public Relations Officer of the Nigeria Police Force.
Until the right structures are put in
place, the country’s cyberspace and its growing online platforms may
remain vulnerable to all forms of online hacking; whether from hackers,
crackers or script kiddies.
-Punch
Share your thoughts...thanks!
No comments:
Post a Comment