By Timil Olagunju
This week, I had the privilege of making a presentation on Cybersecurity and Trust as a resource person in the area of cyberspace law at the recently concluded Nigeria Internet Governance Forum (NIGF) in Kaduna. You could check up discussions and action-plans on www.nigf.org.ng.
Afterward, I travelled for a speaking engagement at Ahmadu Bello University, and in my hotel room at the Senior Staff club, I remember stumbling on an article published by the Nigeria Communications Week (https://goo.gl/2irvPe), about Kaspersky suggesting that Nigerians have massively carried out successful attacks on the cyberspace of global corporations (not individuals this time); and the Federal Bureau of Investigation (FBI) estimates such at $3,000,000,000 (three billion dollars). Kaspersky further stated that the number of affected companies exceeds 22,143, in at least 50 countries.
But the question is, how did Kaspersky arrive at tracing it to Nigeria? In my finding, I discovered that it was through tracing Internet Protocol (IP) address. Now, the question is, could it be foreign nationals with advanced knowledge, that used the accommodating, faintly regulated, and porous Nigerian cyberspace to perpetuate this act? Of a truth, these days, even hackers use the dark web, to hack as children, family members, talk-less of advanced hacking of global corporations? Or is the usual blame game, since Nigeria has been identified as the ‘yahoo yahoo’ zone, using the cyberspace to dupe individuals? Making it is easier to pin this huge ‘cyber-heist’ of corporations on Nigeria.
In the words of Basil Udotai, a former Director of Cybersecurity, office of the National Security Adviser and Managing Partner, Technology Advisors, “kaspersky as an outstanding internet security company should remember always that attribution often goes beyond the first origination the tools pick up. $3b stolen by Nigerian hackers? Or international hackers bouncing off Nigerian networks! But who is to authoritatively challenge this incident statistics as WRONGLY attributed to Nigeria?”
Of a truth, I perfectly share same position, necessitating the need for me to address these accusations from a solution stand-point.
Well, some have argued that Kaspersky is trying to do business, no one can fault them on that, but leveraging on the reputation of our country is wrong, especially if the statistics are debatable. Kaspersky can say what it likes, but my question is “who is countering their facts with internally and locally generated evidence to the contrary? Who is driving our cyber-narrative as a nation? If you say well, our cyber-narrative is not important, then learn from the experience of an honest and hardworking Nigerian who was stigmatized in another country for being a Nigerian, only because such foreign national hears of Nigeria as home to “cyber-fraudsters”.
In these circumstances, Karsperky better check their facts right! How can a country, with hardly or no free anonymous proxy server, and pathetic electricity supply pull such global heist (beyond mere individual fraud) at the level of three billion dollars (approximately N6, 300, 000, 000, 000). With the state of electricity shortage (and outage) in Nigeria, isn’t it impossible for individual servers to be up and running 24 hours in 7 days for such heist? Again, I ask Kasperky, how can a Nigerian hacker maintain the consistent connectivity that is required to perform time demanding and rigorous hack activities at that level on such scale of six trillion and three hundred billion naira?
Maybe Kasperky needs be reminded, that there are hardly broadband internet connectivity available anywhere in Nigeria. Internet connectivity is mostly via mobile operator’s wireless GPRS data transfers, which has usually very slow data transfer ability. And to add fire to the coal, how many advanced hackers at that level can Nigerians boast of, for such organized and consistent large scale online hacking of corporations to be successful? If kaspersky had said, “Nigerians ‘tried’ hacking global corporations in 50 countries, then we might put the matter to rest, but to further claim, Nigerians did not only ‘try’ but succeeded, sounds more like a convenient way of ‘calling kettle black’.
Someone once argued that the so called “Nigerian hackers” are actually North Korean hackers – and its part of how they fund the North Korean economy, because Nigerian cyberspace is porous and we are a populous nation with a track record of cyberfraud; real or imagined. Well, whether Nigerian or North Korean (or even Chinese or Indian) hackers are involved, it is a known fact that Nigerian hackers lack the connectivity capabilities to operate the shady dark web. Even if broadband internet connectivity is sufficiently available for Nigeria, the dark web clearing house would be impossible for potential hackers.
These are key issues kaspersky needs to look, because such wide and untamed assumptions based on shallow testing, are ethically unacceptable. But also, it’s important for Nigeria to put her house in order – as a Nigerian proverb says “the way you call your calabash is what others will call it for you”.
Therefore, instead of agonizing over the problem of possibly false labeling of my beloved country, her people and cyberspace, I will proffer a simple solution. In addition to securing our cyberspace, I recommend a concrete “Cybersecurity Media Team” (not committee — I regularly joke that committees mostly commit to drinking Nigeria’s national tea). The Presidency’s “Cybersecurity Media Team (CMT)” should be made up of cybersecurity advocates and media practitioners, working closely with the office of the National Security Adviser (NSA) and the National Orientation Agency (NOA), as well as a various ministries; a multi-stakeholder approach to verifying and sharing information about facts and figures on the Nigerian cyberspace, and helping produce what I refer to as a “Nigerian Cybersecurity Index (CSI)”, involving copious research on locally generated facts and figures about the Nigerian cyberspace. The “Nigerian Cybersecurity Index (CSI)” will help shape policy and technical direction to meet localized cybersecurity needs based on evidence, (and not assumptions or imported data), as well as tackle presumptuously exaggerated positions, which smear the image of our beloved Nigeria, and undermines efforts towards re-branding and attracting foreign investment.
Olagunju is a cyberspace lawyer, with specialization in providing training, legal, and business support for start-ups, institutions, and policy makers.
Twitter: @timithelaw Email: firstname.lastname@example.org