(By Don Okereke)
“Some school of thought liken Social Networking sites such as FB, MySpace, instagram, twitter, beebo, tagged, meetup, hi5, badoo, flixter, netlog, orkut, LinkedIn amongst others as ‘’weapons of mass distraction’’. Don’t get it twisted, these are great technological tools, the onus is for them to be used appropriately and responsibly. Cyber criminals are abreast of the hazards and loopholes inherent in the cyber world; they are exploiting these weaknesses for their aggrandizement employing a mishmash of technology and social engineering skills. A study reveals that 97 per cent of Nigerian online businesses risk attacks from hackers. In 2010, out of a study of 233 countries monitored by Symantec’s Global Intelligence Network, Nigeria was ranked 65th globally for malicious internet activity.“
(This piece is a follow-up to an earlier article titled Cyber Security Awareness and Tips for Nigerians, published in the Youth Speak page of The Guardian on 28/12/2012.)
THERE is no gainsaying the fact that the internet, particularly social media, has revolutionised the way we communicate and transact business. To underscore the growing importance and recognition of social media in our everyday life, the United States Securities and Exchange Commission (SEC) gave permission to use social media for official announcements.
Innovations if not well reigned in, have irreversibly consequences. Reputations can go down the drain in a twinkle of an eye on the internet because of the speed with which information goes viral. People have lost prized career opportunities due to inappropriate information they naively shared on social networking sites. Recall Osaze Odemwingie was fined thousands of Pounds aftermath of his twitter rants.
It made news that some of Nigeria’s crème de la crème pander to buying fake twitter followers. It is a fad who has the highest fans/followers on twitter or Facebook. IT smart alecks are smiling to the banks because they have perfected the art of auto-programming codes or using modified versions of a virus called Zeus to sell spurious endorsements such as ‘’likes’’ and ‘’followers’’ to individuals and organisations bent on enhancing their online endorsements. Be circumspect when you come across individuals, organisations with extraordinary ‘’likes’’, ‘’followers’’.
The Pew Internet Research reckons that about 95 per cent of teenagers access the internet owing to the proliferation of Smartphone’s. One of the knock-on effects of this is that face-to-face relationship and communication have been relegated no thanks to BB pinging, tweeting, text messaging amongst others. A survey suggests that American youths are increasingly lacking basic social skills because of this Social Networking trend. The adverse effect of the quest to be constantly ‘’plugged in’’ or ‘’logged in’’ is invariably taking a big toll (addiction) not just on teenagers but adults as well. This proclivity affects negatively productivity in the work place. For instance, Facebook (FB) boasts about 1.2 billion users globally. Out of this number, 500 million of FB’s active users are said to spend about ‘’seven billion minutes’’, an equivalent of 1.3 million years monthly on FB with an average person spending at least 15.3 hours a month on it.
Some school of thought liken Social Networking sites such as FB, MySpace, instagram, twitter, beebo, tagged, meetup, hi5, badoo, flixter, netlog, orkut, LinkedIn amongst others as ‘’weapons of mass distraction’’. Don’t get it twisted, these are great technological tools, the onus is for them to be used appropriately and responsibly. Cyber criminals are abreast of the hazards and loopholes inherent in the cyber world; they are exploiting these weaknesses for their aggrandizement employing a mishmash of technology and social engineering skills. A study reveals that 97 per cent of Nigerian online businesses risk attacks from hackers. In 2010, out of a study of 233 countries monitored by Symantec’s Global Intelligence Network, Nigeria was ranked 65th globally for malicious internet activity.
The 2013 Symantec Internet Security Threat report asserts that 43 per cent of attacks on Social networking websites are related to malware. Hackers, predators (paedophiles), business competitors, state and non-state actors frequently troll the internet and social networking sites looking for information or people/nations to exploit. Not long ago, a group that goes by the alias ‘Syrian Electronic Army’ took credit for hacking the twitter accounts of some British newspapers and a news agency. The perpetrators posted false tweets insinuating there had been an explosion in the White House and that President Obama was injured. This bogus tweet to AP’s 1.9 million followers instantly caused the Dow Jone’s Industrial Average to plummet more than 100 points before rebounding. You can see the negative butterfly-effect of technology.
However, after a string of account hijackings, twitter tallied series of security features. One of them is ‘’verified’’ which means the account has been verified and is genuine while the other is known as ‘’two-factor authentification.’’ This involves users entering a six-digit code to be texted to the mobile phone number of users each time they log into their accounts. These measures definitely make it more difficult for hackers but are not fool-proof. Mark Zuckerberg, FB’s CEO’s account was recently hacked by a Palestinian web developer- Khalil Shreateh. Fraudsters, in an unconfirmed report, were said to have created about 19 twitter accounts with former President Obasanjo’s moniker. There is a lot of impersonation and make-believe flying around in the cyber world. Err on the side of caution when next you think you are chatting, tweeting with a supposed big shot or a celebrity out there.
Another escalating threat is cyber attacks (cyber terrorism) that employ a distributed denial of service (DDoS). A DDoS attack aims at making a server or computer network unavailable to its prospective users by temporarily or permanently interrupting services of a host connected to the internet. State actors can disguise as non-state actors (third parties) to launch cyber warfare against other nation states. Cyber Crime/Warfare transcends physical boundaries hence erecting perimeter fencing offers no help. The phenomenal feat of Stuxnet, Ghostnet, Byzanthine Hades, Flame and the Titan Rain, reinforces the belief that quest for such products will not plummet soon.
Cyber security, privacy related issues are not just strictly technology-oriented but also behavioural. It is not enough to be aware of the hazards associated with the internet and social media, we must take steps to forestall being victims. The following are trends, activities we must be wary of on the internet, social media:
Pharming: This refers to a calculated attempt to redirect users from legitimate websites to fraudulent ones aimed at extracting confidential information from the unsuspecting victim. Please fend off a proclivity for indiscriminately clicking on links, especially shortened URL’s (Universal Resource Locator’s). Many a times these shortened URL’s are vendors for cyber attacks because they can easily disguise fake, fraudulent and malicious websites. Good antivirus software on your PC’s, handheld devices and phones will help.
Elicitation: This is the deliberate use of conversations to extract sensitive information from people without letting them know. Never disclose sensitive, private information on social networking platforms. Identity theft, cyber stalking, cyber employment scams, online grooming, internet dating scams, PHISHING (usually an email that appears to emanate from a legitimate source but is not and contains a link or file with malwares, viruses) are on the rise. Ever heard the ‘’Catfish’’ story? This gist involves a once gullible guy Nev who fell in love with a woman online only to find out later that ‘she’ was an impostor. Armed with your date of birth, National Identification Number (Social Security number) and little information, unscrupulous felons out there can ‘clone’ you.
If you have plans to be out of town, why broadcast it on social networking sites. Be cagey whom you invite/accept as ‘friend’, ‘like’ or ‘follow’ on social networking websites. Also be mindful what information, news you ‘like’, ‘share’ on the internet. ‘Liking’ a terrorist, a terrorist organisation or even an extremist statement/remark may just be a subtle invitation to the prying eyes of security agencies (Open Source Analysis).
Cyber bullying is real! It emerged recently that a star Nigerian actress cum artiste was on the verge of committing suicide aftermath of sustained vicious negative comments about her.
ATM skimming: Is a process of installing fraudulent equipment on Automatic Teller Machines that enables criminals to steal credit, debit card details. It is unfortunate that many ATM’s in Nigeria lack CCTV cameras in the vicinity that can monitor, record goings-on. The Central Bank (CBN) must impress it on Nigerian banks to install Internet Protocol CCTV Cameras on all their ATM’s. There is a plethora of fraudulent online shopping sites too. Be circumspect in the type of website you enter your credit, debit card details in the name of online shopping. Even bank websites can and are been cloned. For example, a bank’s website may read www.axyz.com and cyber criminals will clone a site that reads www.axyz.com.ng These are two different entities. Before entering your credit, debit card details on a website, carefully look for signs like a closed padlock and a web address with ‘’HTTPS’’ (Hyper Text Transfer Protocol over a Secure Network). Sites with ‘’HTTPS” are safer than those with ‘’HTTP”. The former (HTTPS) keeps the session cookie encrypted between logging in and logging out. You can also disable or turn off ‘’HTTP Trace Support’’, ‘’Scripting’’ and ‘’iframes’’ on your web servers and internet browsers.
Sequel to the increasing popularity of online shopping, the CBN’s Cashless Policy and the attendant migration to electronic, online payment platforms, permit me to postulate that Nigerian financial institutions and the citizenry must brace up for a flurry fraudulent electronic transactions.
Click-jackin: Are processes that conceal hyperlinks beneath legitimate clickable content which when clicked, causes users to unknowingly perform actions such as downloading or sending their ID’s to spurious websites. More often than not, click-jacking scams camouflage and employ ‘’Like’’, ‘’Share’’ and ‘’Follow’’ buttons on social networking websites. Beware whom/what you ‘’follow’’, ‘’share’’ and “Like’’ and desist from indiscriminately opening email attachments or clicking on links from people you do not know.
Spoofing: It is an act of deceiving computers or computer users by hiding or faking one’s identity. Email spoofing utilises sham email address or simulates a genuine email address while I.P spoofing hides or masks a computers I.P address.
Beware of hogwash Ponzi-like schemes on the internet. All the hullaballoo such as ‘’tweet for cash’’, ‘’tweet for profits’’ amongst others must be carefully scrutinised before partaking in them. Some of these schemes give the impression that just about anybody can work from home and earn upwards of $10-20,000 monthly. If you are in doubt, you can simply do a Google search on that information and read comments. If the deal sounds or looks too good to be true, it damn is!
In this age of BYOD (bring your own device), cloud computing, hacking married with whistle blowing, security-minded establishments must be mindful the type of device their staff, visitors connect to company networks. If possible, provide stand-alone computers that are not connected to the company network for visitors and for private use by staff. If need be, organisations should disable the USB ports on their computers. Financial and sensitive military establishments must put measures in place that forestall employees, insiders from stealing classified information using flash drives or storing them on ‘cloud’ resources. These days, insiders, not necessarily hackers are the biggest threat to cyber security/safety, espionage. Edward Snowden and Bradley Manning are recent classic examples. Organisations must invest in virtualisation technology on their networks to forestall DDoS attacks, they must also stipulate a ‘social media policy’ which clearly defines access to information, and what information is acceptable for posting on the internet and who is authorised to post them. Employees must undergo periodic cyber security/safety awareness training.
In this era of cyber warfare/terrorism, proliferation of hacking and espionage by state and non-state actor’s, the prospects and far-reaching consequences of concentrating the private information (names, dates of birth, addresses, passport photos, fingerprints) of Nigeria’s GSM users and outsourcing an internet surveillance contract even if well-intentioned to a foreign firm is to say the least, mind-boggling and a threat to national security. It is high time Nigeria articulated and embraced a National Cyber Security/Safety Policy which must encompass proactive cyber safety awareness campaigns for the public. Nigeria’s National Assembly must expedite the passage of the National Cyber Security Bill.
The Lagos State government deserves commendation for hosting a Cyber Safety Conference sometime last May. Other states and stakeholders may take a cue from the exemplar.
• Okereke is an enterprise security risk management consultant.
“Opinion pieces of this sort published on RISE Networks are those of the original authors and do not in anyway represent the thoughts, beliefs and ideas of RISE Networks.”