By Victoria Ojeme
Last month, while the world was agog with the razzmatazz of the Christmas celebrations, Onu Ugboja, a young University of Abuja graduate who is seeking fortunes in the fashion industry and living at Asokoro extension in Abuja had received a series of One Time Passwords (OTPs) from his bank without requesting it. The OTPs are a one-time password that are automatically generated to authenticate a user for a single transaction or login session in internet banking.
These things don’t just happen. Someone is pulling the strings behind the scenes; it is either the account owner or an unauthorised person.
“I called my bank customer care service to notify them of the development and inquire on the status of my account. I got a resounding assurance that there was no threat to the account,” Onu said.
Last week, he went to the supermarket to obtain some groceries. At the point of sales terminal, the machine turned up a receipt that his bank account is not funded. Surprised and choking in disbelief, he drove straight to the nearest branch of his bank in Garki Area of Abuja.
His fears have come bare in daylight- there have been a series of cash withdrawals from his account- unannounced.
Now, it is obvious that someone accessed the bank account, changed his authorised phone number and email, and withdrew all the cash in it. The question remains as to who altered and withdrew the money. The bank is not coming up with tenable explanations.
In recent times, private cybersecurity firms and non-state sponsored hackers can influence diplomacy on a global scale due to the deep penetration of the internet into the military, critical infrastructure, and everyday society. This penetration has increased the effectiveness of information warfare and cyber espionage.
Digital rights have been recognised as human rights in the world of the internet and digital technology. Due to the acceleration in the adoption of current technologies, it is harder and harder to guarantee protection of individual’s rights, such as privacy and freedom of access.
There have been reports of compromises of Internet banking details of citizens as that of Onu above, stolen email passwords, social media companies selling personal details to other companies or that citizens’ communications are monitored and controlled.
The Nigerian government has never openly admitted its surveillance capabilities, but in August 2019, they passed and signed the Federal Mutual Assistance in Criminal Matters Bill into law, allowing the government to carry out surveillance activities on citizens on behalf of foreign nations if conducting criminal investigations.
In 2020 alone, the Nigerian government budgeted to spend an estimated nine billion naira ($22.8 million USD) on surveillance-related activities or equipment. In 2017, it spent nearly 46 billion naira ($127.6 million USD) on surveillance capabilities, according to a national budget document.
A weak system of accountability to monitor how security and law enforcement forces use these technologies allow for frequent abuses of power by the government in connivance with her enablers.
In October 2019, the Committee to Protect Journalists (CPJ) reported that the Nigerian military is using surveillance technologies to spy on ordinary Nigerians and the press. According to the report, the Nigerian military procured a forensic technology designed to extract information from phones and computers. The report also mentions that the Nigerian government has spent at least 127 billion naira ($322 million USD) on surveillance and security equipment.
Despite increasing surveillance capabilities and repression, Nigeria does not have a comprehensive data protection and privacy law — nor the political will to have one anytime soon.
In 2019, President Buhari refused the assent of the Digital Rights and Freedom Bill into law. This law would have extended the protection of human rights for Nigerians to the internet. The refusal was followed by attempts to enact restrictive bills such as the Social Media Bill and Hate Speech Bill. Both of these bills have the effect of shrinking civic space and prohibiting freedom of expression online.
Last month, this newspaper reported that malware attacks in Africa, including Nigeria, have increased to 85 million in just six months. It stated that four countries accounted for the 85 million attacks, with South Africa being the most targeted with 32 million; followed by Kenya, 28.3 million; Nigeria, 16.7 million; while Ethiopia had eight million attacks.
Even though the scourge of malware has always been of concern, the past 12-months have highlighted how hackers are refocusing their efforts to compromise consumer and corporate systems and gain access to critical data and information.
Given the growth of digital transformation across Africa since last year, the continent has become an attractive target for those looking to exploit a lack of user education and cybersecurity understanding.
Last year, during the ENDSARS protest, several government and corporate websites came down in a series of cyberattacks claimed by popular hacker group, Anonymous.
President of the Nigerian Computer Society (NCS), Professor Adesina Sodiya said that at least 42 to 50, or more government websites were potential targets.
He said estimates indicated that up to 30 government related sites were breached. “Government needs to act fast now before they start pasting our Automated Teller Machine (ATM) cards and Personal Identification Numbers (PINs) online.”
He said the cyber threats composed of a vast number of threats such as attack on physical system; authentication and privilege attack; denial of service; global risks including non-state actors in cyberspace like anonymous compounded by pandemics, which have accelerated our digitisation timelines, but also introduced many related online fraudulent opportunities and scaremongering; malicious content; social engineering and value chain disruptions, among others.
“Nigeria might be under attack from both foreign and local actors, as we speak. Both private and public organisations are subjected to continue to experience different waves of attacks. The current situation is still manageable and we have to take urgent measures so as to protect the country from more terrible situations. This might also seriously reduce and undermine our ranking in the “Global Cybersecurity Perception Index,” Sodiya said.
The Sahel has become a haven for many terrorist organisations in recent times. Illegal activity functions in the region as if political borders do not exist. Organised crime and terrorist groups attack freely, conduct business and exploit the weak controls that are enforced only on a limited basis.
These business activities include drug trafficking, counterfeiting, kidnapping, blackmail, document forgery, robbery, and immigrant smuggling. There are no real economic resources and the graft and corruption severely limit any enforcement that could occur. The economic decline and failed state status of the region as a whole is ripe for additional corrupt behaviour.
Some security experts blame this on China’s growing influence in Nigeria and Africa at large. China’s interest in information warfare really began in 1995 shortly after the United States had a swift victory in the Gulf War. The United States was able to use information technology to gain dominance in the war.
Major General Wang Pufeng, who is considered to be the father of Chinese information warfare, wrote “Information war is a crucial stage of high-tech war. At its heart are information technologies, fusing intelligence war, strategic war, electronic war, guided missile war, a war of motorization, a war of firepower —a total war. It is a new type of warfare.”
They went on to list the five key elements which are Electronic warfare, Military Deception, Operational Secrecy, Substantive Destruction, and Psychological Warfare.
The internet has allowed electronic warfare to evolve into the modern-day cyber warfare seen in the 21st century. Prior to a restructuring in 2015, China had three departments that dealt with Cyber operations: The People’s Liberation Army (PLA), Technical Reconnaissance Bureaus, and The Ministry of State Security (MSS). The PLA consisted of twelve operation bureaus with distinct missions, and under PLA leadership, each military region had its own Technical Reconnaissance Bureaus responsible for cyber espionage and military intelligence. The MSS was responsible for domestic and political security, non-military intelligence, and domestic counterintelligence.
Security experts suggest that this cyber warfare which threatens China’s economic neighbours such as the USA, UK, and Europe pose even a greater threat to defenceless Nigeria as China’s domestic companies are gaining privileged information of new, high-end technology from competitors. The loss of this intellectual property enables China’s domestic companies to steal the market share, negotiate better terms of trade, and obtain more favourable contracts.
In extreme cases China can use their massive population and global trade infrastructure to gain a near monopoly on certain products. State sponsored groups also targeted aerospace and defence firms stealing intellectual property that has a dual use to China. They are able to use the data stolen to gain a similar economic advantage as well as use the stolen data to support the modernization of the Chinese military.
The plans that China has for the future are very ambitious and mostly focus on improving their trade and military power along with maintaining superiority across the world. The plans on record that highlight the benefit of cyber espionage are the Belt and Road Initiative (BRI). The BRI is China’s ambitious plan to revitalise the silk road and add infrastructure in the form of ports, roads, and pipelines that stretch as far as you could think.
China is giving out arguably predatory loans to countries and in exchange would bolster their critical infrastructure and provide new trade routes for all involved. China does expect this money back, and there are harsh interest rates and huge penalties attached with these loans and failure to pay them; although there have been instances of debt relief and renegotiations around these loans.
Last month, the Ugandan government and Chinese embassy in the country had to come out and deny media reports that China has taken over the Entebbe International Airport over the Uganda’s failure to meet up with some terms of a 2015 loan agreement with the Chinese Exim Bank in 2015 to borrow $207 million at two per cent upon disbursement for the “expansion and upgrading project” of the airport.
Herein lies the issue. Nigeria External Debt reached 33.5 USD billion in June 2021, compared with 32.9 USD billion in the previous quarter. As of November 2021, it will become 50.9 billion USD following the Senate’s approval of the Federal Government’s request for $16bn and €1.02bn fresh loans on Wednesday. Curiously, the senate gave their approval for the loan request without even knowing the terms of the loan request but rather passed a resolution that the terms and conditions of the loans from the funding agencies be forwarded to the National Assembly prior to their execution for approval and proper documentation.
There are already suggestions that Nigeria risks losing key national assets to China in the event that it defaults in paying back loans obtained from China which is currently put at $3.48bn.
It turns out that Nigeria is one of the world’s most vulnerable countries to cyber-attacks. The Nigerian government and businesses are being attacked, but no one is reporting what is stolen. For now, relevant agencies of government will have to put in place necessary framework to secure the country against impending cyber- attacks. Without reforms, Nigeria’s internet will continue to be a vulnerable place.
After banning Twitter, in June, Nigeria went into talks with China to build an internet firewall. The Foundation for Investigative Journalism broke the news early this year. The extent of the discussions and the level of implementation is still unclear in a government circled by secrecy.
According to the report, Buhari’s chief-of-staff, Ibrahim Gambari, and Information and Culture Minister Lai Mohamed met with Chinese officials.
This is not the first time Nigeria has looked to China as a model for internet security. Last year, the Minister of Information, Lai Mohammed alluded to China as an example of how to regulate social media.
China’s “Great Firewall” is the centre of the government’s online censorship and surveillance effort. And though Nigeria lacks the resources to build such a firewall for surveillance, some believe the new eNaira introduced by the government might have been designed for the same purpose, albeit on a lesser scale.
From Obehie, Abia State to Zungeru, Niger State, practises associated with Chinese enterprises—especially flagrant human right abuses, cyberstalking and cyber monitoring and attacks, bribery and involvement in illegal mining—are problematic and potentially destabilising to Nigeria. Although these activities rarely spark violence themselves, they exacerbate homegrown conflict drivers such as resource competition, misgovernance, and policing failures.