CYBER SECURITY AWARENESS & TIPS FOR NIGERIANS

[b]By Don Okereke
Security Analyst & Consultant
donnuait@yahoo.com[/b]

Scientists, engineers and inventors toil day and night to discover or invent a tool or product that will advance the cause of humanity and before you say Jack, that same invention has been tailored by criminals to perpetuate their nefarious activities. There are so many criminals out there in the cyber and real world’s. Cyber crime or Cyber warfare transcends physical boundaries and as such erecting perimeter fencing and all that offers no help.

At the time of writing this piece, news filtered in that names, addresses, bank account details etc of some serving and retired personnel of Nigeria’s State Security Service was published online. What a national embarrassment and a threat to National Security. This is a wake up call. This kind of act may not necessarily be carried out by external criminal elements. A disgruntled staff could have done it as well.

Many a time cyber criminals deploy ‘Social engineering’- the art of cleverly influencing people- to outsmart and swindle their unsuspecting victims.

Some of the fantasies we read in science fiction novels or watch in James Bond movies that seem impracticable are now common place. There is no gainsaying the fact that advances in technology has thrown up a lot of security challenges.

Sequel to Nigeria’s staggering population of about 160 million people cum the advent and penetration of internet and automatic teller machines, Nigerians should brace up for increased levels of cyber and financial crimes. It is not impossible to clone ATM cards, clone a website, hack into or completely take the website down. Cases abound in the Western world of criminals installing very tiny cameras on automatic teller machines to capture the PIN numbers of unsuspecting bank customers. Desist from entering your debit or credit card details in dodgy road side shops or online websites.

As we strive to catch-up with technological innovation in advanced countries, we also need to brace up to the challenges inherent with such technologies; there is always a learning phase or curve. The following comprehensive guide and tips are geared towards making us conscious of the dangers out there and what to do to protect ourselves.

1. Be careful what you do on a computer especially a public computer like the so-called cyber cafes. When you use a public computer or the so-called cyber cafes to check your emails, ensure you uncheck the ‘’keep me signed or logged in’’ box before you sign in to your online accounts. Failure to do this means your email/online account can still be opened even after you sign or log out. It’s also easy for criminals to install key-loggers in public computers that secretly records information of users. And very importantly, after downloading sensitive documents, ensure you clear the download folder otherwise your downloaded document will still be there after you have gone. So it goes without saying that one must avoid using public computers or networks for financial and private transactions. If you cannot avoid it then take care to protect yourself and your transactions.

Don’t presume because you have deleted information from a computer therefore it cannot be retrieved. Bad guys beware! There are forensic tools that can be used to scan and recover deleted information from a computer.

2. Watch out the type of website you enter your personal information. These days, websites can be cloned. The website you thought is your bank’s, may not be after all. Its safer to personally enter the URL (Universal Resource Locator) of the website you want to visit on the address bar than to Google it. It is risky to click on every link emailed to you by friends etc. Scrutinize emails claiming to emanate from your bank, PayPal and other financial institutions. Don’t give out personal information over the phone unless you are sure of the caller.

3. Be wary of text messages or even calls supposedly originating from a particular phone number or company you think you are familiar with. This writer has gotten a lot of phony text messages telling him he has won a lottery that he never entered into. If it looks too good to be true, it is. A chap approached me lately telling me he got an email telling him he won the American Visa lottery. Without even reading the content of the email I told him it is definitely fraud because I am aware the United States Department of State no longer sends emails to lucky winners of its Visa lottery. Winners are now required to personally check in www.dvlottery.gov whether they won or not. This is not even the gist, he subsequently told me they asked him to wire money via western union to an address domiciled in the United Kingdom. This is also why it pays to be INFORMED of developments around us!

My wife got a call sometime from somebody telling her they both did their mandatory one year national youth service in a particular state. He went ahead to recite my wife’s NYSC call-up number and all that. He asked my wife if she was still searching for a job, she said yes. He instantly guaranteed her a place in Shell where he claimed to be working. There and then, I told wify that the guy was a scammer. People can get your information from so many ways. It could be the guy had access to the Corper’s magazine of that particular State/year and got all the details he needed from there. Its amazing people still fall for such trash!

With bulk SMS and internet text messaging, one can send a text message with a personalized user I.D or phone number probably claiming to be someone else or originating from a specific phone number. For example criminals can send you a customized bank transaction SMS alert purporting to emanate from your bank and anything can happen from there.

Voicemail and phone calls can be hacked too. Justice Salami has had a running legal battle with OyinloIa/the PDP over alleged text messages and calls purported to have transpired between him and an ACN gubernatorial candidate. One is not necessarily holding brief for Justice Salami; it’s just to highlight the possibilities of technology. The case is still in court; let’s see how it pans out.
Computer/Phone hacking is a global phenomenon. Lately, United Kingdom’s widely read tabloid- the News of the World closed shop over phone hacking scandal. Prominent celebrities have had their phones etc hacked into at one point or the other.

Please if you use a wireless internet subscription on your PC or mobile device, it is very important you use a very STRONG password to protect it otherwise just about any body within your vicinity can log or hack into your network and use it. With ‘’remote log in’’, somebody can hack into your Personal Computer via your unsecured network and access all the information on your PC or device.
You cannot exonerate yourself if your network is hacked into and used to perpetuate negative acts. Always switch off the Bluetooth on your computer or mobile device because it is an easy gateway to the information in your device. Your voicemail too needs to be password protected.

4. Use ‘strong’ passwords and change it as frequently as possible. Eschew using such things as your date of birth etc as passwords. Mix letters, numerals, capital and lower case letters if possible. If you fancy it, try using a memorable sentence for a password. E.g. ‘’AbujaIsTheCapitalOfNigeria’’. Take note that the aforementioned password has every word starting with a capital letter. Yes, its a long one but also easy to remember. Most importantly, it is STRONG, cannot be easily cracked.

5. Be careful who you send or email your CV and important documents to. This applies mostly to our numerous job seekers out there. I cringe whenever I see a plethora of job seekers copying and pasting their resumes, degree results, passport photos, NYSC discharge certificates etc on every available website and to giddy recruitment websites. Armed with all these information about you, what else does some criminally-minded bloke out there need to claim to be you or ‘clone’ you? ‘Identity Theft’ may not be big business here in Nigeria but it is a multi-billion dollar business in most Western countries.

As a job-seeker, alarm bell’s should ring in your head when you come across a company online claiming to be say, Shell and having an email address shell@yahoo.com. If indeed it is Shell, then their email address should be customized to their name e.g shell@shell.com.

6. Be wary the type of information you leave on social networking sites such as facebook, twitter, beebo, hi5 etc. Be careful who you allow as your ‘friend’ or socialize with on facebook et al. Recently a postgraduate student and daughter of a retired Major General by the name Cynthia Osokogu was brutally murdered in Lagos. She was alleged to have ‘met’ one of her assailant through Blackberry Messenger. You can see the hazard in blindly trusting people you come across on social networking sites. Over here, particularly amongst teens, there seem to be some kind of competition as to who has the highest number of ‘friends’ on facebook. People may not be who they claim they are on social networking sites. It’s easy to copy and paste or upload another person’s picture and claim to be that person. There is lot of impersonation, make-believe and facade going on in Social Networking websites.
If you are travelling, why must you post/advertise it on a Social Networking website. You are unwittingly telling potential goons that you won’t be around.

People have lost jobs and precious career opportunities courtesy of inappropriate information they inadvertently posted on Social Networking sites. The just concluded London 2012 Olympics recorded athletes being booted out because of their tweets. Some of the information you innocently put on Social Networking sites today may come to haunt you say in 10-20 years time especially for those with Political or leadership prospects.

On a related note, you unwittingly make your self a target or a suspect if you allow a wanted criminal or terrorist as your friend on a social networking site. Do I have to also say that these sites are very addictive! So many folks waste a lot of productive hours on facebook et al. This is not to say that social networking is bad, not at all. They also have their good side.

A lot of folks ask me if I am not on facebook because they cannot ‘find’ me when they search for me. Please it’s high time you made good use of the ‘privacy settings’ on some of these social networking sites. The privacy setting allows you to decide for example if you want your full date of birth to show or for the general public to see you.

7. Have manifold email addresses. You can dedicate one of the emails for social activities- networking and all that. Another one can be for your financial transactions and may be a third one for career-related transactions. The raison d'être for this is that if the email for social activities is compromised, it will not affect the sensitive information in your career or business emails.

8. Phone browsing has more security implications than browsing on a typical desk top or laptop computer. That is to say that phone browsing is not quite secured. A lot of times folks complain that their email accounts have been hacked into or compromised but on closer scrutiny one finds out that they have at one time or the other, accessed their email accounts on their phones. It often happens that cookies, malwares and Trojans may have infiltrated the said email account and will automatically start sending phony emails to all the addresses in the person’s contacts list.

It is not news that most of these Smart phones available today have software’s or applications that can track their owner’s geographical location or movements. Nigerians like to flaunt their wealth and gadgets; we just like to rub it in. It may interest you to know that Google officially admitted that more than 90% of android phones have mobile software’s with serious security vulnerabilities. It is advisable to install a mobile security antivirus on your smart phone.

Talking about phone tracking, the late Col Gadaffi was alleged to have placed a call via a satellite phone shortly before he was killed. The hypothesis suffices that his call was intercepted and the coordinates of his location was extrapolated. With satellite phones, the origin or location of the call can be tracked in real time. It’s not only satellite phone calls that can be tracked. It also applies to everyday phone calls we make. The nearest phone mast can be deduced and that reveals one’s approximate location.
So before you start flaunting that your latest toy, take time to consider its disadvantages cum security implications.

9. Remember that each computer/phone or whatever device you connect to the internet have a specific I.P (Internet Protocol) address. There is a tendency that at every point in time your I.P address is embedded in an email or online transaction that originates from you. With the I.P address, the location or the nearest telecommunication mast where that of that particular transmission emanates from can be deduced.

Please don’t drag this thread into the promise of altering or hiding an I.P address; using a ‘Virtual PC’ to browse or ways around some of these things. This thread is aimed to dissuade the bad guys.
To the bad guys, please desist from your nefarious online activities because the law enforcement agents will sniff you out if they are determined.

Recall that most of these insurgent or terrorist groups in and outside Nigeria issue their Press Releases online and have online presence hence they cannot afford not to leave an online fingerprint trail no matter how meticulous or IT savvy they are.
One is quite impressed with the progress been made by the Nigerian Police in using technology to fish out culprits responsible for killing Cynthia Osokogu.

It’s encouraging that the Nigeria Police recently enlisted Computer/IT professionals into the force because policing has gone beyond brandishing unserviceable rifles and mounting road blocks.

10. Regularly updating your computer also makes it more secured. Similar to this is also to update your web browsers as older versions may be riddled with security flaws. Uninstall programs or software’s you no longer use from your computer. Avoid downloading or opening programs/files if you are not sure of the sites authenticity or credibility.


By Don Okereke
(Security Analyst & Consultant)

donnuait@yahoo.com
+2347080008285

Somebody should help me and read pls. Summarise it too. Thanks in advance.

For the lazy ones here's a summary for you

1. Be careful what you do on a computer especially a public computer like the so-called cyber cafes.
2. Watch out the type of website you enter your personal information.
3. Be wary of text messages or even calls supposedly originating from a particular phone number or company you think you are familiar with.
4. Use ‘strong’ passwords and change it as frequently as possible.
5. Be careful who you send or email your CV and important documents to.
6. Be wary the type of information you leave on social networking sites such as facebook, twitter, beebo, hi5 etc.
7. Have manifold email addresses.
8. Phone browsing is not quite secured.
9. To the bad guys, desist from your nefarious online activities because the law enforcement agents will sniff you out if they are determined using your IP. .that is
10. Regularly updating your computer also makes it more secured.

Good One.

crackhouse: Somebody should help me and read pls. Summarise it too. Thanks in advance.

long

Good one.

Merci

[b]

1. Be careful what you do on a computer especially a public computer like the so-called cyber cafes. When you use a public computer or the so-called cyber cafes to check your emails, ensure you uncheck the ‘’keep me signed or logged in’’ box before you sign in to your online accounts. Failure to do this means your email/online account can still be opened even after you sign or log out. It’s also easy for criminals to install key-loggers in public computers that secretly records information of users. And very importantly, after downloading sensitive documents, ensure you clear the download folder otherwise your downloaded document will still be there after you have gone. So it goes without saying that one must avoid using public computers or networks for financial and private transactions. If you cannot avoid it then take care to protect yourself and your transactions.
Don’t presume because you have deleted information from a computer therefore it cannot be retrieved. Bad guys beware! There are forensic tools that can be used to scan and recover deleted information from a computer.

[/b]

Slyr0x: For the lazy ones here's a summary for you

8. Phone browsing is not quite secured.

thanks for summarising. I have this anti virus Netqin 4.0 and netqin mobile security. How efficient and proactive is this anti? Thanks OP for advising

@crackhouse.
If you can not read it, any point replying? Of what use is your reply? If you're too lazy to read, it is advisable to click the next post that you desire.

i quite agree wit u boss, i mean wat kan i say?

Thanks for sharing ooooo

thanks

...

using a public computer is never safe, just forget it.
asides the array of keyloggers ready to grab your credentials, there is also a risk you handing your details to the wrong website.
boyz have been known to play with the host file just to steal your logins.

there can also be a very high risk when running OSes that's lesser than Vista, or without UAC enabled, you allow anyone insert a flash drive to your computer and
a silent copy program can mirror your computer without your knowledge, or even install a keylogger silently.

downloading a publicly available software that is unsigned, or with unchecked hash can pose a potential risk
i remember seeing a video on milw0rm where double clicking an normal harmless looking installer installs a program on your pc even when you exit the installer on first screen.

using same password for a range of sites is also bad practice as website administrator are known to try your passwords against your email accounts or social network accounts.

@Nuait....God bless you..is all I can say...

make person summarise abeg..into points preferably

thanks man, that's goin 2 be helpful. God bless

Very Educating!!!

Eh! But OP, why did you display the name, phone number & e-mail of the author. Abi na your data be that? Is it internet-wise?
To the topic, It pisses me off whenever I use a public cafe & I just discover that the careless previous user of the system I am to use failed to log out from his/her social sites account. Some will even give a silly excuse that their browsing time was up & that's why they could not log out. And to the people wey no sabi how to log out, una fit ask the admin people for the cafe to help you.
This is the best thread I have read on NL this week.

Using strong password to login into your account is not enough security measure, Connecting to public network like using your computer at the airport, open wifi, even using your computer at a Cyber cafe makes you vulnerable to networking sniffing, ARP attack, etc.
How often do you google your self? do you know how much of your information is spread over the net?
Type these words into google.com and see what google has on UNILAG staffs "Unilag CV filetype:doc"

Gud one my dear. More power to ur elbow. Daalu ri nne

talk2hb1: Using strong password to login into your account is not enough security measure, Connecting to public network like using your computer at the airport, open wifi, even using your computer at a Cyber cafe makes you vulnerable to networking sniffing, ARP attack, etc.
How often do you google your self? do you know how much of your information is spread over the net?
Type these words into google.com and see what google has on UNILAG staffs "Unilag CV filetype:doc"

At op, thanks a milla, God richly bless you, him/her dt has ears let them hear!

@ poster. thanks a lot. i really enjoyed reading this. it was clear, simple to the point. especially for lay people like myself. can you continue giving us updates so we'll know what to look out for?

My PA shud read and xplain 2 mi l8r

Who is an hacker?

Slyr0x: For the lazy ones here's a summary for you

1. Be careful what you do on a computer especially a public computer like the so-called cyber cafes.
2. Watch out the type of website you enter your personal information.
3. Be wary of text messages or even calls supposedly originating from a particular phone number or company you think you are familiar with.
4. Use ‘strong’ passwords and change it as frequently as possible.
5. Be careful who you send or email your CV and important documents to.
6. Be wary the type of information you leave on social networking sites such as facebook, twitter, beebo, hi5 etc.
7. Have manifold email addresses.
8. Phone browsing is not quite secured.
9. To the bad guys, desist from your nefarious online activities because the law enforcement agents will sniff you out if they are determined using your IP. .that is
10. Regularly updating your computer also makes it more secured.

you try,but there are more than 100 ways,for ip,think of vpn.reason more.think of cyber cloud.

Good job man, really learnt a whole lot. Thanks

Not bad... albeit we already know most of the tips though.

But why re some funny pple finding their way into nairaland,someone took time to explain things to u, u still asked him to summarize I wonder how some pple passed their ssce,nigerian youths ARE NOT MESSED UP wallahi if na omotola vs genny dem go read details lucky dummies

Nice thread... Buh allow boys.