Tuesday, 15 August 2006

Was that the Real Story?

When documentaries sensationalise rather than educate

I did not see the Real Story episode that was broadcast last night, but the snippets that were shown in the news stories during that day did have a touch of sensationalised histrionics to it.

It is a well known fact that certain enterprising but dishonest Nigerians have been involved in what is known as Advanced Fee Fraud or 419 in the local parlance.

Part of what I saw showed a raid on an Internet café in Nigeria where officials of the EFCC (Nigerian Fraud Squad) had everyone vacate the computers; they asked everyone to put up their hands facing the walls and then as one of the suspects remonstrated an EFCC official assaulted the man with a slap in the face commanding him to shut up.

This is poor reflection on the Nigerian criminal justice system that suspects can be assaulted but law enforcement agents with impunity and very little recourse for justice.

My take on 419

Back to 419 - This is where using the human susceptibility to greed and gullibility, a victim receives a request to supposedly launder ill-gotten gains from bogus contracts or stashes of frozen sums of money by providing their bank account details and paying an upfront fee for the administration of the process. Some are so sophisticated in their ploys that it becomes too good to be true – anything that has that feel to it has my radar homing in on something really fishy.

Many have fallen for this get-rich-quick scheme and lost large sums of money, but I have no sympathy for both the perpetrator and the victim, they wee both about to engage in a criminal act. However, there are cases where the contracts do look real, but when you are about to invest money, especially in Nigeria, you have to have your wits about you and seek independent, impartial review of the whole thing – involve lawyers and investigators you can trust before you part with your cash.

The Real Story episode revealed that people’s details were being sold for as little as 20 Pounds, the details were supposedly gleaned of hard disks which would have been in used and second-hand computers exported to Nigeria.

Your details can be used anywhere

The fact is the information on hard disks can be read in any country and can be used by any set of criminals either in Nigeria or elsewhere. Having completed a module on Computer Forensics, I am very well aware of the fact that it takes a lot more to delete data off a hard disk.

There are tools to recover long removed data, that special tools are required to wipe hard disks to the security standard of the Department of Defence, in fact, in most cases, the hard disk would be melted if the data that it once contained is considered secret.

Besides, identity fraud is probably an issue closer to home than in far away Nigeria. All you have to do to rummage through a bin and find letters, bank statements, if not credit card PIN slips that give enough information about a person – this is called bin raiding – a further search on the Internet can reveal birth date, birth place and parents if the genealogy, census, birth, marriage and death registrations are online.

A letter posted to my cousin in England from Nigeria some 20 years ago ended up in the hands of a lodger who used that information to obtain a National Insurance number in my name – so identity theft does not have to be so complicated or sophisticated.

Developing a sense of security to protect privacy

People who generally would lock their doors when they go out and pull the curtains to keep prying eyes out, do not apply the same principle to their information, data, computers and personal details.

Everyone who receives a letter of any importance must invest in a paper shredder and shredders do have different security ratings from strips to pulp – I never dispose of any paper that has not been shredded and I have been doing that for at least 7 years.

Your computer when online is like an open door with drawn curtains and open windows; you need more than just any popular anti-virus software because virus developers tests their malevolent programs against popular anti-virus software so as to prevent detection.

The general idea is to develop the fortress principle to your computer, an outer wall (a firewall), the doors and windows (an anti virus software) and then the protection of valuables within the home (malware detectors).

Use good tools

In my case, I do use a hardware firewall found in my wireless router and enable the software firewalls on all computers, I have installed the well known McAfee VirusScan Plus and Trend Micro PcCillin Internet Security ensuring that the updates run everyday at night.

Malware is software that gets installed inadvertently on your system through opening a suspicious email or visiting an innocuous web site, they can install key loggers which record all the keystrokes you have type and send that information to some harvesting system where the information can be replayed as if it were you logging on to your bank account or some other secure service. These are really the identity theft perpetrators.

I use Lavasoft Ad-Aware and SpyBot – Search and Destroy, with all that attention to detail, I still find that a keylogger still ends up on my laptop every few days – you just need to keep ahead of the criminals – time after time.

In addition, to remove all references to sites I have visited and files I have opened on an operational system, I use CleanUP.

If, you are done with your computer, you can recycle it, but before you do, search for a secure hard disk deletion tool as this write-up suggests – Purge hard drives before recycling.

Common sense approach to social engineering

In all, you have your identity to protect, ensuring that the people privy to your secrets are authorised to access that information with discretion under the contract of confidentiality, not of which should violate your right to privacy.

Where people, emails or forms ask for information that should be personal and known only to you like your PIN numbers, do not under any circumstances reveal that information, because that that time your would be seriously compromised – they might want information about who you are where name, address, date of birth and account number might suffice, but that should only be divulged to those your have ascertained through obtaining their own details first.

Always err on the side of caution, err of the side of keeping the information than giving it out.

References

UK Bank Details Sold in Nigeria

Top Ten Scams targeting customers – 419 comes 8th

Britain Alleges ICT Bank Fraud on Its Citizens

Avarice Anonymous

No comments: