Tuesday, 15 August 2006

Was that the Real Story?

When documentaries sensationalise rather than educate
I did not see the Real Story episode that was broadcast last night, but the snippets that were shown in the news stories during that day did have a touch of sensationalised histrionics to it.
It is a well-known fact that certain enterprising but dishonest Nigerians have been involved in what is known as Advanced Fee Fraud or 419 in the local parlance.
Part of what I saw showed a raid on an Internet café in Nigeria where officials of the EFCC (Nigerian Fraud Squad) had everyone vacate the computers; they asked everyone to put up their hands facing the walls and then as one of the suspects remonstrated an EFCC official assaulted the man with a slap in the face commanding him to shut up.
This is a poor reflection on the Nigerian criminal justice system that suspects can be assaulted but law enforcement agents with impunity and very little recourse for justice.
My take on 419
Back to 419 - This is where using the human susceptibility to greed and gullibility, a victim receives a request to supposedly launder ill-gotten gains from bogus contracts or stashes of frozen sums of money by providing their bank account details and paying an upfront fee for the administration of the process. Some are so sophisticated in their ploys that it becomes too good to be true – anything that has that feel to it has my radar homing in on something fishy.
Many have fallen for this get-rich-quick scheme and lost large sums of money, but I have no sympathy for both the perpetrator and the victim, they were both about to engage in a criminal act. However, there are cases where the contracts do look real, but when you are about to invest money, especially in Nigeria, you have to have your wits about you and seek an independent, impartial review of the whole thing – involve lawyers and investigators you can trust before you part with your cash.
The Real Story episode revealed that people’s details were being sold for as little as 20 Pounds, the details were supposedly gleaned of hard disks which would have been in used and second-hand computers exported to Nigeria.
Your details can be used anywhere
The fact is the information on hard disks can be read in any country and can be used by any set of criminals either in Nigeria or elsewhere. Having completed a module on Computer Forensics, I am very well aware of the fact that it takes a lot more to delete data off a hard disk.
There are tools to recover long removed data and special tools are required to wipe hard disks to the security standard of the Department of Defence, in fact, in most cases, the hard disk would be melted if the data that it once contained is considered secret.
Besides, identity fraud is probably an issue closer to home than in faraway Nigeria. All you have to do to rummage through a bin and find letters, bank statements, if not credit card PIN slips that give enough information about a person – this is called bin raiding – a further search on the Internet can reveal birth date, birthplace and parents if the genealogy, census, birth, marriage and death registrations are online.
A letter posted to my cousin in England from Nigeria some 20 years ago ended up in the hands of a lodger who used that information to obtain a National Insurance number in my name – so identity theft does not have to be so complicated or sophisticated.
Developing a sense of security to protect privacy
People who generally would lock their doors when they go out and pull the curtains to keep prying eyes out, apparently, do not apply the same principle to their information, data, computers and personal details.
Everyone who receives a letter of any importance must invest in a paper shredder and shredders do have different security ratings from strips to pulp – I never dispose of any paper that has not been shredded and I have been doing that for at least 7 years.
Your computer when online is like an open door with drawn curtains and open windows; you need more than just any popular anti-virus software because virus developers test their malevolent programs against popular anti-virus software to prevent detection.
The general idea is to develop the fortress principle to your computer, an outer wall (a firewall), the doors and windows (an anti-virus software) and then the protection of valuables within the home (malware detectors).
Use good tools
In my case, I do use a hardware firewall found in my wireless router and enable the software firewalls on all computers, I have installed the well known McAfee VirusScan Plus and Trend Micro PcCillin Internet Security ensuring that the updates run every day at night.
Malware is software that gets installed inadvertently on your system through opening a suspicious email or visiting an innocuous web site, they can install key loggers which record all the keystrokes you have typed and send that information to a harvesting system where the information can be replayed as if it were you logging on to your bank account or some other security service. These are really the identity theft perpetrators.
I use Lavasoft Ad-Aware and SpyBot – Search and Destroy, with all that attention to detail, I still find that a keylogger still ends up on my laptop every few days – you just need to keep ahead of the criminals – time after time.
In addition, to remove all references to sites, I have visited and files I have opened on an operational system, I use CleanUP.
If you are done with your computer, you can recycle it, but before you do, search for a secure hard disk deletion tool as this write-up suggests – Purge hard drives before recycling.
Common sense approach to social engineering
In all, you have your identity to protect, ensuring that the people privy to your secrets are authorised to access that information with discretion under the contract of confidentiality, not of which should violate your right to privacy.
Where people, emails or forms ask for information that should be personal and known only to you like your PIN numbers, do not under any circumstances reveal that information because that that time you would be seriously compromised – they might want information about who you are where name, address, date of birth and account number might suffice, but that should only be divulged to those your have ascertained through obtaining their own details first.
Always err on the side of caution, err of the side of keeping the information than giving it out.
References

No comments:

Post a comment

Comments are accepted if in context are polite and hopefully without expletives and should show a name, anonymous, would not do. Thanks.