Language Selection

English French German Italian Portuguese Spanish

Internet Scammers Keep Working in Nigeria

Filed under
Security

Day in, day out, a strapping, amiable 24-year-old who calls himself Kele B. heads to an Internet cafe, hunkers down at a computer and casts his net upon the cyber-waters.

Blithely oblivious to signs on the walls and desks warning of the penalties for Internet fraud, he has sent out tens of thousands of e-mails telling recipients they have won about $6.4 million in a bogus British government "Internet lottery."

"Congratulation! You Are Our Lucky Winner!" it says.

So far, Kele says, he has had only one response. But he claims it paid off handsomely. An American took the bait, he says, and coughed up "fees" and "taxes" of more than $5,000, never to hear from Kele again.

Festac Town, a district of Lagos where the scammers ply their schemes, has become notorious for "419 scams," named for the section of the Nigerian penal code that outlaws them.

In Festac Town, an entire community of scammers overnights on the Internet. By day they flaunt their smart clothes and cars and hang around the Internet cafes, trading stories about successful cons and near misses, and hatching new plots.

Festac Town is where communication specialists operating underground sell foreign telephone lines over which a scammer can purport to be calling from any city in the world. Here lurk master forgers and purveyors of such software as "e-mail extractors," which can harvest e-mail addresses by the million.

Now, however, a 3-year-old crackdown is yielding results, Nigerian authorities say.

Nuhu Ribadu, head of the Economic and Financial Crimes Commission, says cash and assets worth more than $700 million were recovered from suspects between May 2003 and June 2004. More than 500 suspects have been arrested, more than 100 cases are before the courts and 500 others are under investigation, he said.

The agency won its first big court victory in May when Mike Amadi was sentenced to 16 years in prison for setting up a Web site that offered juicy but phoney procurement contracts. Amadi cheekily posed as Ribadu himself and used the agency's name. He was caught by an undercover agent posing as an Italian businessman.

This month the biggest international scam of all - though not one involving the Internet - ended in court convictions. Amaka Anajemba was sentenced to 2 1/2 years in prison and ordered to return $25.5 million of the $242 million she helped to steal from a Brazilian bank.

The trial of four co-defendants is to start in September.

Why Nigeria? There are many theories. The nation of 130 million, Africa's most populous, is well educated, and English, the lingua franca of the scam industry, is the official language. Nigeria bursts with talent, from former NBA star Hakeem Olajuwon to Nobel literature laureate Wole Soyinka.

But with World Bank studies showing a quarter of urban college graduates are unemployed, crime offers tempting career opportunities - in drug dealing, immigrant-trafficking, oil-smuggling, and Internet fraud.

The scammers thrived during oil-rich Nigeria's 15 years of brutal and corrupt military rule, and democracy was restored only six years ago.

"We reached a point when law enforcement and regulatory agencies seemed nonexistent. But the stance of the present administration has started changing that," said Ribadu, the scam-busting chief.

President Olusegun Obasanjo is winning U.S. praise for his crackdown. Interpol, the FBI and other Western law enforcement agencies have stepped in to help, says police spokesman Emmanuel Ighodalo, and Nigerian police have received equipment and Western training in combating Internet crime and money-laundering.

Experts say Nigerian scams continue to flood e-mail systems, though many are being blocked by spam filters that get smarter and more aggressive. America Online Inc. Nicholas Graham says Nigerian messages lack the telltale signs of other spam - such as embedded Web links - but its filters are able to be alert to suspect mail coming from a specific range of Internet addresses.

Also, the scams have a limited shelf life.

In the con that Internet users are probably most familiar with, the e-mailer poses as a corrupt official looking for help in smuggling a fortune to a foreign bank account. E-mail or fax recipients are told that if they provide their banking and personal details and deposit certain sums of money, they'll get a cut of the loot.

But there are other scams, like the fake lotteries.

Kele B., who won't give his surname, says he couldn't find work after finishing high school in 2000 in the southeastern city of Owerri, so he drifted with friends to Lagos, where he tried his hand at boxing.

Then he discovered the Web.

Now he spends his mornings in Internet cafes on secondhand computers with aged screens, waiting "to see if my trap caught something," he says.

Elekwa, a chubby-faced 28-year-old who also keeps his surname to himself, shows up in Festac Town driving a Lexus and telling how he was jobless for two years despite having a diploma in computer science.

His break came four years ago when the chief of a fraud gang saw him solve what seemed like "a complex computer problem" at a business center in the southeastern city of Umuahia and lured him to Lagos.

He won't talk about his scams, only about their fruits: "Now I have three cars, I have two houses and I'm not looking for a job anymore."

By DULUE MBACHU
Associated Press

More in Tux Machines

Security News

  • Tuesday's security updates
  • New Open Source Linux Ransomware Divides Infosec Community
    Following our investigation into this matter, and seeing the vitriol-filled reaction from some people in the infosec community, Zaitsev has told Softpedia that he decided to remove the project from GitHub, shortly after this article's publication. The original, unedited article is below.
  • Fax machines' custom Linux allows dial-up hack
    Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection. The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line. The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected. Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.
  • Google just saved the journalist who was hit by a 'record' cyberattack
    Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs. Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks. Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists' websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.
  • Krebs DDoS aftermath: industry in shock at size, depth and complexity of attack
    “This attack didn’t stop, it came in wave after wave, hundreds of millions of packets per second,” says Josh Shaul, Akamai’s vice president of product management, when Techworld spoke to him. “This was different from anything we’ve ever seen before in our history of DDoS attacks. They hit our systems pretty hard.” Clearly still a bit stunned, Shaul describes the Krebs DDoS as unprecedented. Unlike previous large DDoS attacks such as the infamous one carried out on cyber-campaign group Spamhaus in 2013, this one did not use fancy amplification or reflection to muster its traffic. It was straight packet assault from the old school.
  • iOS 10 makes it easier to crack iPhone back-ups, says security firm
    INSECURITY FIRM Elcomsoft has measured the security of iOS 10 and found that the software is easier to hack than ever before. Elcomsoft is not doing Apple any favours here. The fruity firm has just launched the iPhone 7, which has as many problems as it has good things. Of course, there are no circumstances when vulnerable software is a good thing, but when you have just launched that version of the software, it is really bad timing. Don't hate the player, though, as this is what Elcomsoft, and what Apple, are supposed to be doing right. "We discovered a major security flaw in the iOS 10 back-up protection mechanism. This security flaw allowed us to develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) back-ups made by iOS 10 devices," said Elcomsoft's Oleg Afonin in a blog post.
  • After Tesla: why cybersecurity is central to the car industry's future
    The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security. This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production. This leads to a ‘fire brigade approach’ to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.

Ofcom blesses Linux-powered, open source DIY radio ‘revolution’

Small scale DAB radio was (quite literally) conceived in an Ofcom engineer’s garden shed in Brighton, on a Raspberry Pi, running a full open source stack, in his spare time. Four years later, Ofcom has given the thumbs up to small scale DAB after concluding that trials in 10 UK cities were judged to be a hit. We gave you an exclusive glimpse into the trials last year, where you could compare the specialised proprietary encoders with the Raspberry Pi-powered encoders. “We believe that there is a significant level of demand from smaller radio stations for small scale DAB, and that a wider roll-out of additional small scale services into more geographic areas would be both technically possible and commercially sustainable,” notes Ofcom. Read more

nginx

Case in point: I've been using the Apache HTTP server for many years now. Indeed, you could say that I've been using Apache since before it was even called "Apache"—what started as the original NCSA HTTP server, and then the patched server that some enterprising open-source developers distributed, and finally the Apache Foundation-backed open-source colossus that everyone recognizes, and even relies on, today—doing much more than just producing HTTP servers. Apache's genius was its modularity. You could, with minimal effort, configure Apache to use a custom configuration of modules. If you wanted to have a full-featured server with tons of debugging and diagnostics, you could do that. If you wanted to have high-level languages, such as Perl and Tcl, embedded inside your server for high-speed Web applications, you could do that. If you needed the ability to match, analyze and rewrite every part of an HTTP transaction, you could do that, with mod_rewrite. And of course, there were third-party modules as well. Read more

Linux and Open Source Hardware for IoT

Most of the new 21 open source software projects for IoT that we examined last week listed Linux hacker boards as their prime development platforms. This week, we’ll look at open source and developer-friendly Linux hardware for building Internet of Things devices, from simple microcontroller-based technology to Linux-based boards. In recent years, it’s become hard to find an embedded board that isn’t marketing with the IoT label. Yet, the overused term is best suited for boards with low prices, small footprints, low power consumption, and support for wireless communications and industrial interfaces. Camera support is useful for some IoT applications, but high-end multimedia is usually counterproductive to attributes like low cost and power consumption. Read more