Category: Sports Entertainment & Tech

The Federal Government recently raised alarm over the use of “deepfake news to target the Nigeria government and its officials. According to the report, fake news has gotten worse by becoming a tool for critics to target the government, and Nigerians ought to know that we have graduated from normal fake news to “deepfake news”.

 

The threat of deepfake news is that it is difficult to distinguish fake news from genuine news, since creators of deepfake news would take a story, either a video or a photo and make it look genuine. They will take recordings of what is happening in other countries, mutate them and massively circulate them as what is truly happening in Nigeria.

 

Deepfakes are one of the most rapidly changing technologies available today and they refer to artificial intelligence (AI)-generated synthesized and/or overlaid images and videos utilizing existing photos and videos for deception purposes.

 

Deepfake technology has seen a dramatic growth in popularity as the underlying AI technology has advanced. Deeptrace, a security company, projected that the number of deepfake videos online has risen to around 15,000 in 2019 alone – and continues to grow dramatically. Deepfakes are extremely convincing—they successfully lead people to believe that someone did or said something that never occurred.

 

As the usage of deepfakes grow, organizations should prepare for the new threats posed by this technology, as well as new regulatory changes that may be implemented in reaction. in some countries. Most people identify deepfakes with disinformation—and their usage to impersonate politicians or celebrities may pose a significant risk to people’s reputations.

 

Deepfakes are a growing cybersecurity threat, and as technology develops, businesses will increasingly need to protect themselves.

 

 

What is the Use of Deepfakes?

A deepfake is an attempt to deceive viewers by displaying fake or manipulated content. To disseminate misinformation or carry out other nefarious activities, its creator wants you to believe information that is not true.

 

What is the point? Special effects and animations in films have both benefited from the use of this technology. Nevertheless, deepfake technology is now in use for malicious objectives.

• Defrauds and hoaxes.
• Pornography involving well-known people.
• Election fraud.
• using social engineering to manipulate others.
• Automated Disinformation
• Theft of personal information, as well as financial fraud.

 

 

Deepfakes Attack Poses Risk to Individuals and Businesses

Deepfakes pose a threat in a variety of areas, including cybersecurity, political elections, personal finances, corporate reputations, and more. Scams against individuals and companies, especially those conducted on social media, can take advantage of this bad intent and misuse.

 

Social media posts that are backed up with persuasive manipulation have the ability to mislead and inflame the internet-connected populace. Deepfakes supply the media that makes fake news appear to be true.

 

Businesses are frequently the first targets of deepfake attackers. The deepfake content may be used in a “newly defined cyber-attack vector” known as Business Identity Compromise (BIC). Through a BIC, the deepfake technologies are used to create “synthetic corporate personas” or impersonate current employees, causing “quite serious financial and reputational impacts to victim businesses and organizations.”

 

Businesses are concerned about a variety of scams involving deepfake technology, including:

• Supercharging scams, in which deepfake audio is used to make the caller appear to be a higher-up, such as a CEO requesting money from an employee.
• Identity theft where deepfake technology is used to perform crimes such as financial fraud.

 

The most visible and probably most concerning risk that this technology poses to businesses is its potential to aid criminals in fraudulent activity. The ability to look and sound like anyone, including those authorized to approve company payments, enables fraudsters to exploit weak internal controls and collect potentially enormous sums of money.

 

 

Legal Framework against Deepfake Attacks in Nigeria

It is crucial to highlight that there is currently no particular legal restriction on the creation of deepfakes in Nigeria. The only constraints on the type of content that individuals may create using technology are those imposed by anti-fraud legislation, as well as safeguards against harassment, defamation, and copyright infringement, as well as data protection regulations.

 

This might complicate the process of seeking redress after suffering damage as a consequence of deceit caused by deepfakes, unlike with China’s and some US states’ policies, which have criminalized the use of deepfakes in specific instances. Meanwhile, the use of deepfakes for cybercriminal activities in Nigeria has raised global concerns about consumer data protection.

 

The “Cybercrimes (Prohibition and Prevention) Act, 2015” which seems to have a substantial influence on Nigeria’s cyber laws, establishes a comprehensive legal, regulatory, and institutional framework for the prevention, detection, prosecution, and punishment of cybercrime in Nigeria.

 

Additionally, the Act promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights, as well as the protection of critical national information infrastructure.

 

 

Protection against Deepfakes Attacks on Businesses

AI-driven technology is expected to be the most effective approach to identify deepfakes since machine learning algorithms can detect minor abnormalities and anomalies that humans can’t. But to reduce the risk of falling prey to deepfake-based frauds, businesses have to introduce training to staff and explain the threats posed by deepfakes and how they may be recognized to employees, particularly those working in positions relating to the payment of funds; and Increase the rigor with which payment authorizations are approved.

 

These are some important steps you can take to safeguard your business from deepfakes:

• Inform the board, the senior management team, and your staff of the dangers of deepfakes.
• Train users to recognize and report attempts at social engineering, spear-phishing, and other unusual activity.
• Don’t trust anyone you meet online. Find many independent sources to confirm the person’s identification.
• Provide no personal or sensitive corporate information to anyone without confirmation from a legitimate second source.
• Establish continuity strategies for when the company is the victim of a successful assault.

 

Deepfakes will become much more common in the future. We have skilled and experienced cyber lawyers at Olisa Agbakoba Legal (OAL) who can provide legal support and advice in cases involving cybercrime and cyber security.

 

Our Cyber lawyers handle cybercrime cases that involve individuals, organizations, or the government, as well as cases involving e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, and other topics. They collaborate with stakeholders to protect against today’s threats and to develop more secure and resilient infrastructure for the future.

 

Our Cyber Security Lawyers among other things, negotiate complex technology agreements, provide daily operational support to the agency’s hunt, incident response, and vulnerability management divisions, advocate for the agency’s positions in litigation, draft and negotiate legislation, and respond to audits and investigations.

 

Please do not hesitate to contact OAL’s Cyber Lawyers if you have any questions about internet technologies or cybercrimes in Nigeria.

 

 

---

 

Written By:

Josephine Uba

Lead Digital Strategist, OAL.

Nigerians are becoming well-known for their involvement in dating or romance scams. Scammers prey on those looking for love connections, generally through dating websites, apps, or social media, by posing as potential partners. They use emotional manipulation to persuade them to provide money, gifts, or personal information.

 

According to CNN, federal authorities have charged ten people in Oklahoma, New York, California, and Texas with conspiring to launder money obtained through a romance scam targeting women nationwide.

 

Five of the individuals charged were arrested in Norman, Oklahoma; one was arrested in Brooklyn, New York; and one was arrested in Long Beach, California. Three of the suspects escaped.

 

According to a federal indictment released by the US District Court for the Northern District of Oklahoma, the suspects – the majority of whom were Nigerian – would initiate online relationships with women and falsely claim to be US citizens working overseas. They target women on dating websites and social media platforms, and created dating profiles using fictitious names, locations, and images.

 

The victims originated from a variety of locations, including Seminole, Florida; Centerville, Ohio; and Pryor, Oklahoma. They lost nearly $1.1 million in total, including one who sent cash and goods worth $546,000.

 

This type of incident occurs more frequently than you might believe, and while there are several scams online, few are as destructive as these.

 

The Federal Trade Commission reports that Americans lost $143 million to romance scams in 2018, with the average victim losing over $2,600. The US Federal Bureau of Investigation’s Internet Crime Commission (IC3) reported receiving over 15,000 allegations of romantic scams in 2016. In 2020, romance scams reported a record of $304 million in losses to the Federal Trade Commission. This is an increase of around 50% over the previous year.

 

It’s not just the money that’s at stake in these types of scams; the victims have generally developed an emotional attachment to their scammers, believing them to be real and prospective life mates. That only adds to their anguish when they become heartbroken as the scammers make off with their money or savings.

 

Most reports show that many of these schemes to defraud vulnerable people looking for love start in Nigeria, where a thriving underground economy of scammers sets up profiles on online dating sites and sweet chats unwary victims into parting with their funds.

 

 

What is a Romance Scam?

Dating or romance scam entails posing as a potential date or love partner on the internet in order to connect with someone. A fake picture of someone exceptionally attractive is frequently used to lure people to respond to love propositions. To lure someone into a scam, a fake profile is built with false information. The creation of a false online identity is known as Catfishing. Emails and other messages are exchanged once someone responds or appears receptive to a romantic relationship. Over time, trust is earned.

 

Following the establishment of confidence based on false pretenses, solicitations for money or other items begin. Asking someone to donate money or presents is a form of dating fraud. In other situations, the fraud entails requesting that someone transmit intimate images or provide personal identifying information or financial account information. The intimate photographs might be used to blackmail someone or placed on pornographic websites, while the personal identifying information could be utilized in identity theft frauds.

 

 

How Does a Dating or Romance Scam Work?

Scammers frequently conduct dating and romance scams via online dating websites, but they may also contact victims via social media or email. They have even been known to initiate contact with their victims by phone. Catfishing is another term for these schemes.

 

Scammers frequently construct fictitious online personas to entice you. They may use a made-up name or impersonate real, trustworthy individuals such as military personnel, aid workers, or professionals working abroad.

 

Scammers will express intense emotions for you in a short period of time and will advise that you take the connection away from the internet and onto a more private channel, such as phone, email, or instant messaging. They frequently claim to be Australians or residents of another western country but are actually traveling or working in another country.

 

Scammers will go to great lengths to pique your interest and earn your trust, including showering you with love words, providing ‘personal information,’ and even giving you gifts. They may spend months cultivating what appears to be a lifetime romance and may even pre-book airfare to visit you but never arrive.

 

Once they have acquired your trust and your defenses have been breached, they will ask you for money, gifts, or your banking/credit card information (subtly or directly). Additionally, they may request that you submit photographs or videos of yourself, maybe of a personal nature.

 

Frequently, the scammer will claim that they require the funds for a personal emergency. For instance, they may assert that they have a critically ill family member who requires immediate medical attention, such as an expensive operation, or they may assert financial difficulties as a result of an unlucky run of bad luck, such as a failed business or street mugging. Additionally, the fraudster may pretend they wish to visit you but are unable to do so without your assistance in covering their airline or other travel expenditures.

 

Occasionally, the scammer may give you important products such as laptop computers and cell phones and would request that you resend them to a different location. They will fabricate a reason why they require your assistance in delivering the products, but this is really a cover for their illicit activities. Alternatively, they may request that you purchase the goods and ship them yourself. You may even be required to accept funds into your bank account and subsequently transfer them to another individual.

 

Occasionally, the scammer will inform you of a significant sum of money or gold they are transferring out of their nation and give you a portion. They’ll explain that they require your funds to cover administrative costs or taxes.

 

Dating and romance scammers can also be a threat to your physical safety, as they are frequently affiliated with international criminal networks. Scammers may seek to lure victims overseas, placing them in potentially perilous situations with terrible effects.

 

Regardless of the method used to defraud you, you could end up losing a significant amount of money. Each year, billions of people are duped globally by online dating and romance frauds. Money sent to scammers is nearly always unrecoverable, and you may also experience long-lasting emotional betrayal at the hands of someone you believed loved you.

 

How To Avoid Online Dating Scams

You should be able to avoid online dating scams and maintain greater general online safety once you know how to recognize if someone is scamming you online. When using dating services and social media to meet individuals, take the following precautions:

 

• Check and double-check everything. Conduct an online search to verify the person’s identity, including their name, photo, location, email address, and other facts.

 

• Slow down and seek advice from someone you can trust. Tell a friend or family member about your issue, and talk with them about your future steps. A romance scammer may try to isolate you from your friends and family, or force you to make hasty decisions on your own. Don’t be rushed into making a decision by a fraudster.

 

• Please do not transfer any money. Never give money to an internet love interest through wire transfer, gift card, or cash reload card. You’re not going to get it back.

 

• Report any money you’ve previously sent. If you suspect you’ve sent money to a scammer, contact your bank straight away.

 

Penalties For Dating or Romance Scams in Nigeria

Engaging in an online romance scam might result in criminal charges being brought against you in court. This is especially when the scam takes place across international borders. Internet fraud, identity theft, and bank fraud, among other crimes, are all prohibited under federal law. A charge of wire fraud or mail fraud for exploiting the wire service or the postal service in a wire transfer scam or any form of online romance scam can result in a lengthy prison sentence.

 

Do I Need a Lawyer If I am a Victim of a Romance Scam in Nigeria?

Even if you are successful in prosecuting a scammer, it is unlikely that you will be able to recover any of the money you have lost. Unfortunately, more often than not, there is no one to answer to or hold accountable following a romantic fraud. Along with a wounded heart, you’ll be left with mountains of debt and the hope that the person with whom you fell in love is genuine.

 

Romance scams are the most often reported type of scam. These kinds of scams can happen to anyone. Consultation with a compassionate bankruptcy lawyer will assist you in resetting this unfathomable scenario.

 

Olisa Agbakoba Legal (OAL) is a Nigerian law firm that specializes in bankruptcies. Contact us today to schedule a complimentary consultation with an experienced, sympathetic bankruptcy attorney.

 

Do I Need a Lawyer If I am Accused of a Romance Scam in Nigeria?

Romance fraud is a serious offense, even if you believe the victim profited from the scam by getting your time and energy. However, you may still face prison time and monetary penalties as a result of your criminal acts. You may even face charges of identity theft if your strategy involves catfishing and the use of another’s identities.

 

Olisa Agbakoba Legal (OAL) has extensive experience defending clients who have been accused of participating in any type of online dating scam. We provide guidance throughout your case to facilitate the development of a strategic plan for responding to the charges, which may involve fighting conviction, negotiating a plea agreement, or pursuing dismissal of the charges.

 

Contact a criminal lawyer at OAL to learn more about the charge and viable defenses associated with dating or romance scams in Nigeria.

 

 

---

Written By:

Josephine Uba

Lead Digital Strategist, OAL

The “dark web” is a hidden internet world where good and evil coexist. On the bright side, the dark web enables anonymous, highly secure communication routes to protect reform agents such as human rights activists and journalists who are targeted by oppressive foreign regimes.

 

On the negative side, the dark web has become a major center of criminal activity, a fully working marketplace where anonymous buyers may buy from anonymous sellers with reasonable confidence, often with customer ratings available, just as they can on the public web.

 

The Federal Bureau of Investigation (FBI) arrested Ross Ulbricht in 2013 for running Silk Road, an online marketplace for illegal substances. The site was uncovered on the so-called Dark Web, where Ulbricht (under the alias “Dread Pirate Roberts”) remained anonymous and so protected from law enforcement, albeit for a short time. Silk Road couldn’t be accessed with just any desktop browser, and customers were unable to use credit cards to buy heroin, methamphetamine, or other drugs.

 

However, as soon as “Silk Road” was shut down, others stepped into play. The Dark Web works in the shadows of the internet, veiled in encryption and accessible only through particular encrypted browsers, as its name suggests. 

 

The obscurity of unlawful conduct on the dark web conceals an industry that authorities are increasingly concerned about. The criminal side of the dark web hides its trade in a variety of contraband, including opioids and other drugs, bomb parts, small and large weapons, child pornography, social security numbers, body parts, and even criminal acts for hire, using anonymizing technology and bitcoin.

 

The anonymity of the dark web not only fosters illicit actions, but it also keeps many law enforcement agencies in the dark about its presence, even when online transactional crimes affect their regions.

 

An NIJ-supported gathering of experts identified law enforcement’s primary dark web challenges and opportunities, as well as high-priority needs for addressing them, in order to improve the awareness of the dark web among law enforcement agencies and identify tools that can assist them police it. The workshop experts identified a fundamental concern for law enforcement as: a lack of understanding of how the dark web works and how criminals have begun to exploit it.

 

In recent years, various technologies for monitoring content on the visible Web have been developed, but there are essentially no corresponding tools for the dark Web. It is critical to provide evidence that the dark Web has become a key platform for global terrorism and criminal activity in order to develop the required technologies for monitoring all parts of the Internet.

 

Via this post, we’ll go over what the Dark Web is and how it works, how it varies from the Deep Web, what kinds of crimes it houses, and what actions need to be taken against these Dark Web crimes.

 

Understanding The Internet, The World Wide Web and The Deep Web

Although many individuals confuse the phrases Internet and World Wide Web, they are not interchangeable. The Web and the Internet are two distinct but connected concepts.

 

The Internet is a huge collection of networks that serves as a networking infrastructure. It joins millions of computers around the world to build a network in which any computer can communicate with any other computer as long as they are both linked to the Internet.

 

The World Wide Web, or simply the Web, on the other hand, is a way of gaining access to information over the Internet. It’s an Internet-based information-sharing system. To send data, the Web uses the Hypertext Transfer Protocol (HTTP), which is merely one of the Internet’s languages. The web is the publicly visible part of the internet that most of us use every day, and it is accessible via search engines such as Google or Bing.

 

Email, which uses Simple Mail Transfer Protocol, Usenet newsgroups, instant messaging, and File Transfer Protocol, is also done through the Internet, not on the Web. As a result, the Web is only a small part of the larger Internet.

 

Finally, the deep Web can be defined as a part of the internet that is normally hidden from public view. It refers to World Wide Web content that does not appear on the surface of the Web. Normal search engines cannot access it. It can’t be found using standard search engines but via other, less well-known ways.

 

The majority of the ‘Deep Web’ consists of databases that may be accessed safely via the ‘Open Web.’ Databases related with hotel reservations, online purchases, medical records, banking, and other activities, for example. These content are password-protected and can only be accessed by authorized individuals.

 

The Dark Web

The dark Web is a subset of the deep Web that has been purposefully concealed and is unreachable via standard Web browsers. Dark Web sites serve as a platform for Internet users that value anonymity, as they not only protect against unauthorized users, but also typically contain encryption to avoid monitoring.

 

Most individuals access the internet using a computer or device with an IP (Internet Protocol) address – a unique online identity.

 

An IP address allows networks to transmit the right information to the appropriate location, such as ensuring that an email is sent to its intended recipient. Using an IP address, an individual’s online activities can be tracked and monitored.

 

The ‘Dark Web’ employs sophisticated technologies that hide a user’s genuine IP address, making it extremely difficult to determine which websites a device has visited.

 

The Tor network is a relatively well-known source for content on the dark Web. Tor is an anonymous network that can only be accessed with a specific Web browser known as the Tor browser.

 

Tor as a means for communicating online anonymously was first introduced in 2002 by the US Naval Research Laboratory as The Onion Routing (Tor) project. I2P, another network, has many of the same capabilities as Tor. I2P, on the other hand, was designed to be a network within the Internet, with traffic staying within its limits. Tor enables more anonymous access to the open Internet, whereas I2P provides a more powerful and reliable “network within a network.”

 

How the “Dark Web” Came Into Play – The TOR Network’s Evolution

The Internet was not developed with elements like privacy and anonymity in mind by default. As a result, everything can be tracked or traced. However, some people are particularly concerned about their privacy, and the US Federal Government was one such group in the mid-1990s.

 

A team of computer scientists and mathematicians working for the Naval Research Laboratory (NRL), a branch of the US Navy, began developing a novel technique known as Onion Routing. It enables anonymous bidirectional communication in which the source and destination are not known to a third party. Overlay Network is used to do this. An overlay network is  a network that is built on top of another network  (i.e the internet).

 

A darknet is a network that uses the onion routing technique. The dark web was created by combining all of these different darknets. People at NRL quickly understood that in order for the network to be genuinely anonymous, it needed to be accessible to everyone, not only the US government. As a result, the NRL was forced to expose their Onion routing system under an Open Source License to the public, and it became The Onion Router (TOR).

 

How the “Dark Web” Works

Every day, our online activities create digital footprints in the form of personal data. Our digital identity and representation — is made up of this whole information.

 

When IP addresses can’t be traced, anonymity on the internet is assured. Tor client software hides user identification and eliminates monitoring by routing Internet traffic through a global volunteer network of computers. As a result, the dark Web is ideal for cybercriminals who are always attempting to hide their identities.

 

Governments use the dark Web to exchange documents in secret, journalists use it to escape censorship in numerous countries, and dissidents use it to avoid authoritarian regimes’ control. In contemporary political and social discussions, anonymous communications play a significant role. Because of concerns of political or economic retaliation, many people want to keep their identities hidden.

 

Anonymous communication across a computer network is achieved using onion routing. Messages are encrypted multiple times before being routed through onion routers, which are multiple network nodes. Each onion router scrapes away a layer of encryption to reveal routing instructions, then delivers the message to the next router to repeat the process. This method keeps intermediate nodes in the dark about the message’s origin, destination, and content.

 

Crimes Associated With the “Dark Web”

The Dark Web is the center of criminal attacks because it provides anonymity and serves as a doorway into the criminal world. The following are some of the most well-known crimes committed on the Dark Web:

 

• Drug Trafficking

The dark web is an unlawful marketplace for the sale of illegal and dangerous substances in exchange for crypto currency. Bitcoin, Ethereum, and Ripple are just a few examples.

 

Silk Road was also a well-known marketplace for unlicensed medications and illegal drugs. The FBI took down this website in 2013. Agora is a website that was shut down as well. There are a number of such websites that operate on the Dark Web for the sale and distribution of illegal drugs. Visually pleasing, these sites resemble any other shopping website, with a brief description of the items and a photograph to accompany them.

 

• Human Trafficking

Human trafficking takes place at Black Death, a dark web site. The British model Chloe Ayling is one of the victims of human trafficking on the Dark Web. According to a 2017 survey, the majority of human trafficking survivors were recruited for sex and labor trafficking.

 

Other reports have demonstrated that the Dark Web has aided in the concealment of this crime. Black Death is a dark web organization that operates by often changing URLs.

 

• Information Leaks and Theft

Many anonymity-supporting platforms, such as TOR, are helpful resources for whistleblowers, activists, and law enforcement. So, it is reasonable to believe that specialized sites make it easier for individuals to exchange physical and private information, such as passwords and access to passwords for the surface Web, paid pornography sites, and PayPal credentials. 

 

Hackers use the Dark Web to spread sensitive information. On the dark web, a hacker gang once exposed the credit card accounts and login information for around 32 million Ashley Madison customers as a 9.7GB data dump. Employees are even paid by dark web hubs to expose corporate information.

 

• Murder and Contract Killers

The Assassination Market website is a prediction market where a party can gamble on a person’s death date and receive a payout if the date is “guessed” correctly. This encourages assassination since the assassin, knowing when the event will take place, can benefit by placing a precise bet on the time the subject will die. It is much more difficult to assign criminal guilt for the assassination because the payment is for knowing the date rather than doing the assassination itself.

 

 On the dark web, there are even websites where you may hire professional assassins. Once, a hacker known as ‘bRpsd’ gained access to BesaMafia’s website and leaked its information online. User accounts, personal conversations, eight hit-orders, and a folder containing nearly 200 victim photos were all exposed. 

 

• Child Pornography

According to a report, child pornography drives the most traffic to TOR’s hidden sites. It is difficult for the common user to locate such sites. It is a form of child exploitation that involves the sexual stimulation of children as well as the abuse of children during sexual acts. It also includes kid pornographic sexual photos.

 

Lolita City, a site that had over 15,000 members and stored over 100GB of child pornography photographs and videos, has officially been taken down.

The FBI shut down PLAYPEN in 2015, which had over 200,000 members and might have been the largest child pornography site on the dark web.

 

• Terrorism

Terrorists and the dark Web appear to be made for one other; the latter requires an anonymous network that is both accessible and inaccessible. Terrorists would struggle to maintain a presence on the surface Web because their sites might be easily shut down and, more crucially, traced back to the original poster.

 

While the dark Web may not have the same broad appeal as the surface Web, the hidden ecology is ideal for propaganda, recruitment, finance, and planning, which is in line with our first perception of the dark Web as an unregulated cyberspace.

 

• Exploit Markets

Exploits are malware that takes advantage of software defects before they are fixed. Zero-day exploits target zero-day vulnerabilities, which are those for which the vendor has yet to release an official patch. The term “zero-day” refers to the fact that the programmer had no time to fix the vulnerability.

 

Exploit markets are marketplaces for buying and selling zero-day exploits, and the price of an exploit is determined by the popularity of the target software as well as the difficulty of cracking it.

 

• Proxying and Onion-Cloning

Users of Tor-like platforms are vulnerable to attack because of their anonymity. The normal ‘HTTPS’ in the URL of such a site which indicates that it is secure does not appear. They must bookmark the TOR page to ensure they are on the legitimate site.

 

When a fraudster uses website proxying, the user is tricked into believing he is on the original page, and the scammer then re-edits the link to send the user to his scam URL. When a user pays in crypto-currency, the money is transferred to the scammer instead.

 

Onion Cloning is comparable to proxying. In order to steal money from the user, the scammer builds a replica of the original site or page and modifies the links so that the user is referred to their scammed site.

 

• Illegal Financial Transactions

Theft and sale of a user’s credit card credentials and personal information are referred to as carding frauds. On the Dark Web, it is the most popular sort of criminal activity. 

 

Credit and debit cards are sold on darknet markets. Multiple URLs redirect the user to the same page on these sites. Vendors from other forums submit advertisements describing what they have.   Vendors sell cards at a lesser cost. 

 

Carding frauds are also possible on some money transfer services. This service is available through a website called Atlantic Carding, and the more you spend, the more you get. Business credit card accounts and even infinite credit card accounts linked to ultra-high-net-worth individuals are up for grabs. The user’s personal information, such as name, address, and so on, are available at a price.

 

• Arms Trafficking

It serves as a conduit for illegal arms trafficking. According to a RAND Corporation study, the dark web is expanding the availability of firearms at similar prices to those seen on black market streets. Europe is also discovered to be the main supply of firearms. The Dark Web has become a forum for criminal groups and terrorists, with Germany coming in third with 5.31 percent.

 

Euroarms is a website that sells a variety of firearms that may be delivered to your door in any European country. The ammunition for these weapons is sold separately, and that website should be discovered on the dark Web. 

 

The Dark Web and Malware

The dark web market is a place where illegal materials can be bought and sold. It  is a home for a variety of malicious software and services and  malware is a critical component of many cyber-attacks occurring through the Dark web. 

 

Cryptominers deploy a variety of malwares to carry out their unlawful cyber activities and these are some of the most common malwares:

 

•  Data Stealing Trojans

They can also collect passwords from the clipboard, intercept keystrokes, bypass or disable antivirus software, and transfer files to the attacker’s email address. 

 

• Ransomware

Ransomware encrypts your computer or files and demands a ransom payment before they may be decrypted.  Ransomware is a type of malicious assault that takes control of a user’s system and prevents that user from accessing it. There are various methods through which ransomware criminals select the organizations they attack. Some businesses are attractive targets because they appear to be more willing to pay a ransom quickly. 

 

Medical facilities and government entities, for example, frequently require fast access to their files. Law firms and other sensitive data organizations may be ready to pay to keep news of a hack hidden, and these organizations may be particularly vulnerable to leakware attacks.

 

• Remote Access Trojans (RATs)

Remote Access Trojans allow an attacker to monitor user activity, take screenshots, run files and commands, activate the webcam and microphone, and download files from the internet. DarkComet, CyberGate, ProRAT, Turkojan, Back Orifice, Cerberus Rat, and Spy-Net are examples of popular RATs. 

 

• Botnet Malware

  It’s a multipurpose malware that demonstrates how fraudsters are broadening their attack methods. The ransomware, keylogger, and botnet capabilities are all included in the virus. Botnet Ransomware is an example of Virobot. When Virobot infects a computer, it joins a spam botnet that spreads the malware to new people. The ransomware uses RSA encryption to encrypt the data on the targeted system. Meanwhile, the botnet’s keylogger captures logged data from victims and sends it to the C2 server. Virobot’s botnet function leverages Microsoft Outlook on an infected machine to send spam emails to everyone on the user’s contact list. 

 

• ATM Malware

These Trojans are used to steal money from ATM machines. ATM hacking is profitable due to the fact that a single ATM might contain up to $100,000 in cash. ATM malware is the most expensive of all malwares and a single piece of malware can be used to attack multiple ATMs. Exploits look for flaws in a system or software and take advantage of them. The exploits available on the dark web are designed to work on a variety of platforms. Due to the large market size, Windows-based exploits are the most popular. 

 

Efforts Towards Addressing the Challenges Posed By the Dark Web

To address the challenges posed by the dark web, the RAND Corporation and the Police Executive Research Forum (PERF) convened a workshop on behalf of the National Institute of Justice (NIJ) to bring together a diverse group of practitioners and researchers who would identify the highest-priority problems and potential solutions related to dark web evidence.

 

The workshop experts identified a core issue for the law enforcement which is: a lack of understanding of how the dark web works and how criminals have begun to exploit it. As a result, the emphasis was on building a practical research and development plan to improve law enforcement’s ability to understand and investigate unlawful activities on the dark web.

 

It was found that law enforcement authorities recognized the following as priority needs for detecting illegal behavior on the dark web:

• Raising public awareness of the dark web among state and municipal governments.
• Creating cross-jurisdictional collaborations among agencies.
• Implementing more and advanced training to better equip officers to discover dark web evidence and activities.
• Providing extensive knowledge of dark web methods and operations to special investigation units. Because of the dark web’s anonymity, many state and local law enforcement agencies are generally ignorant of its presence and capacity to instigate crime in their jurisdictions.

 

Monitoring the Dark Web 

The dark Web in general, and the Tor network in particular, provide a secure platform for cybercriminals to support a wide range of illegal activities, from anonymous marketplaces to secure means of communication to an untraceable and difficult-to-shutdown infrastructure for deploying malware and botnets.

 

As a result, it has become increasingly vital for security agencies to track and monitor activities on the dark Web, which is currently focused on Tor networks but may expand to other technologies in the near future.

 

Customers’ Web data could be analyzed by security agencies to detect  connections to non-standard sites. Depending on the customer’s level of Web activity, this may not aid in tracking down links to the dark Web, but it may reveal insights about activities hosted with rogue top-level domains. This can be accomplished without invading the user’s privacy because only the destinations of Web requests need to be monitored, not who is connecting to them.

 

Pastebin and other similar sites are frequently used to distribute contact information and addresses for new hidden services. These sites would have to be constantly monitored in order to detect message exchanges containing new dark Web domains.

 

Most hidden services are highly volatile and frequently go offline, only to reappear later under a new domain name. It is critical to capture a picture of each new site as soon as it is discovered, for further study or monitoring its online activities. 

 

Once the data for a hidden service (any of the websites on the dark Web) has been collected, creating a semantic database including crucial information about the hidden site can assist in tracking future illegal activity on the site and associating them with malicious actors.

 

Finally, it would be beneficial to concentrate on profiling transactions on dark Web marketplaces in order to collect information on vendors, users, and the types of commodities transacted.

 

In Conclusion

The dark web is a part of the Internet where people go to accomplish things in secret and leave no trace. It has become a center for illegal activities such as child pornography, arms trafficking, drug trafficking, and onion cloning, among others. The anonymity provided by this platform is the driving force behind these activities.

 

Other trends are beginning to emerge as a result of recent discoveries regarding widespread Internet surveillance by nation-states and recent arrests of cybercriminals operating dark Web sites. It wouldn’t be shocking if the criminal underworld became more divided into various dark nets or private networks, making investigators’ jobs even more difficult.

 

The dark Web has the capability to host an escalating number of malicious services and activities, and new major marketplaces will inevitably arise. To cope with future occurrences as promptly as possible, security professionals and law enforcement agencies must remain watchful to develop new approaches for detecting emerging malicious activities.

 

Do You Have Any Questions about Dark Web Crimes?

Whether you were unjustly trapped in a Dark Web criminal investigation, had your privacy violated, or simply want a good defense to your charges, you have the entitled to legal assistance. A lawyer with experience in such cases would understand the complexities of both the law and the technology involved.

 

At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers who can provide legal support and advisory services relating to cybercrime, particularly Dark-web related crimes.

 

Our Cyber lawyers handle cybercrime cases that involve individuals, organizations, or the government, as well as cases involving e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, and other topics.

 

Please do not hesitate to contact OAL’s Cyber Lawyers if you have any questions about internet technologies or cyber crimes in Nigeria.

 

 

---

Written By:

Josephine Uba

Lead Digital Strategist, Olisa Agbakoba Legal (OAL)

While banks and other financial institutions are prohibited from dealing in cryptocurrencies in Nigeria, cryptocurrency has not been termed illegal, but it is unregulated. Engaging in cryptocurrency transactions does not constitute illegal activities, but what  the user does with the cryptocurrency in the transaction determines whether it is unlawful or not. No specific regulation in Nigeria has declared cryptocurrency trading illegal or criminalized it.

 

The Central Bank of Nigeria (CBN), Nigeria’s financial market’s regulator, does not recognize cryptocurrencies and hence does not have a regulatory framework or licensing regime in place for cryptocurrency operators. According to CBN in a circular issued to banks and other financial institutions on January 2017 about cryptocurrencies or virtual currency operations in Nigeria, cryptocurrencies are largely untraceable and anonymous, and they are vulnerable to abuse by criminals, particularly in money laundering and terrorism financing.

 

The Central Bank of Nigeria (CBN) has recently sent a letter to banks and other financial institutions in February 2021, stating that trading in cryptocurrencies and enabling payment for cryptocurrency exchanges are banned. The CBN also directed all banks and other financial institutions to identify and cancel the accounts of individuals or businesses who deal in cryptocurrencies or run cryptocurrency exchanges.

 

The CBN claimed that cryptocurrencies are created by unregulated and unregistered companies, and hence usage in Nigeria violated existing laws since they are not legal money. CBN also recognized cryptocurrency anonymity as a problem. It said that the anonymity and absence of KYC rendered cryptocurency vulnerable to illicit usage, such as money laundering and terrorism funding. Another rationale was the volatility of cryptocurrencies, which it claimed jeopardized the stability of other countries’ financial systems.

 

In response to the CBN’s instruction, banks have begun to identify and deactivate accounts of people having cryptocurrency exchange inflows/outflows. It is unclear if impacted customers will be able to reestablish accounts with their banks in the future.

 

The Securities and Exchange Commission (SEC), which initially announced its intention to regulate “digital assets such as cryptocurrencies,” recently stated that it would collaborate with the CBN to analyze and better understand the identified risks of cryptocurrency in order to ensure that appropriate regulations are in place if cryptocurrency transactions are permitted in the future.

 

Regulation of Cryptocurrency in Nigeria

It has been discovered that the link between anonymity, cryptocurrency, and criminality stems from the fact that the usage of cryptocurrency exposes users to cyber-attacks such as Denial of Service (DoS) assaults, theft, release, or modification of sensitive data. Furthermore, the anonymity offered by cyberspace allows for a lack of self-regulation, which may result in unethical conduct.

 

There are a number of criticisms leveled at cryptocurrencies, the most common is the link to criminal activities associated with its use. It has also been shown that the nature of cryptocurrencies makes them ideal for a variety of criminal operations such as money laundering, tax evasion, drug trafficking, and so on.

 

Unfortunately for regulators, cryptocurrencies are built on the idea of decentralization, which means that they are intentionally designed in a way that prevents them from being controlled by a central authority in the same way that traditional currencies are. At present, there is no standard worldwide framework to regulate virtual currencies. Its regulation is largely dependent on the efforts of individual countries.

 

In response to cybercrime, the usage of cryptocurrency has generated global concerns about consumer data protection. The “Cybercrimes (Prohibition and Prevention) Act, 2015” has a significant impact on cyber law in Nigeria. This Act creates a comprehensive legal, regulatory, and institutional framework in Nigeria to prohibit, prevent, detect, prosecute, and punish cybercrime. The Act also encourages cybersecurity and protection of computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights, as well as the protection of important national information infrastructure.

 

According to the Nigerian Cyber Crime (Prohibition, Prevention) Act 2015, all financial institutions, including Fintech companies, must verify the identity of customers involved in electronic transactions, integrate and implement know-your-customer (KYC) processes, and keep all subscriber data safe for two (2) years.

 

Furthermore, the Consumer Protection Framework of the Central Bank of Nigeria (CBN) mandates all financial institutions regulated by the CBN to preserve private consumer data and adopt measures to prevent unlawful disclosure of such data. However, there is a distinction to be made between data protection and untraceable data.

 

Globally, data protection regulations are designed to protect consumers’ personally identifiable information. This implies that the information may be traced back to specific individuals, and the financial institutions concerned are obligated to make this information accessible when requested to do so by a law enforcement agency. 

 

The use of crypto-currency extends beyond data protection and into the world of untraceable data. Several governments have prohibited the use of crypto-currencies inside their borders, while others have warned the public against it, claiming that crypto-currencies cannot be controlled, while yet others have approved the usage of these digital currencies and subjected their use to Fintech laws.

 

The Securities and Exchange Commission (SEC), the main regulatory body for the Nigerian capital market,  issued a statement on Digital Assets, their classification and handling, with  primary concern on cryptocurrency regulation in Nigeria. The Commission stated that it would regulate innovation in the crypto currency sector in three ways: safety, market deepening, and providing solutions to issues that will lead its regulations, strategy, and interactions with innovators seeking legitimacy and relevance in this growing industry.

 

As a result, the SEC published regulatory guidelines for digital currencies and crypto-based companies or startups, indicating that they will supervise crypto-token or crypto-coin investments where the nature of the investments qualifies as securities transactions.

 

According to the Commission’s statement, the regulations’ goal is not to impede technology or innovation, but to establish norms that encourage ethical behavior. In a previous statement, the SEC warned stakeholders and the investing public against dealing with fraudulent, unregistered investment schemes and capital market operators, particularly those making bogus investment and unjustifiable return claims, and advised the public to tread carefully to avoid being swindled.

 

Despite repeated warnings, the CBN took significant measures by forming a committee to examine and define a road map for blockchain and cryptocurrency regulation, as well as the potential safety when utilized as a valuable asset in accordance with global practices.

 

Nigeria is yet to establish a legal framework or legislation for cryptocurrencies or crypto exchanges; nevertheless, there is a strong desire to do so very soon. Following the actions of the CBN and SEC, Nigerian lawmakers have asked the regulatory bodies to expedite efforts to establish a legal framework for crypto currencies in the country.

 

In Conclusion:

Almost every financial transaction in the world has legal ramifications, and cryptocurrency is no exception. The uniqueness of the currency has undoubtedly contributed to the problems connected with its global regulation. 

 

With these changing global financial trend, Nigeria’s financial regulatory agencies should take the lead in building a solid financial system and regulation that would accept contemporary technology. And, despite the potential for abuse connected with crypto currency trade, it should not be rejected in its entirety; rather, rigorous regulations should be put in place to limit its misuse.

 

Meanwhile, by claiming that cryptocurrencies are not legal tender in Nigeria, the Central Bank of Nigeria (CBN) is essentially indicating that cryptocurrencies are not officially recognised as money in Nigeria, but that they are not unlawful.

 

Aside from the influence of the Cyber Crime Act 2015, the Securities and Exchange Commission (SEC) cooperating with the Central Bank of Nigeria (CBN) to regulate cryptocurrency trading is a laudable effort toward building a legal framework for cryptocurrencies in Nigeria. More regulatory action is required.

 

At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers that can provide legal support and advisory services relating to cybercrimes including cryptocurrency-related attacks.

 

Our Cyber lawyers deal with issues of cybercrimes against individuals, companies or the government, and handle cases related to e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, etc.

 

Feel free to Contact OAL’s Cyber Lawyers to discuss issues relating to internet technologies and cybercrime in Nigeria.

 

 

---

 

Written By:

Josephine Uba

Lead Digital Strategist, Olisa Agbakoba Legal (OAL)

With the growth of various forms of cryptocurrencies and their increasing value, cybercriminals are fast moving their focus from ransomware to cryptojacking due to the reduced risk and larger possibility for financial gain. Cryptojacking, which is less difficult and less detectable than ransomware assaults, allows attackers to mine for cryptocurrencies using compromised computing devices and networks.

 

Cryptojacking, also known as cryptomining, is a new online threat that focuses on cryptocurrency on computers, mobile devices, and data networks. This approach mines all kinds of online currency using a machine’s own resources, takes over web browsers, targets small cryptocurrency farms, and compromises a variety of devices.

 

The main motivation for cryptojacking techniques is to exploit weaknesses in network infrastructure and obtain as much cryptocurrency as possible before being discovered. However, unlike many other online risks, cryptojacking can go completely undetected by users. And, in the age of COVID-19, when more people than ever are at home and online, purchasing more items using their phones and laptops, the potential of new cryptojacking attempts is growing.

 

Have you ever noticed that your computer is running slowly while viewing certain websites, or that the processor fan is producing noise and the CPU usage hits 100%? You are most likely a victim of a crypto-jacking attack.

 

Malicious bitcoin mining was not even identified as a cybersecurity issue just a year ago. In the first quarter of 2018, cryptocurrency miners surpassed ransomware as the most common cyberthreat.

 

Over the last year, cryptojacking has consistently made news as hackers moved their focus away from traditional approaches and toward this “compromise and profit” strategy. The cryptojacking problem has spread so far that Google has stated that it would block all cryptomining extensions from the Chrome Web Store.

 

More than 55% of businesses worldwide have been subjected to crypto mining attacks. Cryptojacking occurs everywhere — on websites, servers, PCs, and mobile devices. Mining cryptocurrencies on other people’s devices has surpassed ransomware as the preferred tactic for extorting money online. Gangs are working hard to convince you to click on a malicious link in an email that loads crypto mining malware on your computer; sometimes, they just utilize web ads containing JavaScript code that auto-executes once loaded in the browser. 

 

Here’s what you need to know about cryptojacking, how it affects your online security, and how to safeguard your business and personal computers from being used maliciously.

 

Cryptocurrency Terminologies You Should Know:

Before we can delve into Cryptojacking in details, let’s look at these basic cryptocurrency terminologies we need to understand: 

 

What is Cryptocurrency?

Cryptocurrencies are digital currencies that are encrypted and can be used to make online payments in exchange for products and services. These cryptocurrencies are formed by the use of blockchain technology, which combines computer programs and computer processing power.

Bitcoin was the first cryptocurrency, and is still one of the most valuable digital currencies. However, while Bitcoin is the most well-known cryptocurrency, it is not anonymous, and payment activity may be tracked as it flows back and forth.

 

Cryptojackers often concentrate their efforts on cryptocurrencies with more anonymity, such as Monero, Ethereum, and Zcash. Cryptocurrencies have also resulted in the development of ancillary sectors such as cryptocurrency IRAs and crypto digital wallet companies.

 

What is a Blockchain?

A blockchain is an information chain that timestamps digital transactions so they cannot be duplicated or backdated. The blockchain ledger is accessible to everybody. Each block in a cryptocurrency blockchain stores facts and data about a transaction, such as the recipient and sender, the number of coins involved in the transaction, and a cryptographic hash. Cryptominers generate these hashes by utilizing a hash function, which is a mathematical calculation that turns data into a string of 64 characters.

 

When a user wishes to transmit money to another user, the transaction is included in a block, which is disseminated around the network and confirmed. Following verification, the block is added to the chain and becomes a permanent record that cannot be altered, with the bitcoin sent to the receiver.

 

The security of blockchains stems from the fact that there is only one record of the digital transaction, as opposed to two separate databases in the case of ordinary online transactions.

 

What is Cryptomining?

Cryptomining is the exchange of computer processing cycles for money (cryptocurrency). Cryptomining is the process of adding cryptocurrency transactions to the blockchain ledger, which keeps a time-stamped record of the activity. A cryptocurrency miner refreshes the blockchain and validates that the information is authentic every time a bitcoin transaction occurs.

 

Cryptominers do this mining process by using high-powered processing servers and specialized hardware to compute and use a hash function that permits the block to join the blockchain, earning their own cryptocurrency in return. While cryptocurrency values are roughly one-third of what they were a year ago, hackers can still make money by cryptojacking, which involves stealing the computational capabilities of unknowing victims with far less chance of detection than other types of cybercrime.

 

What is Cryptojacking?

Cryptojacking is malicious cryptomining that occurs when cybercriminals gain access to commercial and personal computers, laptops, and mobile devices in order to install software. This program mines for cryptocurrencies or steals cryptocurrency wallets from unsuspecting victims by utilizing the computer’s power and resources. The code is simple to install, runs in the background, and is tough to detect.

 

Hackers can hijack the resources of any computer with just a few lines of code, leaving unsuspecting users with slower computer response times, increased processing utilization, overheating computer devices, and higher electricity bills. Hackers utilize these resources to steal cryptocurrencies from other digital wallets as well as to use hijacked computers to mine precious coins.

 

The basic notion behind cryptojacking is that hackers use company and personal computer and device resources to mine for them. Using these hacked machines, cybercriminals siphon the currency they earn or steal into their own digital wallet. These stolen machines are jeopardized by a slowing of CPU function and increased use of electricity for processing.

 

How CryptoJacking Started and Why It is Becoming a Popular Technique for Cybercriminals

Cryptojacking initially surfaced in September of 2017, when Bitcoin was at its peak. The code released on the website of the company Coinhive, which shut down in early 2019, was meant to be a mining tool for website owners to passively make money — an alternative to displaying ads on their site for income. Cybercriminals, on the other hand, discovered they could use this code to embed their own cryptomining scripts. They were able to mine for the cryptocurrency Monero using the computer power of website users, which has subsequently been implicated in additional cryptojacking investigations.

 

 

Varonis Unveils Monero Cryptojacking

Cryptomining malware is getting more difficult to detect. A Varonis Security Research team found a new type of malware that was likely utilized in cryptojacking for Monero coin during a recent examination into a cryptomining infestation. According to research, the virus was causing network slowdowns and instability, both of which are indicators of cryptojacking that may be difficult to detect.

 

Attackers like Monero for two reasons:

• Monero was meant to be mined using standard PCs — no sophisticated, super-powerful hardware is required.
• Monero, like many other cryptocurrencies, is anonymous, which makes tracing the attacker extremely difficult.

 

Cryptojacking Poses Less of a Risk to Cybercriminals.

Cryptojacking is getting increasingly popular among cybercriminals. The software utilized is less difficult to deploy and more difficult to detect than traditional hacking approaches. Premade software programs are easily obtained online, and once infected, the cryptomining code operates behind the scenes and can go unnoticed for a long time.

 

When cryptojacking is identified, it is extremely difficult to track down the hacker. By this point, hackers have freely collected and spent their illegal cryptocurrency earnings, leaving businesses with undesirable repercussions such as slower network performance and the financial impact of having to debug computer failures.

 

How Does Cryptojacking Work?

Cybercriminals hack devices in order to install cryptojacking software. In the background, the program mines for cryptocurrencies or steals from cryptocurrency wallets. Unknown to the victims, their devices are used normally, though they may notice reduced performance or delays.

 

Hackers have two major methods for accessing a victim’s device and secretly mining cryptocurrencies:

1. By convincing the victim to click on a malicious link in an email, cryptomining malware is loaded into the computer.
2. By infecting a website or online ad with JavaScript code that executes automatically once the victim’s browser is loaded.

 

Hackers frequently employ both approaches in order to maximize their profit. In both situations, the malware installs the cryptojacking script on the victim’s device, which runs in the background while the victim works. Regardless of the approach chosen, the script does complicated mathematical problems on the victims’ devices and transmits the results to a server controlled by the hacker.

 

Cryptojacking scripts, unlike other forms of malware, do not harm computers or the data of victims. They do, however, steal computer processing resources. Slower computer performance may just be a nuisance for individual users. However, cryptojacking is a problem for businesses since companies with a large number of cryptojacked systems pay real costs. As an example:

• The use of help desk and IT resources to troubleshoot performance issues and replace components or systems in the goal of resolving the issue.
• Increased electricity costs.

 

Some cryptomining programs include worming capabilities, allowing them to infect other network devices and servers. This makes them more difficult to detect and eliminate. These scripts may also check to determine if the device has previously been infected with rival cryptomining malware. If the script detects another cryptominer, it disables it.

 

In the early days of cryptomining, several online publishers attempted to monetise their traffic by requesting permission from users to mine for cryptocurrencies while on their site. They framed it as a fair trade: users would enjoy free material while the sites mined on their computers. On gaming websites, for example, users may remain on the page for some time while the JavaScript code mines for coins. The cryptomining would then stop when they left the site. This strategy can succeed if sites are open about what they are doing. The challenge for users is determining whether or not sites are being truthful.

 

Malicious versions of cryptomining, known as cryptojacking, do not seek for permission and continue to operate long after you leave the initial site. This is a strategy employed by the proprietors of questionable websites or hackers who have infiltrated reputable websites. Users have no awareness that a website they visited has been mining bitcoin on their computer. The code consumes only enough system resources to go unnoticed. Although the user believes that the visible browser windows have been closed, a hidden one remains active. It is frequently a pop-under that is scaled to fit beneath the taskbar or below the clock.

 

Cryptojacking may infect Android mobile devices using the same ways that it can infect desktop computers. Some assaults are carried out using a Trojan disguised in a downloaded program. Alternatively, consumers’ phones may be routed to an infected website, which leaves a persistent pop-under. While individual phones have limited processing power, when attacks are carried out in large numbers, they give enough aggregate strength to warrant the cryptojackers’ efforts.

 

How To Detect Cryptojacking : Identifying the Signs of Cryptojacking

Cryptojacking has the power to disrupt your entire business operation. It can be difficult to determine which of your systems has been compromised. The coding in cryptomining scripts can readily elude discovery, therefore you and your IT team must be exceedingly watchful.

 

Here are some techniques for detecting cryptojacking before it’s too late:

• Performance Decline

One of the most common signs of cryptojacking is a decline in the performance of your electronic devices. This encompasses PCs, laptops, tablets, and mobile devices. Slower systems can be the first symptom of cryptomining; train your personnel to report any decrease in processing to IT.

 

• Overheating

The resource-intensive technique of cryptojacking can cause computing devices to overheat. This can cause computer harm or limit their lifespan. Fans that run for longer than necessary in an attempt to cool down the system are also related to overheated equipment.

 

• Inspect the CPU Usage

You can have your IT team monitor and analyze CPU utilization, or you can do it yourself for personal computers. This can be accomplished by utilizing the Activity Monitor or Task Manager. If there is a spike in CPU utilization when people are on a website with little or no media content, it is a hint that cryptomining scripts are executing.

 

• Keep an eye on your websites.

Cybercriminals are hunting for websites where they may embed cryptomining code. Check your own websites on a regular basis for modifications to webpages or other files on the web server. This early identification can keep your systems safe from cryptojacking.

 

• Battery Drain

The battery of a compromised device usually drains quickly.

 

• Malware Scanning

Malware designed for cryptomining consumes system resources in the same way as cryptojacking scripts do. Malware, like CryptoLocker, can infect computers, encrypt files, and hold them for Bitcoin ransom. Scan your security software for malware to assist in identifying these malicious programs. To identify a cryptojacking assault, you can also use software such as PowerShell.

 

Tips and Tactics for Preventing Cryptojacking

Although it is difficult to identify whether your computer system has been hijacked by cryptojacking, there are certain precautions you may take to secure your computer and networking systems, as well as your personal crypto-assets:

 

• Use a strong cybersecurity software: 

A robust cybersecurity software will aid in the detection of threats across the board and can defend against cryptojacking malware. It is far better to install security before becoming a victim, just as it is with all other malware measures. It’s also a good idea to install the most recent software updates and patches for your operating system and other programs, especially web browsers.

 

• Be aware of the most recent cryptojacking trends: 

Cybercriminals are continuously changing code and devising new delivery ways to install updated scripts into your computer system. Being vigilant and up to date on the newest cybersecurity risks may assist you in detecting cryptojacking on your network and devices, as well as avoiding other forms of cybersecurity attacks.

 

• Educate Your IT Workforce

Cryptojacking should be understood and detected by your IT team. They should be alert to the first symptoms of an assault and take prompt action to conduct additional investigation.

 

• Educate Your Employees

Employees must notify IT staff when computers are functioning slowly or overheated. Employees must also be trained on cybersecurity issues, such as not clicking on links in emails that run cryptojacking code and only downloading from reputable sources. Personal email on your own devices is subject to the same restriction.

 

• Use Anti-Cryptomining Extensions

Web browsers are frequently used to run cryptojacking programs. Browser extensions like minerBlock, No Coin, and Anti Miner may be used to block cryptominers throughout the web.

 

• Use Ad-blocking Extensions

Cryptojacking scripts are commonly included in web browsers. Ad-blocking browser extensions can be used to identify and prevent malicious cryptomining code.

 

• Disable JavaScript

Disabling JavaScript when surfing the web can help keep cryptojacking malware from infecting your machine. Remember that deactivating JavaScript will prevent you from using many of the functions you use when surfing.

 

• Block Websites that are known with Cryptojacking Scripts:

To avoid cryptojacking while browsing websites, ensure that each one is on a properly reviewed whitelist. You can also block cryptojacking-related websites, however this may still expose your device or network to new cryptojacking pages.

 

In Conclusion:

Cyptojacking is a disruptive and harmful attacking tactic that can result in a variety of negative effects. Your business requires a proactive method to prevent this attack from converting your website or content into a potentially unsafe environment for users.

 

Businesses should never underestimate the damage that malicious mining can cause. To reduce threats, they must implement dependable security solutions across all devices, including public terminals, IoT devices, and anything else with an internet connection.

 

To explicitly protect against cryptojacking attacks, it is also required to monitor processor activity across all endpoints, including those hosted in the cloud. Finally, keep an eye out for any frequent queries to IP addresses associated with cryptocurrency mining pools. By taking these measures, you can keep your computers working for you rather than for someone else.

 

At Olisa Agbakoba Legal (OAL), we have skilled and experienced cyber lawyers that can provide legal support and advisory services relating to cybercrimes including cryptocurrency-related attacks.

 

Our Cyber lawyers deal with issues of cybercrimes against individuals, companies or the government, and handle cases related to e-commerce, e-contracts and digital signatures, intellectual property rights, cybersecurity, etc.

 

Feel free to Contact OAL’s Cyber Lawyers to discuss issues relating to internet technologies and cybercrime in Nigeria.

 

 

---

Written By:

Josephine Uba

Lead Digital Strategist, Olisa Agbakoba Legal (OAL)

The disruption of robo-advisors in Nigeria as new market players in the financial sector is posing new issues for regulators in the short term. As a result, it is vital that regulators address certain critical factors in order to design and implement effective regulation of robo-advisory services in Nigeria. 

 

The Securities and Exchange Commission (SEC) recently released its “Proposed New Rules on Robo-Advice Services” (the “Rules”), which indicates a step forward towards improving investments and financial services in Nigeria.

 

The application of digital technologies to all aspects of human life, the development of Robotics, AI, and Blockchain1 are being regarded as “the next big thing” due to the numerous possibilities that they imply for the future of the economy and its various sectors, particularly those relating to investment and financing.

 

Start-ups associated with digital financial advising and asset management, known as robo-advisors, are among the numerous disruptors through these innovative approaches to the economy that use modern technologies.

 

Robo-Advisory services are often taking a sloppy approach in Nigeria, as these robo-Advisors offer their clients with enough information to enable them to make informed financial decisions. 

 

Robo-advisors have capitalized on many consumers’ skepticism of large banking corporations and are thus offering simpler ways to invest, usually by smartphone or through their websites, providing their customers with services accessible 24/7 at a low operational cost. 

 

Fintech, or financial start-ups that use robotics and artificial intelligence, is increasing by the second in all regions of the world, generating new financial product and tools while always attempting to prosper and meet the demands of their clients. And in doing so, they are shaping the present and future of finance, and, eventually, the global economy.

 

The deployment of technologies in the regulatory and normative domains is a step further from these new financing opportunities. One of the key benefits that start-ups have over banking corporations is the relative absence of regulation, as compared to the extensive surveillance that banks face. 

 

In this sense, so-called “Regulatory Technologies,” are intended to enable better and more efficient compliance processes, solving legal requirements in a more cost-effective and secure manner, and banks and other investment players have their sights set on these innovative solutions for their legal concerns.

 

The goal of this article is to provide a broad framework for a better understanding of the current legal situation of Robo-Advisory and to understand Robo-Advisory from a legal standpoint, while taking into account the “SEC Proposed New Rules on Robo-Advisory Services in Nigeria.

 

 

The Basic Meaning and Role of Robo-Advisors

The general definition of Robo-Advisers (also spelt Robo-Advisor) is that they are digital investment advisory platforms that provide automated, algorithm-driven financial planning services with little to no human supervision. In a simpler language, a robo-advisor can been seen as an algorithm that provide investment services to an investor.

 

A typical Robo-Advisor collects information from investors about their financial situation and future goals and then uses the data to offer advice and automatically invest its client assets in stocks and other financial instruments.

 

Statistics released in 2020 showed that Robo-Advisors managed more than $460 billion leading analysts to predict that Robo-Advisory services will become a $1.2 trillion industry by 2024. This shows that Robo advisory is an impending sector.

 

Robo-Advisors offer investment advice for lower costs and fees than traditional advisory programs, and in some cases, require lower amounts to open an investment account with them than traditional investment adviser.

 

 

Reasons Behind The Emergence of Robo-Advisors

Robo-advisors are a response to the financial markets’ increasingly complicated and diverse collection of services and instruments. On the one hand, as the financial sector has become more complicated, new regulatory requirements have evolved, and their highly technical criteria can be easily met by non-human advisers and managers (robots).

 

When it comes to big data research and management of their clients’ and products’ information, robo-advisors, on the other hand, provide an absolute competitive edge for its users and financial institutions.

 

For both of these reasons, we can say that robo-advisory is a response to complexity that already allows its users to perform two functions: first, it helps them to comply with legal requirements (compliance) and manage a larger number of customers in an increasingly complex environment.

 

Other market participants will be unable to comply with the new legal regulations at this level without robotic support and its applications in algorithmic trading because existing and future financial regulation is based on knowing one’s own clients and the items advised or managed (information duties, transparency, suitability and conven-ience test, customer profiling etc.).

 

Second, robo-advisors benefit from economies of scale (since they can manage thousands of consumers with thousands of products, assets, and portfolios) and, thanks to algorithmic trading, they can transform the financial business into a low-cost model with a higher level of legal compliance.

 

However, while robo-advisors fix many present problems and improve market efficiency, they introduce new hazards and regulatory challenges that are not being addressed adequately. As a result, it is necessary to consider an optimal legal framework for robo-advisors that is based on two aspects: the adoption of legal entities for them based on their operations; and an effective control of data and risk management, because otherwise we could witness a scenario of new systemic risks due to the algorithmic trading performed by these software and digital technologies. 

 

 

Regulatory Framework for Robo-Advisor in Nigeria 

Whilst there is no specific regulatory framework for Robo-Advisor, however the Securities and Exchange Commission in its attempt to show the progression of certain aspects of the Nigerian Legal framework on financial advisory services published the “Proposed New rule on Robo-Advisory Services (the “Proposed Rules”)” marking the first regulatory framework for digital investment advisory services providers in Nigeria.

 

 

The SEC Proposed Rules for Robo-Advisory Service in Nigeria  

Robo- Advisor is the first phase of larger regulatory frameworks that include digital assets, offerings and intercontinental, borderless trading on emerging securities.

 

It is a general rule that regulations are indispensable to the proper function of economies and societies. They create the “rules of the game” for citizens, business, government and civil society. They underpin markets, protect the rights and safety of citizens and ensure the delivery of public goods and services.

 

This is why the Security and Exchange Commission in a bid to match the global evolving investment tech ecosystem that is garnering a lot of following and usage, released its Proposed New rule on Robo-Advisory Services (the “Proposed Rules”).

 

The framework brings digital or “Robo”advisors under the regulatory purview of Securities and Exchange Commission (SEC), Nigeria’s apex capital market regulator.

 

The provision of the proposed Guidelines shall be applicable to all Capital Market Operators and persons (Individual & Corporate) offering or seeking to offer Digital (Robo) Advisory Services in the Nigerian Capital Market.

 

The Proposed Rules mandate that apart from complying with Rule 96 of the Securities and Exchange Commission Rules and Regulations, 2013, which provides for registration requirements of Corporate and Individual Investment Advisers, the Robo-Advisor is required to comply, on an ongoing basis, with all the applicable business conduct requirements set out in the Investment and Securities Act (“ISA”) and the Rules and Regulations, Notices and Guidelines issued pursuant to the ISA.

 

To avoid conflict of interest, “Robo” advisers are required to comply with the disclosure requirements on conflicts of interest set out in the Code of Conduct for Employees of Capital Market Operators as well as disclose in writing to their clients, any actual or potential conflict of interest arising from any connection to or association with any product provider, including any material information or facts that may compromise their objectivity or independence.

 

Although Robo-Advisory technology exists, there are varying degrees of human interface and influence on the functionalities of this novel technology. This appears to be the rationale for SEC’s decision to seek to hold humans accountable in the deployment of algorithm/artificial intelligence-based financial advisory services.

 

I also believe that the SEC believes Robo-Advisory services may soon be available to Nigerians with the plethora of wealthy tech companies in the ecosystem who are constantly innovating. Therefore, SEC may be seeking to create a regulatory environment in which Robo-Advisors can thrive and collaborate with the apex securities regulatory body in Nigeria to foster an adoption of technology-driven products by Nigerians.

 

 

In Conclusion:

It is pertinent to state that the disruption of Robo-advisors as new market players in the financial sector are bringing new challenges that the regulators must face in the short term. For this reason, at this time, it is necessary to delve into some key aspects that regulators should consider in order to create and implement efficient regulation of this new phenomenon:

–         As regulators gain confidence in their capacity to assess and monitor robo advisors, and as robo advisors become a major force in the market, there may be less need for direct regulation of the forms and features of consumer financial products.

–        Provisional ideas about how financial services regulation could facilitate quality-based competition and diversity among robo-advisors to ensure the performance of intermediaries who use robo advisors increasingly exceeds that of their unassisted competitors. 

 

 

---

 

Written By:

Ebunoluwa Bayode Ojo

Associate, OAL