While news of Obinwanne ‘Invictus’ Obi pleading guilty to fleecing unsuspecting victims in the US of $11 million deepens Nigeria’s image problem abroad, it also calls for a better approach to policing the country’s cyberspace.
According to a statement from the US Department of Justice Eastern District of Virginia, the 32 years old Obinwanne Okeke and other conspirators engaged in a conspiracy from approximately 2015 to 2019 to conduct various computer-based frauds. The conspirators obtained and compiled the credentials of hundreds of victims, including victims in the Eastern District of Virginia and elsewhere. As part of the scheme, Okeke and others engaged in an email compromise scheme targeting Unatrac Holding Limited, the export sales office for Caterpillar heavy industrial and farm equipment. In April 2018, a Unatrac executive fell prey to a phishing email that allowed conspirators to capture login credentials. The conspirators sent fraudulent wire transfer requests and attached fake invoices. Okeke participated in the effort to victimize Unatrac through fraudulent wire transfers totaling nearly $11 million, which funds were transferred overseas.
Unatrac Holding Limited, the UK Export Sales office for Mantrac Group had filed a report with the FBI in June 2018 stating they had been compromised via a phishing email that fraudulently acquired sensitive log-in details of their Chief Financial Officer (CFO).
Following his guilty plea, Okeke faces a maximum penalty of 20 years in prison when sentenced on October 22.
His prosecution is one of many other cyber-related cases involving Nigerian nationals that investigators in the US have stepped up in recent times. In June, Ramoni Igbalode also known as Ray Hushpuppy, a Dubai-based Nigerian celebrity was arrested by the International Police (Interpol) and the Federal Bureau of Investigation (FBI) in connection with a $35 million ventilator scam.
Nigeria ranks among the top ten countries in the world where cyber crimes originate from. The country is notorious for scams and phishing emails. In addition to these scams, groups of young disenchanted and unemployed and relatively tech-savvy individuals spend significant amounts of time establishing online fraud schemes.
Between 2017 and 2018, Nigeria is estimated to have lost N250 billion ($649 million) and N288 billion ($800 million) respectively to cybercrime. There is also an unquantified cost to national reputation.
“Land in any country today and our atrocities herald our presence. It took a friend going to about 10 banks before an account could be opened for him during the Invictus Obi saga,” said Eghosa Ewone, a supply chain executive.
The cyberspace in Nigeria is governed by the Cyber Crime Act of 2015. Under the Act, hackers if found guilty, of unlawfully accessing a computer system or network, are liable to a fine of up to N10 million or a term of imprisonment of 5 years (depending on the purpose of the hack). The same punishment is also meted out to internet fraudsters who perpetuate their acts either by sending electronic messages, or accessing and using data stored on computer systems.
The Act also makes provision for identity theft with the punishment of imprisonment for a term of not less than 3 years or a fine of not less than N7 million or to both fine and imprisonment.
While the law exists, enforcement has been a major challenge. According to a 2018 Africa Cyber Security report for Nigeria, just 2.6 percent of 21.3 percent of reported cybercrime incidents to the police were successfully prosecuted. The report conducted by Demdiur and Serianu blamed low attribution and deterrent for the rising level of cyberattacks in Nigeria and other African countries.
Apart from not having sufficient deterrent, Kingsley Chibuzor and IT professional told BusinessDay that lack of updates on cybercrime policies has enabled the criminals.
“From a technology standpoint, we lack the infrastructure to effectively manage our people which might make it hard identifying these individuals on time. First, there is no consistent database of citizens in Nigeria. This in itself hampers the tracking and identification of individuals involved in these crimes,” Chibuzor said.
In February 2020, the Ministry of Interior in Nigeria said it has set up the Citizen data management and harmonization committee to collect and harmonise data on citizens with the objective of fighting insecurity in the country.
The ministry in a statement said it would use standard methods of data collection and would work with different government agencies to arrive at one database.
Enyioma Madubuike, a legal practitioner and Strategy Lead at Lawrathon said the collaboration with the private sector, especially the tech community in Nigeria, would also go a long way to reducing cybercrimes and enable authorities to build a better relationship with the community.
“The Nigerian tech ecosystem is still young but it must start thinking about gaining access to spaces where policy is being discussed and made. Tech leaders must plan to take spaces in the political spaces so that they are in the room when these discussions are being had,” Madubuike said.
