Nigerian human digital bandits

When are our security agencies going to pay a closer attention to the activities of those I call human digital bandits (HDBs) who have perfected a new kind of criminality in Nigeria?

I received a rude shock the other day when my daughter narrated her ordeal at Area 1 Market in Abuja, FCT. She came to the market in a taxi. As she stepped out of the car and made to fish out money from her purse for the fare, the driver leaned over the passenger seat, shot out his hands and grabbed the handset she was holding loosely. And sped off without waiting for the fare. She was so shellshocked by the suddenness of this action that she could neither shout for help nor take note of the car’s registration plates. The taxi-thief vanished with her phone.

Going by what I had read about how to trace and recover stolen smartphones, I calmed her down and asked her to simply report to the police while we both tracked the movement of the phone through its IMEI number. We both felt confident that the tracking device and our collaboration with the police would lead to recovery of the phone. Four hours later, however, the IMEI number disappeared and the tracking of the phone came to an abrupt halt. Our quest had ended as quickly as it began. When I spoke to a techie friend of mine about it, I was told that Nigerian software developers now install a number of software applications that can be used to change IMEI numbers, hack into mobile device codes to override passwords and retrieve information, and carry out other fantastic activities. This would have been cause for celebration for us as a nation if only those fantastic leaps in tech software development were deployed only for good.

I reflected sadly that the McLuhanian prediction eight decades ago (that we are progressing to become extensions of the tools of technology) has proved true in a most dramatic fashion. But we are paying a heavy price for its unintended consequences. It was then that the famous analogue habits of Nigerian billionaires made sense. You’ve probably heard this persistent claim that two Nigerian billionaires, Aliko Dangote and Femi Otedola, prefer analogue handsets to using smartphones. If this were true, who will blame them? Once upon a time, our mobile phones were perfect working tools that made life easy – for work and for play. Today, we are slowly waking up to the reality that they could become a constant source of grief and sorrow. Apparently, the wily billionaires understood before most of us did the menace that smartphones posed to our peace and wellbeing. In the hands of digital thieves and web bots that crawl over Internet content, our material possessions and our privacy lay naked in the public square that the smartphone has become.

My daughter was lucky that the person who snatched her phone was a handset thief; someone interested in wiping out her information and hawking the handset for a quick naira. It could have been worse if it were someone mining for sensitive information. As government and corporate institutions continue to force citizens to take up biometric registrations and upload more and more sensitive data to cyberspace, the danger of infiltration and data stealing multiplies and escalates. We are told to guard these sensitive biometric data and not disclose them to third parties. Yet, all that a third party has to do is lay their hands on our handsets and our sensitive information will be laid out like broken china in the sun, to quote the poet. With this sensitive information, an unscrupulous third party (a thief) can easily steal our identity and use the information to hack into and wipe out our life’s savings from our bank accounts. This point bears repeating: our sensitive data are available to anyone who happens to pick up any protected and unprotected smartphone. For instance, how safe is Is our bank verification numbers from third parties? Anyone with access to a smartphone that receives bank transaction alerts can type *565*0# from the mobile phone and bring up the owner’s BVN number. The bank will charge the owner’s account N20 for this service to the thief! Are our national identification numbers (NIN) safe, do you think? Anyone who gets hold of a registered phone number for NIN can type *346# on the phone and retrieve the number. With these two numbers, human digital bandits (HDBs) can proceed to steal a citizen’s identity and break into the owner’s account to wipe out hard-earned savings.

We hear these things but many of us are not fully conscious of how vulnerable we can be with our smartphones as we pack more and more personal information into the devices. Many are still living with the euphoria of the past when smartphones did what their creators wanted them to do to improve life, work and play, without adopting the necessary security precautions that enable us to have a fighting chance when HDBs strike.

To be sure, most of us can’t do without smartphones nowadays. It has become the mobile alternative to a personal computer. It will continue to be a data storage device that enables us to store confidential data either on the smartphone or through the phone to the cloud. It continues to replace the post office as a quicker and faster channel to send and receive messages. Its marvelous capacity as a still, audio and video recording device continues to thrill us as we capture goofy moments and significant events, with the option to instantaneously upload them to the web for the world to admire. The smartphone has become our online banking teller for carrying out remote and real-time banking transactions, some with capacity to transfer and receive millions of naira at the touch of the button, anywhere we are in the world. As we travel by air or by road, Internet-enabled smartphones help us conclude financial transactions, make purchases in airport duty-free shops or buy cheaper fruits and vegetables from subsistent rural women at remote villages along the roads. For leisure, the smartphone continues to re-enact the old village square experience when adults meet to share great moments or children come out to play under the moonlight. With our smartphone, we keep in constant touch with individuals and groups. In major cities, we no longer need to stop to ask passersby for directions, when we can switch on our GPRS and have a strange voice guide us with accurate and real-time directions to our destinations. Can we ever forget our recent experience with the COVID-19 pandemic when smartphones made it possible for us to maintain social distancing while carrying on routine private, business and public sector transactions from our homes? This is why it is such a shame that this perfect tool has created a pathway to financial ruin and social disgrace for the unwary.

This unsavory turn of events is not the fault of the technology but of those who exploit the vulnerabilities to do harm. We now live with the reality that phone thieves who manage to separate any of us from our phones have the capacity to break open whatever security codes we have installed to steal our digital identity, which they can use to mine sensitive data and content. For instance, many kidnap victims testified how abductors were as keen on grabbing smartphones as they were on seizing the victims themselves. Our phones give them the intelligence they need to fix and negotiate “appropriate” ransom demands.

Is there a way out? The smart Nigerian billionaires who use “pure-water phones” went for a simple solution to protect themselves from digital thieves. The analogue phones they drag about has no capacity to store data, does not connect to the web, and is used only for one-on-one conversations. The ones I have encountered used “pure-water” and “torchlight” handsets and endlessly recycled their SIM cards – the same methods that bandits and kidnappers are using to avoid being tracked down by our security agents. The billionaires can afford to do this only because they employ thousands of digitally savvy staff who can dig up whatever data and intelligence they need and because they can call the banks to bring them cash or pay anyone they wish to settle. The rest of the struggling crowd simply cannot follow their lead. So, what should we do?

My techie friend says to me that I need to understand the nature of mobile security threats we face today and personally carry out preventive measures that I can as a non-technical person. And that I can read up other technical stuff on the Net that will help me implement security protocols or invite my digital native children to help out. He spoke of non-human bandits created as malware or spyware that also attack phones and must be checked, using a few safety measures that can also be found through Internet search engines.

It turns out that both human and technical bandits are after the same thing. They seek unauthorized access to our smartphones to perform a number of malicious actions, from stealing our log-in passwords and our identity to carrying out a number of harmful transactions – sending wire fraud (419) messages, calling our friends to ask for financial assistance, or raiding our bank account after uncovering vital details such as BVN and NIN with which they will access personal and corporate accounts.

There are three major ways that human bandits access our devices. They pick them up when we leave them unattended. We lose them in certain disorderly situations, such as a stampede, riot or demonstration. And we could be violently dispossessed in traffic, in our homes or in offices. The violent dispossessors are armed robbers, kidnappers, and highway bandits. Human bandits apprehended by the police have said that all they need is to lay their hands on a BVN user registered phone.

What this means is that everyone must be mobile security-conscious by taking elementary precautions. The first is to lock up our phones so that they are impossible to access. We can do this by using strong passwords, PIN or biometric authentication, which are inbuilt into Android and iOS devices. The second is to use encrypted applications and software to ensure that critical messages we send are not intercepted during transmission. The third is to constantly check and update our smartphones and applications. There are many other protocols that can be implemented but these are mainly for techies and digital natives – children and youth born into technology. The fourth is to be our neighbour’s keeper by picking up lost smartphones and giving them to authorities who will find and return them to their owners, rather than leave them for the bad ones to pick up.

None of the security measures, however, works if a bandit is holding a gun to the head and asking a victim to unlock passwords or PIN. In today’s world, it is good to buy the smartphone and show off but better to be alert to the reality that the information packed into it could become a source of pain, if the device falls into the hands of human digital bandits.