Kwabena Adu Koranteng writes on Combating Cybercrime in Ghana
Work with regional and international actors, including the US Department of State and Department of Justice, and the New Partnership for African Development, in capacity building to allow Ghana to bolster its cyber security capabilities.
Cybercrime is defined as an unlawful action against any person using a computer, its systems, and its online or offline applications. It occurs when information technology is used to commit or cover an offense. However, the act is only considered Cybercrime if it is intentional and not accidental.
A thorough and strongly enforced legal framework is critical for combating cybercrime. Given the transnational nature of these crimes, however, national laws that fail to consider international standards tend to prove myopic and thoroughly inadequate. Moreover, the reality is that many legal systems have not yet developed a modern approach for dealing with cybercrime.
The Convention on Cybercrime is, to date, the most comprehensive and effective global treaty on cybercrime. Working with treaty members to harmonize laws—that is, promulgating similar though not necessarily identical laws—is necessary in order to remove Ghana from the potential or actual group of criminal safe havens and facilitate global evidence collection efforts.
In a bid to efficiently combat cybercrime, Ghana ought to establish a central agency devoted to researching, articulating and coordinating cyber security policies. The new agency should develop a framework for implementing internationally recognized cyber security standards, conduct frequent benchmarking of the development of cyber security measures and consider establishing an accreditation process for certifying the preparedness of public and private organizations. Furthermore, there should be more efforts to coordinate and share cyber security assets between government agencies.
Work with regional and international actors, including the US Department of State and Department of Justice, and the New Partnership for African Development, in capacity building to allow Ghana to bolster its cyber security capabilities. These institutions have been specifically tasked with helping countries close capacity gaps and meet international standards.29 While the Ghanaian Police Service has been working closely with domestic consultants in improving its infrastructure, more can be done by the Ghanaian government with international collaboration to minimize vulnerabilities.
Create best practices guidelines in cooperation with the private sector to help Ghanaian industry deal with future criminal activities. This should include a streamlined, fully confidential pipeline of communication between government and business that allows the latter to report suspected criminal attacks without compromising the corporation’s reputation, media image or financial interests.
The priority should be on complete discretion and minimizing disruptions, so that private actors do not have a strong disincentive to report potential cyber attacks. The Ghanaian government can look to similar guidelines published by foreign law enforcements agencies, such as the US Department of Justice.
Ghana has one of the highest rates of cybercrime in the world, ranking 7th in a 2008 Internet Crime Survey. The most popular form of cybercrime in Ghana is cyber fraud and is typically achieved via credit card fraud. However, recent decreases in universal credit card usage has seen the expansion of other cybercrimes such as blackmail and hacking.
Cybercrime Attack Types
Cybercrime can attack in various ways. Some common cybercrime attack mode include Hacking: It is an act of gaining unauthorized access to a computer system or network.
Denial Of Service Attack:In this cyber attack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-mail box with spammy mail. Here, the intention is to disrupt their regular services.
Software Piracy: Theft of software by illegally copying genuine programs or counterfeiting. It also includes the distribution of products intended to pass for the original.
Phishing: Pishing is a technique of extracting confidential information from the bank/financial institutional account holders by illegal ways.
Spoofing: It is an act of getting one computer system or a network to pretend to have the identity of another computer. It is mostly used to get access to exclusive privileges enjoyed by that network or computer.
Cyber Crime Tools
There are many types of Digital forensic tools this include
Kali Linux: Kali Linux is an open-source software that is maintained and funded by Offensive Security. It is a specially designed program for digital forensics and penetration testing.
Ophcrack: This tool is mainly used for cracking the hashes, which are generated by the same files of windows. It offers a secure GUI system and allows you to runs on multiple platforms.
EnCase:This software allows an investigator to image and examine data from hard disks and removable disks.
SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and restoring these images to some other hard disks.
Data dumper:This is a command-line computer forensic tool. It is freely available for the UNIX Operating system, which can make exact copies of disks suitable for digital forensic analysis.
Md5sum:A tool to check helps you to check data is copied to another storage successfully or not.
Command line Tools
The most basic of all the command line tools would be PING. The PING program was written in 1983 by Mike Muuse, who at the time was working as an employee for the U.S. military. The author states that from his point of view, PING is not an acronym for Packet InterNet Grouper, but a reference to the sound a sonar makes as the ‘ping’ reflects and returns. The author wrote the program to help diagnose some odd network behavior he had encountered while troubleshooting a network.
The PING command sends a small packet of information containing an ICMP ECHO_REQUEST to the targeted computer, and if the computer receives the packet, it then sends an ECHO_REPLY packet in return.
Since its creation, PING has become an integral part of UNIX and many other operating systems to include Microsoft Windows and Linux and others. Over the years this simple innocuous bit of code has become synonymous with the Denial of Server (DoS) attack.
A simple Denial of Service attack is relatively harmless thanks to the advances in modern hardware design and better preventive measure but, when performed using a modern-day Distributed Denial-of-Service (DDoS) attack with a botnet of hundreds possibly thousands of highjacked computers, this attack can still be very effective.
In the early years of network computing, a simple DoS attack came to be known as the PING of Death.
To launch PING, we first open a command prompt for Windows or a terminal window in Linux. In the following example, we see a Windows command prompt has been open and at the greater than sign (>), we typed in the word PING followed by a forward slash (/) and a question mark (?). The ? mark shows us all the different variables we can use with the PING command.
Target Off-Target
In 2013, hackers got into popular retailer Target’s computer system, stealing more than 40 million credit card numbers and the personal information of more than 70 million Target shoppers. A few years later, we learned that Target spent more than $1.5 million on anti-malware software that could have halted the attack … if a certain feature of the software had been turned on. According to reports, Target’s security personnel were distrustful of the software and the rest as they say is history.
According to study.com, Today’s sophisticated off-the-shelf and open-source software options are efficient enough to protect businesses (and even individuals) from cybercrime attacks by malicious individuals hoping to steal data, money or both. That is, if the company or personal computer owner has them installed and the software is working properly.
Of course, software cannot, and should not, take the place of careful computer usage and common sense when emailing or surfing the web. You should always avoid opening suspicious email attachments, visiting sketchy websites, putting too much personal information online or clicking links if you’re not 100 percent certain where they lead. In short, security sense and security software go hand in hand.
Software to the Rescue
With so many security software options, it may be intimidating to figure out what types of software you need most and which can be left by the wayside. Here are a few critical pieces you should consider.
Password Management Software
If you’re constantly forgetting passwords, choosing passwords that are easy to guess or haven’t changed the same password you use across multiple devices and accounts, you are ripe for hackers. Password management software will save you from storing passwords where they can be easily stolen (i.e. on sticky notes or in your computer’s cloud system). You can use this software to let you select more complex passwords and securely store them in a protected system. Consider LastPass, Keeper or 1Password as software tools to accomplish this effort. They all have options available from just a few bucks a month for both businesses and individuals. This is a cheap safeguard for your online accounts.
Email Encryption Software
For businesses in particular, email is a quick and efficient way for colleagues to communicate, whether they are in the same building or halfway around the world. But email also presents one of the most common avenues hackers use in accessing their victims’ sensitive data and communications. Email encryption software encodes email messages and attachments from the time the originator hits ”send” until they reach the recipient, making it less likely that important contents can be hacked or accessed along the way. Symantec Desktop Email Encryption, PKWARE’s SecureZip and Virtru can help your business send emails securely. One option is to require a sender-generated password to open an email’s content.
Firewalls
A firewall may not sound like a type of software, but it is still an important barrier to protect your network from intrusion. This protective system watches both incoming and outgoing traffic on your network and blocks things it believes to be of a suspicious nature. This is a good way to keep employees from accessing harmful websites or allowing spam emails to hit workers’ inboxes, where malicious files may be unknowingly downloaded. A couple good (and free) firewall options include choices from ZoneAlarm, Comodo and, if you like a little more customization, OpenDNS.