Know Your Adversary™: The Criminal Underworld in Nigeria
Having examined the underpinnings of Iranian culture and the nexus with its corresponding Advanced Persistent Threat (APT), we turn our eyes towards Africa. Often overlooked as an APT, elements of postcolonial realities in Nigeria have contributed to an advanced criminal underworld.
The unique criminal underworld in Nigeria is at least a half century old in its organization. It originated in the university system of the budding state. The colonial powers in Africa encouraged tribalism in the name of maintaining the unique local culture, while presenting themselves as the source of order. In the early 1950s, in order to unite the larger population of tribalist groups in universities, a group of students started a confraternity called the Pyrates, not unlike the Greek fraternities in the United States. In 1960, Nigeria gained independence, and over the course of the next twenty years, several other confraternities were created and thrived. In 1967 a three-year civil war broke out, followed by a series of military coups in the 1970s and 1980s. The military juntas involved in the coups encouraged further growth and expansion of the confraternities in order to keep a check on the opposition they received from university leadership, even to the point of arming them. These weapons were then used in conflicts between confraternities. The organizations expanded beyond the universities as religious cult practices emerged. Soon, initiation rites became sacred rituals, threats of death to those in violation of secrecy oaths became reality. Some confraternities dabbled with scamming, the drug trade, and human trafficking to supplement support received from the military government. With the end of military rule in the 1990s, some confraternities returned to their roots, while others further expanded their criminal practices and networks, taking root in other countries. In some cases, these organizations made tribute payments to more established mafia networks.
You may be familiar with the most common Nigerian scenario: A Nigerian prince or someone associated with the Nigerian oil company has heard from some of your colleagues that you are upstanding and trustworthy. He has written you a note asking you for a favor. In order to keep money that belongs to him or his people from being squandered, he needs your bank account number, into which he will deposit $350 million, then let you keep $2 million of that for your help. Once you provide him with this valuable detail, they drain your bank account, with the help of ‘transaction fees’ from complicit banks. This is one of the more well-known scams of Nigerian origin, an advance-fee scam, also known as a 419 scam, a reference to the section of Nigerian civil code that this violates. Most people recognize it from the early days of the internet, as email was increasing in popularity, but this scam goes back to at least the early 1980s via postal mail. People used to receive typed and handwritten correspondence, and they fell for this scam, just as they do now. The internet simply made it easier and cheaper for the proverbial fishermen to cast their nets over a wider area.
As people became more aware of advance-fee and catfish scams, the success rate plummeted. Around 2016, the “Yahoo boys” began to improvise, guessing passwords and purchasing breached credentials in order to gain access to corporate email, also known as a Business Email Compromise (BEC) scam. They would use this access to identify the business processes at a company, including invoicing procedures. Attackers would then send false invoices to be paid, and convince companies to initiate transfer of funds, sometimes of up to hundreds of thousands of dollars.
As the Yahoo boys gained strength, an Islamist group in northern Nigeria known as Boko Haram emerged. The promise of peace and order appealed to much of the populace tired of the decades of criminal activity and war. The organization declared Sharia law in territories under its control, and declared war against all other governments. They commenced a campaign of violent action against all western ideology, including the central government of Nigeria, to include bombings, kidnappings and assasinations. In 2012, the organization leaked the personal information of members of Nigeria’s intelligence service, threatening to kill them and their families. An investigation determined that the leaked information came from a cyber breach. Boko Haram continued their reign of terror in 2014, kidnapping 200 secondary school girls. Part of the central government’s response to the organization’s activities were attempts at appeasement. On 13 January 2014, the Nigerian government passed the Same-Sex Marriage Prohibition Act. This law, after a series of failed attempts in 2006 and 2011, not only outlawed same-sex marriage, but also declared any display of a same-sex amorous relationship illegal. Human rights groups cried foul, and the passage of this law resulted in an onslaught of hacktivist attacks against Nigerian websites, both government and non-government.
Cyberdefense is a nascent industry in Nigeria. Proper growth of robust defensive capabilities requires first-hand knowledge of offensive techniques, tactics, and procedures (TTPs). Assuming the industry does grow, does this mean that we could soon see ransomware developed by the next generation of “Yahoo boys?” or the likes of Boko Haram? We should remain vigilant, so that we can be prepared for malware developed or repurposed by organizations as geographically diverse and as wily as the Nigerian crime syndicates and terror groups. As always, the best option is to know your adversary.