Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Impact of Cybercrime and Cybersecurity on the
Education Community: Imperatives for CERT
Solutions
Professor Oliver E. Osuagwu
FNCS, FCPN, FBCS-CITP, MACM, MIEEE
Department of Information Mgt. Technology
Federal University of Technology, Owerri
Email: drosuagwu@yahoo.com Tel: 0803-710-1792
ABSTRACT
This paper has painted a developing scenario of the evolution of new type of war - the
internet cybercrime - which is bound to cause more destruction of greater magnitude
than the two past world wars! Cybercrime is real. It is becoming more complex and
continues to wreck disastrous consequences for the global economy. Cybercrime is now
threatening the very existence of Information Technology critical infrastructure, the
greatest human innovation after the industrial revolution. It is even causing near total
collapse of the education community, particularly in Nigeria, with over 90% of criminals
coming from this sector. Wrong value system has been identified as key factor
encouraging cybercrime in Nigeria and the desire to get rich quick without working for
it. Cyber crime is complex and committed mostly from remote locations making it
difficult to police. The absence of enabling law makes policing even more difficult. This
paper has proposed several recommendations including the development and deployment
of US-type CERT and the National Strategy to Protect Critical Information Technology
Infrastructure in the Cyberspace. The National Orientation Agency should now shift
focus to national re-orientation of the psyche of the whole population and particularly
the youths in post-primary and tertiary institution and to partents, towards raising crop
of children with strong religious training, belief and trust in God as well as the infusion
of religious training in the curriculum of our educational system at all levels. Cybersecurity awareness training should now constitute part of the school curriculum.
Government-Private sector partnership should be formed to develop appropriate
strategies towards cyber crime monitoring, control and prevention. This is the
responsibility of all citizens - government, private sector and individuals. The paper
contends that if action is not taken urgently, Nigeria will head towards self-destruct and
the African continent may turn out to become a desolate colony!.
KEY WORDS: cyberspace, cybercrime, e-commerce, computer crime, CERT
1
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
1.1
Introduction
Cyberspace refers to the interdependent network of information technology
components that underpin many of our communications technologies in place today. This
component is a crucial entity of the Nigeria’s and global economy critical infrastructure.
We use cyberspace to exchange information, buy and sell products and services, and
enable many online transactions across a wide range of sectors, both nationally and
internationally. No nation can progress without the use of Information Technology and
the cyber space. As A. M’bow, for UNESCO Scribe, rightly pointed out three decades
ago: “Information Technology has opened up such tremendous vista for modern societies
that any failure to master it would mean a life of permanent sub-ordination. For
information technology is more than a form of power, it is a power system. The
technology which it involves is not just one form of technology among others but an
ability to make use of other techniques to give or refuse access to a whole range of
scientific data and knowledge and thus to design new models of development”.[25].
Nigeria, nay, the African continent, cannot afford to be left behind.
Therefore, a secure cyberspace is critical to the health of the Nigerian economy
and to the security of the global economy. In particular, the Federal Government must
address the recent and alarming rise in online fraud, identity theft, and misuse of
information online. Computer crime is all crimes performed or resorted to by abuse of
electronic media or other, with the purpose of influencing the functioning of computer or
computer system. If the target of a crime is the computer, the computer is the tool of the
crime or computer is incidental to the crime, that crime is called a computer crime!
"Cybercrime”, for the purpose of this lecture, can be described as computer
viruses/malware, online credit card fraud, online hacking, online harassment, online
identity theft, online scams (i.e., fraudulent lotteries/employment opportunities), online
sexual predation and online phishing. Thus, Freeware, software, hardware, social
networking sites and absolutely everything that involves an internet cable, a PC as well as
a mobile phone could be a potential agent for fraud, violence, crime and severe losses.
Cybercrime has to do with criminality committed in the internet with the aid of
computers or criminal activity conducted via the Internet.
Cyber-security encompasses industry and government defense strategies adopted
to curb cyber-criminality in the super highway. Cyber crime has dwarfed the expectations
of e-commerce as a potential tool to improve Africa’s national GDP, job creation and
elimination of mass poverty. E-commerce, which is totally dependent on viable internet
connectivity, has been violently attacked to the extent that e-commerce has virtually
come to a halt because of the activities of cyber criminals. The activities of these evil
agents have been described as the worst threat to the most formidable human innovation
after the Industrial Revolution. It is indeed a colossal economic catastrophe for the
developing nationals of Africa. This singular act by these agents of the devil has painted
Nigeria black in the eyes of the international community to the extent that electronic
transactions from Nigeria are no longer respected by merchants from other parts of the
world. Because of the ease of commission, the huge sums of money involved in their
dragnets, the absence of a legal framework to tackle the menace, the trade has continued
to be attractive to new entrants. Worst still, the absence of forensic capability by the
Nigeria Police to address the malady has led many of the cybercriminals to get off the
hook and consequently, has encouraged potential scholars who ought to go school to now
2
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
choose cyber crime as a preferred profession, leading to disastrous misplacement of
societal values. This paper will address the impact of cyber-criminality and the antidotes
provided by industry, the academic and world governments and how this has impacted on
the education community of the developing nations of Africa in context with the CERT
initiative of the United States.
1.2 The Nature of Crime in the Cyber Space
The primary types of cybercrimes are data, network, access, and other crimes
[31,32]. Cybercrimes under the title of data crimes include data interception, data
modification, and data theft. Data interception is the interception of data in transmission
[33] Data modification is the alteration, destruction, or erasure of data[34]. Data theft is
the taking or copying of data, regardless of whether it is protected by other laws such as
US copyright and privacy laws, Health Insurance Portability and Accountability Act
(HIPAA), and the Gramm Leach-Bliley Act (GLBA) (Electronic Privacy Information
Center, 2004; [35,36]. U.S. Department of Health and Human Services[37]. Cybercrimes
regarding network access includes network interference and network sabotage. Network
interference is the impeding or prevention of access of others [38]. The most common
example of network interference is a distributed denial of service (DDoS) attack that
floods a web site(s) or an Internet Service Provider (ISP). DDoS attacks are frequently
launched from numerous computers that have been hacked to obey the commands of the
perpetrator[39,40]. Network sabotage is the modification or destruction of a network or
system. Network sabotage frequently occurs with ghost accounts; accounts not closed
when an employee leaves a company that can give a disgruntled employee a back door
into the network[41] .
Cybercrimes include access crimes such as unauthorized access and virus
dissemination. Unauthorized access is the hacking or destruction of a network or
system[42] For example, the U.S. DOJ reported on March 1, 2006 that a federal
computer security specialist within the Department of Education’s Office of Inspector
General installed software on the computer of a supervisor enabling him to access its
stored data at will. He later used this privileged access to view email and other electronic
transactions of his supervisor then shared the information with others in his office. The
accused pled guilty and was later sentenced to five years in prison and fined $250,000
[43]. Virus dissemination is the introduction of software that is harmful to a system or
data therein. In 2005, the U.S. DOJ reported that a 21-year-old male of Beaverton,
Oregon used more than 20,000 infected computers he had infected with a computer
worm program to launch a DDoS attack against eBay in 2003. The attack caused a denial
of service for legitimate users who wanted to access eBay. The perpetrator, awaiting
sentencing could receive up to ten years imprisonment, a $250,000 fine or twice the
gross gain or loss, and three years supervised release[44], Data and other types of
cybercrimes include aiding and abetting cybercrimes and computer related forgery and
fraud. Computer-related forgery is the alternation of data with the intent to represent it as
authentic. Computer-related fraud is the alteration of data with the intent to derive
economic benefit from its misrepresentation [45]. In February 2006, the U.S. DOJ
reported that a 41-year-old male of Cleveland, Ohio obtained stolen debit card account
numbers, personal identification numbers (PINs), and personal identifier information of
the true account holders that he encoded on blank cards. He used the counterfeit debit
3
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
cards to obtain $384,000 in cash advances from ATM machines in the greater Cleveland
area over a three-week period. The perpetrator received a sentence of 32 months in
prison, three years of supervised release for bank fraud and conspiracy, and ordered to
pay $300,749 restitution to the bank and $200 to the Crime Victim’s Fund[46].
1.3 TOP 10 NATIONS PERPETRATING AND COMPLAINING OF CYBER
CRIME
Below are two maps showing countries perpetrating cyber crime and those
complaining of the menace as provided by IC3 2006 Internet Crime Report. January 1,
2006 – December 31, 2006 by the National White Collar Crime Center and the Federal
Bureau of Investigation,2007. A cursory look at the two maps shows that the USA
ranked no. 1 for both perpetration and complaint scoring 60.9% for perpetration and
90.7% for complaint. This is an interesting scenario. This is not surprising though because the
US is the heavest user of IT and the cyberspace.
Figure 1. Map. Og Top 10 Countries by Count: Perpetrators (Number is Rank) Note. Adapted from
The IC3 2006 Internet Crime Report. January 1, 2006 – December 31, 2006 by the National White
Collar Crime Center and the Federal Bureau of Investigation,2007 .
4
[30]
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Figure 2. Map. Top 10 Countries by Count: Individual Complainants (Number is Rank) Note.
Adapted from The IC3 2006 Internet Crime Report. January 1, 2006 – December[30]
1.4 Corporate Security Concerns
Denis [30] had reported in her work on Cyber-crime’s Impact on the
Work Place that the top three computer security concerns, as reported by
respondents, were:
(a) embezzlement 30% (92), (b) intrusion or breach of computer
systems 22% (67), and (c) computer viruses and denial of service
attacks 11% (33). These top three computer security concerns reflect
the thinking of 63% of the organizations reporting. Figure 2 depicts in
ranking order all the variables identified.
5
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 3.
Ranking of computer security concerns by organizations.
1.4 Summary of Cyber Crime Classification
The above descriptive discussion on the types of cyber crime can be summarized
thus:
 Hacking: This is a term used to describe illegal intrusion into a
computer system without the permission of the computer owner or
user for purposes of stealing valuable information of market value.
 Denial of Service Attack: A criminal floods the bandwidth of the
victim’s network or fills his e-mail box with spam mail depriving him
of the services he is entitled to access or provide.
 Virus Dissemination: This involves sending malicious software that
attaches itself to other software. Good examples of these include:
virus, worms, Trojan horse, Time bomb, Logic Bomb, Rabbit and
Bacterium etc.
 Software Piracy: This involves the theft of software through the illegal
copying of genuine programs or the counterfeiting and distribution of products
6
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
intended to pass for the original. This can be done in many ways such as via End
user copying, Hard disk loading, counterfeiting, illegal downloads from the
internet.
 Pornography: Pornographic tactics is used by many advertisers to
encourage customer’s access their website. Publishing, transmission
of any material in electronic form which is lascivious or appeals to the
prurient interest (nude people having live sex) is an offence is a
serious crime in American Law (Section 67 of I.T. Act 2000). This
has been included in the Information Technology Bill and the
Cybercrime Act undergoing final reading in the Nigeria’s National
Assembly. It is a very powerful predator as it is used as a tool to lure
victims.
 IRC Crime: IRC means Internet Relay Chat. IRC servers have chat
rooms in which people from anywhere in the world can come together
and chat with each other. Criminals use it for meeting conspirators.
Hackers use it for discussing their strategies and sharing information
on techniques. Pedophiles use chat rooms to lure young children.
Cyber Stalking is used to harass a woman via her telephone number
which may be given to others as if she wants to befriend men.
 Credit Card Fraud: If your electronic transactions are not secured
the credit card numbers can be stolen by the hackers who can misuse
this card by impersonating as the credit card owner. These criminals
can use Credit card skimmer or writer to make fake credit cards with
your information and use it to withdraw your money from your
accounts.
 Net Extortion: This involves copying the company’s confidential
data in order to extort huge sum of money from the firm.
 Phishing: Deployed to pull out confidential information from the
bank or financial institutions account holders by deceptive means.
7
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 3a Countries with phishing sites
Source: eBay
Fig. 3b Ten Top Phishing Sites Hosting Countries
 Spoofing: This involves getting one computer on a network to pretend
to have the identity of another computer, usually one with special
access privileges, so as to obtain access to the other computers on the
network.
8
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
 Cyber Stalking: In this technique, lthe criminal follows the victim
by sending emails, entering the chat room frequently in order to catch
his victim.
 Cyber Defamation: This involves the criminal sending emails
containing defamatory statements to all concerned of the victim or
posts the defamatory matters on a website. This is usually the style
deployed by disgruntled employees against their boss, ex-boy and girl
friends against each order or divorced wife against their ex-husbands.
 Threatening: Criminals may send threatening email or contact y9ou
in a chat room. This is the tactics adopted by disgruntled enemies
against their boss, friend or official.
 Salami Attack: In this technique, the criminal makes insignificant
changes in a manner that would make his action unnoticeable. For
example small amount like N0.20 can be deducted from every N100
of your salary per month from the account of all the customer of a
bank and deposited in his private account. Since the deductions are
very small, it is unlikely to be noticed by any bank custer and
accordingly reported. If he does for a long time unnoticed, he will
make millions without running into the hands of the law.
 Sale of Narcotics: Web sites abound which offer sale and shipment
of contraband drugs. They use Stegnography for hiding the messages.
 Nigeria’s own 419: This is a scam which starts with a bulk mailing or
bulk faxing of a buch of identical letters to businessmen, professionals
and other persons who tend to be wealthy. The greedy ones will fall
prey to such dubious business proposal and they will be heavily
duped.

seller frauds is another distinct type of cyber crime such as
account take over via phishing, fake Escrow sites, non-performance
transactions (fake listing), fraudulent misrepresentation.
9
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
2.0 Demography and characteristics of Cyber Criminals
According to recent study by ChiChao Lai et.al [29] the demographic characteristics
of cybercriminals is revealing as well as disturbing and calls for concerted effort by all to
avoid an impending catastrophe. The report findings show that 81.1% were male;
45.5% had some senior high school; 63.1% acted independently; 23.7% were currently
enrolled students; and 29.1% were in the 18-23 age bracket, which was the majority
group. For those enrolled student cybercrime suspects, the findings show that the
percentage of junior high school and senior high school student suspects constituted
69.0% (2002), 76.1% (2003) and 62.7% (2004) of cybercrime suspects in their respective
years. The high rate shows that the number of currently enrolled students suspected of
involvement in cybercrime is cause for concern. The following group of people are easily
fall prey or perpetrate cyber-criminality:
 Disgruntled employees
 Teenagers
 Political Hacktivist
 Professional Hackers
 Business Rival
 Ex-boy or Girl friend
 Divorced Husband or Wife
 Political enemies
The victims are gullible, desperados and greedy people, unskilled and inexperienced
and perhaps unlucky people too can fall victim.
3.0 Security Measures in Place: Industry Security Initiatives For The
Cyber Space:
 Firewalls, Antivirus, Anti-Malware, Pass-Wording, Encryption, Biometric
Authentication Systems, Intrusion Detection and prevention Systems, etc.
3.1
Some Tested Palliative solutions in place
If correctly installed, the following technologies can help to block attacks: (These
will be explained further in the following pages).
• Firewalls are hardware or software devices that block certain network traffic
according to their security policy.
• Software solutions exist to identify and remove malware and to help manage
spam email. Many must be paid for but free versions are also available.
• Authentication involves determining that a particular user is authorized to use a
particular computer. This can include simple mechanisms such as passwords, to
more complex methods using biometric technology.
10
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
• Hardware cryptography uses computer chips with cryptographic capabilities
intended to protect against arrange of security threats.
• Patches are programs designed by software manufacturers to fix software
security flaws. Patching is often installed automatically. This reduces end-user
participation and increases ease of use
3.1.1 Biometric Authentication Systems (BAS)
According to Osuagwu [4] BAS refers to a brand new technology to reliably
indicate whether people are actually who they say they are using traits unique to them.
These traits include fingerprint patterns, the arrangement of tissue in the eye’s iris, and
the timbre of a person’s voice.
Factors Used To Authenticate An Individual
Something a person knows
Commonly a password or PIN. If the user types in the
correct password or pin, access is granted.
Something a person has
Most commonly a physical device, referred to as a token.
Tokens include self-contained devices that must be
physically connected to a computer, or devices that have
a small screen where an OTP is displayed, which the
user must enter into an interface to be authenticated by
the backend server.
Something a person is
Most commonly a physical character, such as a
fingerprint, voice pattern, hand geometry, or pattern of
veins in the user’s eye. This type of authentication is
referred to as biometrics and often requires the
installation of specific hardware on the system to be
accessed.
Table 1: FACTORS USED TO AUTHENTICATE AN INDIVIDUAL
Source: FFIEC Guidance for Authentication in an Internet Banking
Environment
Table 2: CHARACTERISTICS OF AUTHENTICATION
11
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
TECHNOLOGIES
Source: Crystal Research Associates, LLC.
Fig. 4: SAMPLES OF BIOMETRIC AUTHENTICATION
TECHNOLOGIES
Businesses, schools, and apartment buildings are using vascular
recognition for physical access control. Large organizations are also beginning to
deploy the technology to manage access to their information technology
infrastructure. Vein pattern recognition has been adopted to screen passengers at
South Korea’s International Airport and to control access to the tarmac at several
Canadian airports. Vascular recognition already has won wide acceptance in
banking. More than a dozen Japanese banks and credit unions have made
hundreds of ATMs featuring vascular sensors available for everyday use. In the
vascular recognition systems developed by Fujitsu and TechSphere after inserting
a banking card in a cash machine, the user is prompted to hold a hand near an
infrared light source. The light source is paired with a charge-coupled device
similar to the one used in standard digital photography. As the near-infrared light
passes through the body tissue, it is reflected by the hemoglobin in the blood. This
reflected light picked up by the CCD reveals an image of the blood vessels.
Within a second or two, the system filters the digitized image, creates a template
that it can compare with the encrypted image template associated with the
authorized user, and decides whether they match.
The template data can be stored either directly on the chip in a smart card
or in a central database. At the commencement of a credit card transaction, you
would present your smart credit card to a point-of-sale terminal. The terminal
would establish secure communications channels between itself and your card via
communications chips embedded in the card and with the credit card company’s
central database via Ethernet. The terminal then would verify that your card has
not been reported lost or stolen, by exchanging encrypted information with the
card in a predetermined sequence and checking its responses against the credit
card database.
Early adopters of the technology chose smart card to allow customers
maintain possession of their digitized records and free the service provider from
having to maintain databases. Vascular pattern sensing has been preferred over
fingerprint scanners because users do not have to tough the sensors in order to do
transactions which are of concern in some Asian countries where hygiene is an
exceptionally important cultural value.
12
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
The only criticism against BAS is the invasion of privacy [4]. Critics say
that biometric data gathered for one purpose, e.g. Fingerprints taken from noncitizens who enter the US under the US VISIT program can be easily repurposed
for application such as criminal identification. Proponents say that current best
practices such as not storing the fingerprint or iris scan, but only its data template,
are adequate for protecting personal privacy. All we know is that Biometric
Authentication is here to stay and should be encouraged in Nigeria to infuse some
confidence in electronic fund transfer and e-commerce delivery.
Variants of BAS
a. Finger Prints: This technique of biometric authentication have been used
to secure commercial transactions since the days of ancient Babylon,
where fingerprints have been found among the ruins on clay scale attached
to business documents. Each fingerprint contains global features, which
can be seen with the naked eye, and local features, also called minutia
points, the tiny unique characteristics of fingerprint ridges. Fingerprint
scanners can be attached to USB ports as an external peripheral or they
can be embedded within device.
b. Iris Scans: This technique analyze vein pattern and has the potential to be
more accurate than fingerprints because the iris has about 260 degrees of
freedom with regard to its vein patterns. Using an iris scanner requires
aligning the eye with a coloured LED inside the camera, then moving the
person’s head forward or back until the LED changes colour, signaling
that the distance is correct for proper imaging. The system then makes the
scan, analyzes the image, and stores the template.
c. Biometric Sensors: This is the new proposal for enhancement of the
existing BAS systems posited by Jain and Pankanti [16,17]. This new
techniques uses fingerprint sensors and a combination of other BAS
techniques could be incorporated. It is going to be economical, protect
privacy, and guarantee the validity of all kinds of credit card transactions,
including ones that take place at a store, over the telephone, or with an
Internet-based retailer. By preventing identity thieves from entering the
transaction look, credit card companies could quickly recoup their
infrastructure investments and save businesses, consumers, and
themselves billions of dollars annually.
d. Smart Cards: A smart card is another example of an authentication
method. The size of a credit card, a smart card contains a microprocessor
that enables it to store and process data. To be used, a smart card must be
inserted into a compatible reader attached to either a computer or some
type of electronic reading device. If the smart card is recognized as valid
(first factor), the customer is prompted to enter his or her pass-code
(second factor) to complete the authentication process. Smart cards are
difficult to duplicate and have demonstrated to be tamper resistant,
13
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
creating a relatively secure vehicle for storing sensitive data and
credentials. Some limitations of smart cards are that they can only be used
in the presence of a smart card reader, which has limited portability, and
they require additional software to run on most computers. Illustrations of
some of the typical types of smart cards are provided in Figure 1.2.
Fig.5 EXAMPLES OF SMART CARDS
Source: Versatile Card Technology, Inc
Fig. 6: PIN PADS
3.1.2 Intrusion detection system in the market place
Intrusion detection (ID) is a type of security management system for computers and
networks. An intrusion detection system (IDS) is a device or software application that
monitors network and/or system activities for malicious activities or policy violations
and produces reports to a Management Station. It s used to determine if a computer
network or server has experienced an unauthorized intrusion. Intrusions are the activities
that violate the security policy of system. Intrusion Detection is the process used to
identify intrusions IDS inspects all inbound and outbound network activity and identifies
suspicious patterns that may indicate a network or system attack from someone
14
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
attempting to break into or compromise a system. There are several ways to categorize
an IDS:

misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes
the information it gathers and compares it to large databases of attack signatures.
Essentially, the IDS looks for a specific attack that has already been documented.
Like a virus detection system, misuse detection software is only as good as the
database of attack signatures that it uses to compare packets against. In anomaly
detection, the system administrator defines the baseline, or normal, state of the
network??s traffic load, breakdown, protocol, and typical packet size. The
anomaly detector monitors network segments to compare their state to the normal
baseline and look for anomalies.

network-based vs. host-based systems: in a network-based system, or NIDS, the
individual packets flowing through a network are analyzed. The NIDS can detect
malicious packets that are designed to be overlooked by a firewall??s simplistic
filtering rules. In a host-based system, the IDS examines at the activity on each
individual computer or host.

passive system vs. reactive system: in a passive system, the IDS detects a
potential security breach, logs the information and signals an alert. In a reactive
system, the IDS responds to the suspicious activity by logging off a user or by
reprogramming the firewall to block network traffic from the suspected malicious
source.
Though they both relate to network security, an IDS differs from a firewall in that a
firewall looks out for intrusions in order to stop them from happening. The firewall limits
the access between networks in order to prevent intrusion and does not signal an attack
from inside the network. An IDS evaluates a suspected intrusion once it has taken place
and signals an alarm. An IDS also watches for attacks that originate from within a
system.
From the above taxonomy IDS can summarily be classified thus:
 Host-based IDSs
– Get audit data from host audit trails.
– Detect attacks against a single host
 Distributed IDSs
– Gather audit data from multiple host and possibly the network that
connects the hosts
– Detect attacks involving multiple hosts
 Network-Based IDSs
– Use network traffic as the audit data source, relieving the burden on the
hosts that usually provide normal computing services
– Detect attacks from network.
15
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 7. Example of Network-based IDS monitoring [27]
Fig 8: Software Agent Requirement in IDS monitoring [27]
 Misuse detection
– Catch the intrusions in terms of the characteristics of known attacks or
system vulnerabilities.
 Anomaly detection
– Detect any action that significantly deviates from the normal behavior
16
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
3.1.3
1.
2.
3.
INTRUSION DETECTION TECHNIQUES
Define and extract the features of behavior in system
Define and extract the Rules of Intrusion
Apply the rules to detect the intrusion
3.1.4 Intrusion Prevention Systems
An Intrusion Prevention System is a module added to a base Intrusion Detection
System. This module provides the ability to perform specific tasks automatically. An IT
administrator can define the actions to be taken by the IPS when the attack severity
reaches a pre-determined threshold. This allows an IT administrator to specify that any
attack event at the denial of service (DoS) level or greater will result in the source IP
address being filtered. The filter duration can be set from 15 minutes to permanently.
The advantages to Intrusion Prevention Systems are numerous:
- An attacker’s ability to attack the target network can be automatically blocked any
time 24x7.
- The filter duration can be specified so the attacker’s IP address is not permanently
blocked.
- Real-time email notification can be sent to the IT administrator.
- The attacker’s Upstream Network Provider can be notified immediately when an
attack occurs.
Fig. 9: Example of Intrusion Prevention System. IPS disconnects attackers automatically
[27]
Network Detection Zones
Intrusion Detection/Prevention Systems are placed in different types of network
environments. For simplicity sake, we have identified three types of network detection
zones as shown below. Each network detection zone has unique characteristics and the
IDS must be able to adapt to each zone.
17
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 10: Network Detection Zones [27]
Zone A
This zone is in front of the main firewall. The main characteristic of this zone is the
number of attacks logged. Frequent port scanning attempts, worm attacks and other
network attacks are found in this network detection zone. The IDS must have the
following characteristics to operate in this zone:
- Employ firewall protection on the external interface
- Allow logging of all attacks while offering user selectable alert notification for
critical attacks
- Trigger alerts originating from both internal and external networks
Zone B
This zone is behind the main firewall so the number of attacks is dramatically lower than
those experienced in Zone A. When the IDS triggers in this zone the threat is more
serious in nature. IPS threshold settings may be tightened to lower or more sensitive
levels in this zone.
Zone C
In this network detection zone a properly configured IDS will see fewer alerts than Zone
B. The IDS and IPS threshold settings may be tightened to the lowest levels in this zone.
18
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 11: Network before Deployment of IDS[27]
Fig.12: Network after deployment of IDS
3.2 SecurityMetrics Intrusion Detection Technology [27]
SecurityMetrics Intrusion Detection System is comprised of a number of
subsystems or modules. Each of these components performs specific features. The
following illustration shows the main components
19
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Fig. 13: Security-Metrics Intrusion Detection Technology
[27]
All the above measures are palliative. However, the most reliable authentication and
integrity system today is the biometric frontiers. This assertion was confirmed by
the International Biometric Group in New York City who had forecast a quantum
growth in Biometric deployment in the 21st century. It is however strongly believed
that if perpetrators of cyber crime can be caught and punished, it will further
diminish the motivation to commit cyber crime. A combination of BAS and Forensic
Technology is likely to produce the desired solution to the cyber criminality
conundrum. This brings up a new challenge - the issue of cyber crime policing and
law enforcement.[1-15]
20
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
4.0 Impact on the Education Community
The negative impact of cyber criminality is devastating on the psyche of Nigerian
undergraduate students particularly at the post primary school level and undergraduates
in tertiary institutions. What occupies the mind of most students of the above categories
is how to get rich fast. The less risky means is the cyber crime which has low policing,
where criminals are difficult to arrest and prosecute and where no legal mechanism
currently exists to deal with cybercrime. Criminals grab millions in one single deal and
start living big. One single 419 deal via cyber crime will return a financial gain that a
PhD may not earn throughout his working life. So students are no longer interested in
their academics and this is worsening the eroding quality of the Nigerian education
system and its attendant poor quality graduates. Have you wondered why there was mass
failure in the last NECO examinations? The minds of our youths have been stolen by
porgraphy in the Internet, Home TV programs that encourage nudity and prostitution
make our children to find it difficult to pick their academic books and read for
knowledge and future developement. Our society is crumbling to standstill and many
appear ignorant of where we are heading. We are heading to doom! The future of any
society lies in the ability of that society to raise responsible citizens to take over the
mantle of leadership from a dying generation. The crop of children we are raising gives
us no hope of successionl. We are heading to self-destruct unless urgent measures are
taken NOW to avert this tragedy.
Osuagwu et.at [1,2,3,28] had posited that the key motivating factors for cyber crime
in Nigeria is our wrong value system. There is a negative psyche that money is the
most important thing in the world. Youths observe when rogues are promoted and given
high chieftaincy titles and these youths know the source of wealth of these people. They
also know that in most cases people who are punished for crimes are the poor and underprivileged. The rich always go free from police net. So why be poor and be down
trodden? These youths also know that most rogues have been made Traditional Rulers,
given ministerial appointments once huge sum of money can be deposited into the
campaign accounts of prospective governors and presidents-to-be. They know that most
of these side supporters of policies who eventually get lucrative board appointments,
become commissioners and ministers are indeed, to large extent, key economic
saboteurs! So to them, the best option is not to continue bordering themselves about
higher education but to seek quicker means of getting rich so that they can be counted
among those who matter in society, drive on expensive cars and own magnificent edifices
which counts for recognition!. The easiest option is 419, armed robbery, ritual murder,
kidnapping and gansterism. This evil psyche could have been better controlled if there
were jobs for graduates of our tertiary institutions. Cyber crime has less risk for Nigerian
youths – Nigeria is yet to develop forensic capability to track them. Most Police and law
enforcement officers are not computer literate. Nigeria has no law enacted and
operational for cyber-criminality.
Those who have made it through 419 have escaped unhurt and are enjoying their
wealth. The type of money that comes through cyber crime is huge, sometimes in
millions of US$. These rogues use such money which have spelt death sentence to
most people who are duped to chase women, enjoy in expensive hotels and suppress
the poor in society. They never care for any form of investment to promote national
gross domestic product! Consequently many youths think cyber crime is a profession
21
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
and many are training to become members of the evil club! The crime has take a
more devastating dimension in our Post Primary School and undergraduates of our
tertiary institutions. You school children now spend most of their time on the net
trying to cheat others who laboured for growth, watch nude films and do unthinkable
things in the internet with any form of sensorship. Guesss the consequences, children
are no longer interested in academic work. They are looking for cheap and fast
means of becoming millionaires overnight. Available statistics suggest that over 90%
of those involved in cyber crime are high school children and undergraduates of
tertiary institution in Taiwan [29]. The extended consequencies? Kidnapping,
gansterism, theft of all kinds including cyber crime, prostitution, pornography etc.
The society is now unsafe. This was never envisaged would be the consequences of a
technology that is the greatest human innovation after the industrial revolution! The
Singularity Conundrum is now discussing on Existential Risks. Is it possible that the
technology we innovated might lead to human extinction? So wither Nigeria and
Africa? There is no doubt that one need no more conviction that the solution to this
menace does not lie on procedural legal policing but on attending to the negative
social psyche, providing good employment, family retraining of children and
readjustment of social values including going back to GOD to rebuild Nigeria and
Africa. Something has to be done fast before Africa becomes a desolate continent. .0
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE
The cyberspace is the nervous and control system of US economy and the global
community. Cyberspace is composed of hundreds of thousands of interconnected
computers, servers, routers, switches and fiber optics cables that allow our critical
infrastructures to work. Consequently the health and good functioning of the cyberspace
if critical to national economy and security. These computer networks also control
physical objects such as electrical transformers, trains, pipeline pumps, chemical vats,
radars and stock markets, all of which exist beyond the cyberspace. America is the
heaviest user of the cyberspace and her economy is fully dependent on the cyberspace.
This explains why the US had put up a policy trust to deal with the Protection of the
Cyberspace and the National Information Technology Infrastructure. CERT (short
for US Computer Emergency Readiness Team) is an outshoot of this policy. CERT is
the operational arm of the National Cyber Security Division (NCSD at the Department
of Homeland Security (DHS). It is a public-private partnership located in the
Washington DC Metropolitan area. It is the Federal Government’s cornerstone for cyber
security coordination and preparedness, including implementation of the National
Strategy to Secure the Cyberspace. US-CERT will include partnerships with private
sector, cyber security vendors, academic, federal agencies, Information Sharing and
Analysis Centrers. CERT interacts with federal agencies, industry and the research
community, state and local governments, and others to disseminate reasoned and
actionable cyber security information to the public. CERT also provides a way for
citizens, businesses and other institutions to communicate and coordinate directly with
the United States government about cyber security.
The National Strategy to Secure the Cyberspace is part of US overall effort to
protect the Nation and constitutes an implementing component of the National Strategy
for Homeland Security and is complemented by a National Strategy for the Physical
5.0
22
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Protection of Critical Infrastructure and Key Assets. The reason adduced for this
policy is not far-fetched – securing the cyberspace is a difficult strategic challenge that
requires coordinated and focused effort from the entire society. It identifies steps that
state and local governments, private companies and organizations, and individuals can
take to improve the collective cyber-security. The policy highlights the role of publicprivate engagement and provides a framework for the contributions that everyone has to
make to secure parts of the cyberspace. The dynamics of cyberspace requires adjustments
and amendments to this strategy over time. This policy is expected to reduce America’s
vulnerability to debilitating attacks against critical information infrastrures or the physical
assets that support them. The key objectives are to prevent cyber attacks against
America’s critical infrastructures, reduce national vulnerability to cyber attacks
and minimize damage and recovery time from cyber attacks that do occur. Can
Nigeria borrow a leaf from the US? Although Nigeria is yet to make IT and the cyber
space the hub of business and economic activities, it is currently heading towards
making the cyberspace the nervous system of her economy. Cyber threats can therefore
no longer be treated with kid glove.
6.0 Summary, Conclusions and Recommendations
Cyber crime is real. The internet is the nervous centre of world economy. Cybercrime
is conducted remotely and anonymously to take advantage of flaws in software code.
Cyber crime has created major problems and has continued to increase at institutions of
higher learning, the academia. The academia is emerging as a particularly vulnerable for
internet crime. Organizations and individuals have suffered losses at the hands of cybercriminals with only nine percent of such incidents reported to the security operatives. US
organizations alone have estimated a loss of over $67 billion in 2005 [47].
Approximately nine out of every 10 US firms have experienced a cybercrime in [48]. In
the lighting of the foregoing reports, I recommend as follows:
1.
There is need for consistent training of the Nigerian Police in Cyber
Crime Prevention and Forensic science for cyber crime policy and control.
2.
Development of national community education and training targeted at
school children and senior communities.
3.
Establishment of a centralized national reporting centre such as the IC#
(Internet Computer Crime Compaints Centre) in the US which is managed
by the FBI which is online crime reporting centre and clearing house for
cyber crime. The IC3 plays a pivotal role in detecting and reporting the
identity of cyber criminals and proving information to victims of cyber
crime.
4.
Deployment of Biometrics and device fingerprinting supported by secure
gateways and quality encryption. This strategy will assist in overcoming
the anonymity of a good deal of internet activity and provide enhanced
security.
23
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
5.
There is urgent need to develop a single national database to gather and
compile cybercrime data.
6.
The National Assembly should consider enacting a legislation that
encourages incident reporting while reducing the risks associated with
reporting and provide policies that provide stronger sentences for those
found guilty of committing a cybercrime.
7.
There is need to establish a partnership amongst the academic, law
enforcement to educate the society on when and how to report cybercime
incidents and cyber crime prevention.
8.
Every organization should increase investment in information security to
reduce the level of victimization to cybercrim. This is in addition to
building computer infrastructure to prevent or minimize the impact of
cybercrime.
9.
Organizations should apply proactive prevention measures such as realtime content inspection, zero-hour vulnerability protection, anti-crime
ware, anti-spyware, anti-phishing, anti-virus and URL filtering.
10.
The Federal Government should immediately constitute CERT team in
each sector and appoint a learned Committee to write Nigeria’s Strategy
for protecting and securing the Cyberspace. This committee should outline
major actions and initiatives for cyberspace security response such as
establishment of a public-private architecture for responding to nationallevel cyber incidents, provision of the tactical and strategic analysis of
cyber attacks and vulnerability assessments, encouragement of a private
sector capability to share a synoptic view of the health of cyber-space,
expansion of Cyber Warning and Information Network to support the role
of EFCC in coordinating crisis management for cyberspace security,
improvement of national incident management and coordination processes
for voluntary participation in the development of national public-private
continuity and contingency plans and enhancement of public-private
information sharing involving cyber attacks, threats and vulnerabilities.
11.
For individual protection against cybercrime, each computer user must
create passwords that contain symbols and a mix of capital and lowercase
letters. Passwords should be changed often. You must log on to your
account frequently to ensure that there is no unusual activity. Install
firewall to protect your pc and double-check to ensure that you configured
it properly and that the default password is changed. The PC user must
keep operating system up to date by installing new security patches
available from the developer and use anti-virus software and ensure it is
updated frequently.
24
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
References
[1]
Osuagwu O.E. (2007, 2008) Global Internet Terrorism & Fraud Pandemic: ECommerce Bottlenecks and the Challenge of Computer Forensics, M.S/PhD
Dissertation, American Heritage University of Southern California, San
Bernardino, California.
[2]
Osuagwu O.E. (2008) Software Engineering: A Pragmatic and Technical
Perspective, Olliverson Industrial Publishing House, (OIPH) Owerri, Nigeria,
pp.478-499
[3]
Osuagwu O.E. (2008) Insight into the New Frontiers of Computer Forensics &
Cyber-Criminality ( with Case Studies), OIPH, Owerri, Nigeria.
[4]
Osuagwu O.E. et.al. (2007) Blocking Credit Card Fraud via Biometric
Authentication Systems, Proceedings of the International Conference of the
Nigeria Computer Society, Concord Owerri June 2007
[5]
[6]
[7]
[8]
[9]
[10]
U.S. Federal Trade Commission (FTC)
A U.S. FTC survey released in September 2003
www.Incardtechnologies.com
Computer crime, October 2006 Number 271 Page 2
2002/03 British Crime Survey
Osuagwu O.E. et.al. (2007) Blocking Credit Card Fraud via Biometric
Authentication Systems, Proceedings of the International Conference
of the Nigeria Computer Society, Concord Owerri June 2007
[11] http://www.webopedia.com/term/c/cyber_FORENSICS.htm
http://www.iwar.org.uk/cip/resources/pcipb/cyberstrategy.htm “2003
Computer Crime and Security Survey,” Federal Bureau of
Investigation, J. Edgar Hoover Building, 935 Pennsylvania Avenue,
NW, Washington, D.C. 20535-0001, 2003.
[12] Ken Baiman (2006).
[13] Robbins, Judd,(20040) “An Explanation of Computer Forensics,”
National Forensics Center, 774 Mays Blvd. #10 143, Incline Village,
NV 89451, 2004 [The Computer Forensics Expert Expert Witness
Network, 472 Scenic Drive, Ashland,OR] (©2004, National Forensics
Center. All rights reserved), 2001.
[14] Vacca, John R.(2002), The Essential Guide to Storage Area
Networks, Prentice Hall, New York, 2002
[15] Alfred C. Weaver (2006) Biometric authentication, Computer Feb
2006.
25
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
[16] Anil K. Jain & Sharathchandra Pankanti (2006) A Touch of Money,
IEEE Spectrum July 2006.
[17] Willie D. Jones (2006) Blood Test – Vascular Patterns Provide New
Means of Identification and Authentication. IEEE Spectrum
[18] Federal Ministry of Justice (2004) IT Bill 2004
[19] Noblett, Michael G., Pollitt, Mark M., and presley, Lawrence A.
(2002) Recovering and Examining computer Forensic Evidence, US.
Department of Justice, Federal Bureau of Investigation, Forensic
Science Communications, Vol. 2, No. 4 (www.Fbi.gov).
[20] Nelson, Bill, Phillips, Amelia, Enfinger, Frank, and Steward, Chris
(2004), Guide to Computer Forensics and Investigations Thomson,
Course Technology, Boston.
[21] New Technologies, Inc (Forensics-intl.com).
[22] Rude, Thomas, (2000) Guidance Seizure Methodology for Computer
Forensics, http://www.crazy nights.com/seizure.html.
[23] Wolfe, Henry B., (2003). Computers and Security, El Servier
Science, Ltd., pp. 26-28 (www.sciencedirect.com).
[24] http://www.protegga.com/services.html.
[25] Osuagwu O.E., Anyanwu E. (2003) Management of Information
Technology at Periods of Technological Discontinuity, OIPH,
Owerri, Nigeria, p.23.
[26] FIB Anthrax Report (2001)
[27] https://www.securitymetrics.com/docs/IDSWhitepaper.pdf
[28] Osuagwu O.E. Ogiemien T & Okide S (2010) Deploying Forensics
[29]
Science & Technology for Resolving National Cyber-Security Challenges,
International Journal of Mathematics & Technology, Azibijan, Russia, August
2010.
ChiChao Lu, Wen Yuan Jen & Weiping Chang, Shihchieh Chou(2006), Journal
of Computers, Vol. 1. No. 6, Sept. 2006, Academicy Publisher, USA.
[30]
Denise Marcia Chatam (2007) The Study on Cybercrime’s Impact in the
Workplace, Campus Technology, USA. URL
[31]
Whitney, S. (2004, December 1). Trend turns, more purchase coverage for
cybercrime. Best’s Review, 105(8):90. Oldwick, NJ: A.M. Best Co. Inc.
26
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
[32]
Williams, P. (2002). Organized crime and cybercrime: Implications for
business.Retrieved electronically October 15, 2007, from URL:
http://www.cert.org/archive/pdf/cybercrimebusiness.pdf#search='FBI%20cyber%
20crime%20profit'.
[33]
Bigelow, B. V. (2005, February 3). Computer theft may put workers’ data in
danger.Knight Ridder Tribune Business News. Washington, DC: Knight Ridder
Tribune Information Services.
ibid
US copyright and privacy laws, Health Insurance Portability and Accountability
Act (HIPAA), and the Gramm Leach-Bliley Act (GLBA) (Electronic Privacy
Information Center, 2004
McConnell, B. W. (2001, March 6). Hearing on cybercrime, Committee on
Legal Affairs and Human Rights, Parliamentary Assembly of the Council of
Europe. Paris, France: McConnell International.
United States Department of Health and Human Services. (2003, May). Office
for Civil Rights (OCR) Privacy Brief, Summary of the HIPAA Privacy Rule,
HIPAA Compliance Assistance. Retrieved electronically December 29, 2006,
from URL: http://www.hhs.gov/ocr/privacysummary.rtf.
Bigelow, B. V. (2005, February 3). Computer theft may put workers’ data in
danger.Knight Ridder Tribune Business News. Washington, DC: Knight Ridder
Tribune Information Services
Evans, M. P., and Furnell, S. M. (2000). Internet-based security incidents and
the potential for false alarms. Internet Research: Electronic Networking
Applications and Policy, (10)3, pp. 238 – 245. Plymouth, UK: MCB University
Press
McNeil Solida, M. (2003, February 18). Ex-pension employee is charged.
Retrieved electronically December 28, 2006, from
URL:http://www.carlbrizzi.com /news/display.php3?NewsID=71
Barr, J. G. (2003, December). Monitoring employee computer usage. Retrieved
electronically December 27, 2004, from URL:
http://80www.faulkner.com.ezproxy.apollolibrary.com/products/securitymgt/docs
/monitoring1203.htm.
McConnell, B. W. (2001, March 6). Hearing on cybercrime, Committee on
Legal Affairs and Human Rights, Parliamentary Assembly of the Council of
Europe. Paris, France: McConnell International.
United States Department of Justice. (2005, December 28). Man pleads guilty to
infecting thousands of computers using worm program then launching them in
denial of service attacks. Retrieved electronically April 17, 2006, from URL:
http://www.cybercrime.gov/clarkPlea.htm.
ibid
McConnell, B. W. (2001, March 6). Hearing on cybercrime, Committee on
Legal Affairs and Human Rights, Parliamentary Assembly of the Council of
Europe. Paris, France: McConnell International
[34]
[35]
[36]
[37]
[38]
[39]
[40]
[41]
[42]
[43]
[44]
[45]
27
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
[46]
[47]
[48]
White, G. A., & Kern, R. W. (2006, February 28). Cleveland, Ohio man
sentenced to prison for bank fraud and conspiracy. Retrieved electronically
April 17, 2006, from URL: http://www.cybercrime.gov/flurySent.htm.
Evers, J. (2006, January 19). Computer Crime Costs $67 Billion, FBI Says. Cnet
News.com. Retrieved electronically September 30, 2006, from URL:
http://news.com.com/Computer+crime+costs+67+billion%2C+FBI+says/2100734
9_3-6028946.html?tag=cd.top.\
Citrano, V. (2006, January 20). Mueller’s FBI puts computer crime losses at
$32M. Retrieved electronically September 1, 2006, from URL:
http://www.forbes.com/facesinthenews/2006/01/20/fbi-computersecuritycx_vc_0120autofacescan07.html?partner=vnu.
28
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
The author: Prof. Oliver E. Osuagwu
Profile of Prof. O. E. Osuagwu,
D.Sc, FNCS, FCPN, FBCS, MIEEE, MACM
Professor Oliver Eberechi Osuagwu was born on January 12, 1952 at Umuhu Okwuato in
the Aboh Mbaise Local Government Area of Imo State. Professor Osuagwu is Professor
of Information Technology in the Department of Information Management Technology,
Federal University of Technology, Owerri. He is Coordinator of her Post Graduate
Programs in Information technology. He holds Adjunct Professorship chair in Computer
Science at the Imo State University, Owerri. He is Visiting Professor of Computer
Information Systems at the American Heritage University of Southern California, San
Bernardino California, Adjunct Professor of Computer Science at the Department of
Computer Science, Nnamdi Azikiwe University, Awka
Professor Osuagwu is IP Vice-President, Vice-Chairman, Computer Professionals
Registration Council of Nigeria (CPN), a Federal Government Regulatory Agency
responsible for the control of IT profession in the territory of the Federal Republic of
Nigeria. CPN was established by Act of Parliament No. 49 of 1993 and is under the
supervision of the Federal Ministry of Education. A distinguished Professional Fellow of
the Nigeria Computer Society (NCS) and the CPN, Professor Osuagwu is registered as
Chartered Fellow (FBCS, CITP) of the British Computer Society; Association of
29
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Computing Machinery (MACM) and the Institute of Electrical and Electronic Engineers
of the United States (MIEEE). He is also a Fellow of the Institute of Data Processing
Management (FIDPM) of Nigeria and England, Fellow, Institute of Corporate
Administration and Member, Chartered Institute of Administration, Nigeria (MCIA).
Professor Osuagwu earned B.Sc(Computer Science – Magna Cum Laude)(1982)(Missouri),
MBA(IS)(1985(Delft, Holland), PhD(CIS)(1989)(Missouri), D.Sc(AI)(2002)(Denton,
N.C), M.Sc/PhD(Computer Forensics Science)(Calif.)(2008), Cert(Sys Dynamics)(MIT
Cambridge, Mass.)(2007), Cert(TechNeg)(Harvard)(Cambridge,Mass)(2008), B.Sc(Mass
Comm & Journ.)(2005)(Denton)..
Professor Osuagwu amassed his wealth of technical, prolific, oratory and administrative
experience from several institutions amongst which are: RVB now MSM, Delft
University of Technology, Holland; Clayton University, St. Louis, Missouri, United
Christian University, Denton, North Carolina (formerly Carolina Christian University,
Thomasville, N.C), Centre for Computer Engineering-Federal University of Technology
Owerri, Nigeria; American Heritage University of Southern California, San Bernardino,
California, School of Journalism and Television, Berkshire England, the Massachusetts
Institute of Technology and Harvard University, Boston, Massachusetts..
He was once the Chairman (Education and Manpower Development Committee) of the
Nigeria Computer Society and served her National Executive Council from 2001-2005
during which period he brought about tremendous changes that positively
revolutionalized the IT profession in Nigeria. He was one of the key Senior Academics
that represented the NCS at the Global IT Submit held at George Washington University,
USA in 2003. Professor Osuagwu has contributed immensely to the educational
development and administration of many tertiary institutions in Nigeria; having worked
with the University of Lagos as administrator from 1977-1979; Federal University of
Technology, Yola (Ag. Director/Coordinator, IST – 1983-85), Imo State University
(IDEA)(1988-89), Federal University of Technology/Centre for Computer Engineering,
Owerri (1990-2005), Benue State University, Makurdi (2005-2008), Nnamdi Azikiwe
University, Awka (2004-date) and Imo State University Owerri (2005-date). Professor
Osuagwu nurtured the renowned Centre for Computer Engineering to full CPN tertiary
accreditation in the year 2000 and is the only such ICT institution so accredited in the
former Eastern Region of Nigeria. In April 2010 CCE was approved by the Federal
Ministry of Education and the National Board for Technical Education (NBTE) as a
National Innovation Institution under a new name – South Eastern College of Computer
Engineering and Information Technology (SECCEIT). SECCEIT is to commence
programs at National Innovative Diploma level in five major departments – Computer
Hardware Engineering Technology, Software Engineering Technology, Network
Engineering Technology, Multi-media Technology and Computer Studies as soon as the
Honourable Minister of Education releases her Operating License.
Admission
requirement is a set by UTME (JAMB) and admission into the above programs will be
through UTME. CCE is now an autonomous centre of IT excellence under the new
monotechnic.
30
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
Professor Osuagwu has supervised over 1000 undergraduate projects, 250 Masters
projects, has graduated 10 PhDs in Computer Science/IT and currently supervising over
50 undergraduate projects in three universities, 20 Masters and 10 PhDs at the Nnamdi
Azikiwe Univrsity Awka, the University of Port-Harcourt and FUTO. He had been
External Examiner (B.Sc/M.Sc in Computer Science) to Nnamdi Azikiwe University,
Imo State University, University of Port Harcourt, Anambra State University, Uli, Abia
State Polytechnic and Nassarawa State Polytechnic (ND/HND) Computer Science). He
had been Professorial Assessor for Covenant University, Otta, University of Port
Harcourt, Ebonyi State University, Abakiliki. And Ambrose Alli University, Ekpoma.
He was a member of the IT professionals that reviewed the curricular for ND/HND in IT
(2003), Chairman of the NBTE Critique Committee for the introduction of Computer
Science in Nigeria’s Secondary School System, a prelude to the recently approved JSS
scheme for examination by NECO and WAEC by the Federal Ministry of Education. He
chaired the authorship of the current CPN Professional Examinations Syllabus deployed
to achieve the Gazeting of CPN Professional qualification for career placement in the
Civil Service Scheme of the Federation. He recently chaired the NBTE-CPN
accreditation panel for the accreditation of computer science program at the Akwa Ibom
State Polytechnic, Yaba College of Technology, Lagos, ECWA Institute of Computer
Technology, Jos which has now graduated into a full University located in Abuja and the
Federal Polytechnic, Okoh, Anambra State. He has worked for UNESCO and UNDP as
International Consultant and National Consultant to NASENI (National Agency for
Science and Engineering Infrastructure) for authorship of Feasibility Report for the
production of Nigerian indigenous car, IT training consultant to NNPC, NEPA, Nigerian
institution of Quantity Surveyors, Imo State and IT Consultant to Anyiam-Osigwe Group
of Companies, Lagos. Professor Osuagwu was one of the four Judges selected to adjudge
the performance of 26 Nigerian universities at the 1st Nigerian Computer Science Contest
(Olumpiad) in 2007 by the National Mathematical Centre (NMC) and he pioneered the
publication of the formal report in the International Journal of Computer Science and Its
Applications titled “The Sorry State of Computer Science Education in Nigerian
Universities” published in June 2008.
Professor Osuagwu has authored 20 senior tertiary texts in diverse fields of knowledge
and has published over 100 technical articles in referred competent journals, international
conference proceedings and has presented over 200 workshop papers in Nigeria and
overseas.
A consummate and pragmatic scholar of international repute, Network, Satellite,
Software Engineer, Computer Modeler and Forensics Scientist, Professor Osuagwu is
indeed a fulfilled professional. He is blessed with one amiable wife – Mrs Caroline
Oluchi Osuagwu (nee Chilaka), two daughters - Ihuomachi (BSc Accounting, IMSU
now EEU), Uchechi (BSc Computer Science 2) and a son - Obilor - (aspiring
Electrical/Electronics Engineer). With God on his side, he looks forward to his 60th
birthday with enthusiasm and great confidence.
31
Impact of cybercrime and cyber-security on the education community: imperatives for CERT solutions Prof. O. E. Osuagwu: D.Sc, FNCS, FBCS, MIEEE
________________________________________________________________________
32