Thursday, August 21, 2008


By Muthoga Kioni (Published in the EAStandard 20th August 2008)

Stealing someone else’s identity is a vice that existed before the advent of computers. What has made it a nefarious crime is the ease at which loopholes in ICT systems can be exploited to steal an identity and commit other crimes.

Identity theft occurs when personal information is stolen by a cyber-criminal for unlawful purposes. The fraudster will use a false identity (yours) to commit a series of crimes, usually financially related.

Your identity is contained in various documents for example birth certificates, ID cards, bank statements, credit/debit card slips, driving licenses, passports and land registry documents. These documents are harvested by cyber crooks for identity details.

The threat of identity theft is best illustrated by the recent arrest of seventeen Kenyans in Kansas City (USA). They are charged with massive fraud in which they allegedly stole identity information (including social security numbers) from elderly nursing home patients. These details were used to prepare both federal and state tax returns using tax preparation software. They then allegedly filled false W-2 Forms (wage and tax statements) listing employers that the identity theft victims never worked for, false residence addresses, and other false information. Substantial amounts were refunded to these “ghost” employees by the Tax authorities.

On a personal level, ID theft can occur when your credit/debit card details are illegally obtained at retail outlets without your knowledge. This is called card skimming.

You are also vulnerable when conducting online financial transactions. “Man-in-the-middle” attacks can intercept your online bank passwords, e-mails and other crucial digital information.

How do you protect yourself?

Online shopping requires special precautions. Use a separate credit card just for your Internet shopping. Try and use sites that display “https” before their address when you are entering sensitive information. You can also look out for sites that display certification symbols from organizations, for example Thawte. Though usually safe, remember there are no guarantees.

Ensure that you also update your security software for example anti-virus/anti-spyware. Make sure this software is active when you are online and that it has been updated within the past week or so.

You should also avoid clicking on web links in “official” looking e-mail messages. There are some e-mails, purportedly from banks, that request for your account details. If an e-mail asks you to update your account number, or other personal information, don’t take the bait.

It is also advisable to use different passwords for your online accounts. Using a single password allows someone who obtains it to access all your accounts. You can use variations of one password. It is also possible to add a further layer of authentication by using a fingerprint reader to store passwords for sites you go to often.


By Muthoga Kioni (Published in the EAStandard 13th August 2008)

Cyber-crime has exploded in the recent past. It has attracted criminals who are motivated by the same old vices. These are namely lust, power, revenge, greed and the desire for adventure.

These criminals are usually the rebellious, the defiant or the irresistibly curious. Cyber crime also demands a degree of technical competence that provides an intellectual challenge to some characters.

Cyber-crime, by its nature is difficult to quantify because most offences are never detected. Victims of cyber-crime also conceal these offences from legal authorities because they want to avoid embarrassment. They would also want to safeguard their reputation, especially financial institutions.

Despite the difficulty in quantifying this type of crime, it is obvious that it is progressively becoming a major global problem. There are various contributing factors. They include prevalence of opportunities, weak guardianship, ineffective legislation and extra-territorial issues. Kenyans, who are regularly online, would be well advised to take note of these factors.

The first factor is the increasing number of opportunities that are to be found in cyberspace. Crime is committed when motive and opportunity are present. As the internet progressively becomes an alternative medium of commerce it will proportionally become a lucrative medium of fraud. These opportunities will only increase as our dependence on information technology develops.

There is also weak guardianship in cyberspace. Conventional crime has over time been combated by a combination of the general public, the commercial or business sectors and law enforcement agencies. An example would be the crime of motor vehicle theft. Car owners are encouraged to lock their cars at all times and install anti-theft electronic alarms.

Insurance firms offer discounts for the implementation of these crime prevention measures. As a result guardianship of this specific crime is present and possessed by the above mentioned entities. This is not the case with cyber-crime. Citizen concern is absent, the private sector is not involved and policing the cyberspace is not possible. The resultant situation means the first line of defense in cyberspace is self defense - minding your own home.

Another contributing factor to the escalation of cyber-crime is the absence of harmonious and consistent legislation across nations. Cyberspace is global and trans-jurisdictional in nature. A Kenyan company can become a victim of a perpetrator who resides in Greenland. It is therefore important to harmonize various laws for example the law on search and seizure and the law on evidence.

Legislation must be introduced that provides for unauthorized access to a computer or computer system, destruction or alteration of data within a computer system, interference with lawful use of a computer or a computer system and theft of intangible property.

Kenya needs to develop its legislation so as to effectively protect electronic commerce. The judiciary should also permit the admissibility of electronic evidence in judicial proceedings.

Finally cyber-crime will escalate due to its global reach. This enhances the ability of an offender to commit crimes which will affect individuals in a number of other countries. This presents an inter-jurisdictional and enforcement problem. The presence of law enforcement and regulatory vacuums in various countries has therefore contributed to the growth of cyber-crime.

Kenya is at the threshold of a cyber boom. It is prudent we invest and develop our legislative framework, enforcement capacity and limit cyber-crime opportunities if we are to curtail this emerging crime.

Thursday, August 07, 2008


On Wednesday I was delighted to hear from Dr. Shem Ochuodho. I have always acknowledged our local ICT gurus and Shem is right up there, at the apex. Below are his comments (sent to my email address) which I reproduce with kind permission. Asante Shem.

Rwanda: the ICT Tiger
Wednesday, 6 August, 2008

Ben and Other Patriots,

Just spotted the blog.

You've said it right. Kenya is a sleeping giant. Strong private sector, and excellent human capital. Only leadership is doing Kenya in. Let's hope Rwanda will serve as an inspiration, and the leadership dilemma in Kenya gets sorted out one day.

And thanks for the kind words.


By Muthoga Kioni (Published in the EAStandard 7th August 2008)

Last week I delved into the shadowy world of cyber crime. We shall continue this theme by examining in detail one of the most overlooked digital crimes in Kenya - Intellectual Property Theft.

The most prevalent and pervasive cyber crime is economic fraud. This crime has various appendages, for example identity theft, credit card account theft and con frauds like the infamous Nigerian 411/419 email scam.

Intellectual property theft, within the ICT context, can be arguably classified as an economic crime that is committed with the computer as the object of the crime. This is because the motives of the perpetuators and resultant benefits are usually economic in nature.

Intellectual property refers to creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Intellectual property rights are a bundle of exclusive rights over creative works such as software, books, moves, music, paintings and photographs.

These rights stipulate that the holder of one of these intellectual properties is entitled to exclusive rights and can therefore control reproduction or adaptation of such works for a certain period of time.

We shall restrict ourselves to the ICT intellectual property and none is more obvious that the software program.

The computer program is a set of instruction (code) that is used in the computer to achieve a function. It also causes the computer to behave in a predetermined manner. Microsoft products, like MS Word and Excel, are examples of programs that took considerable effort and cost to produce. These programs are the intellectual property of Microsoft.

It is therefore apparent that the programs we use in our computers are intellectual properties and are owned by the companies or individuals who created or developed them. That is until we legally purchase them.

When we install software programs that have not been legally sourced and duly paid for, we are committing intellectual property theft. We are denying the creators of these programs their right to gain or profit from their work.

This is akin to embarking on a shopping spree in a supermarket and nonchalantly walking out with a fully laden trolley - without paying. We find it easier to perceive this instance as outright theft.

We have conversely found it hard to distinguish the fact that we are stealing by using pirated software and that we are cyber criminals.

Our propensity for “swapping” or “borrowing” installation CD’s from our friends knows no limits. We have as a result earned notoriety as a software piracy haven.

Apart from denting our reputation, this high rate of software piracy has resulted in immense financial losses in terms of lost government revenues. It has also hampered the development of locally developed software products.

This state of affairs has necessitated an aggressive anti software piracy campaign that is aimed at protecting the interests of consumers, business partners and the local software industry as a whole. This recent effort, initiated by Microsoft Kenya, is laudable.

On the legal front we have The Kenya Copyright Board. It is the statutory body mandated to administer and enforce copyright and related rights in Kenya. These include intellectual property rights. It has within it seven members representing software, publishers, performers, broadcasting stations and the audio visual industry.

It is therefore important that we appreciate the creative effort of others that results in the production of computer software. We should desist from intellectual thievery and instead purchase software from legal outlets.


By Muthoga Kioni (Published in the EAStandard 30th July 2008)

We are slowly & inexplicably getting more dependent on technology. It is difficult to imagine spending a day without the mobile phone, the computer, the PDA or any other gadgets that keeps you ‘online’.

The benefits we accrue from using and applying technology in our lives are substantial. They include enhanced career productivity, seamless and cheaper communication and ubiquitous financial transactions among many others. The flip side of this technological progress is that cyber crime has followed in its wake. Cyber crime is slowly pervading our lives. We witnessed a prelude of things to come when the Kamiti mobile phone racket was recently exposed.

What is cyber crime? It generally encompasses any criminal act dealing with computers, networks and related devices. This is where a computer, or mobile phone, is either an object of a crime, an instrument used to commit a crime, or a repository of evidence related to a crime. Examples of cyber crimes include identity theft, credit card account theft, hate crimes, internet fraud, child pornography, software piracy, intellectual property theft and others. Cyber crime also includes traditional crimes that are conducted through the internet.

It is a common practice for law enforcement agencies to concentrate and specialize on a certain crime genre, such as homicide, sex offences, fraud, kidnapping and bank robberies. Whereas some crimes warrant this specialization others do not, for example burglary. This specialization and classification is usually reserved for the ‘serious’ crimes and cyber crime has gained such notoriety that it currently falls under the category of serious crimes.

One would naturally ask, “What has forced this focus on the cyber world by criminals and law authorities?” Beyond the commonly reported computer criminal activities like hacking, spamming and phishing, is the burgeoning rate of economic fraud on the internet. Electronic commerce has emerged as a viable alternative to ‘physical’ trading, though fraught with security threats. The global cost of cyber crime has therefore become quite significant. This development is best illustrated by Canada which has one of the largest e-commerce economies in the world. The volume of sales generated by e-commerce in the whole of Canada during 2005 was in the order of $39.2 billion worth of goods. Cyber crime’s threat and impact should therefore be appreciated in both economic and social contexts.

To counter this threat police forces around the world have established specialized computer crime units. High Tech Crime Units or Cyber Crime Divisions are now considered essential elements of any national police force and Kenya is not exempt. These units however need guidelines and regulations to direct them in their investigations, just as there are guidelines and legislative frameworks for investigating and prosecuting other serious crimes.

Various countries have also introduced legislation that directly deals with cyber crime while others have reformed and modified their existing criminal laws to include this emerging crime. However many countries, Kenya included, do not have adequate legislation that addresses this vice. Cyber crime laws are necessary because they protect certain rights and assets such as privacy by rendering illegal the interception and unauthorized access to digital data and resources privately owned.

Evidence indicates that business, their customers and the public at large need to better appreciate the high cost of cyber crime and adopt the necessary precautionary measures into their online activities. It is also clear that the prevalent context indicates that our local law enforcement agents need to redouble their efforts in countering this ‘new’ crime.