What Information Are Cybercriminals After And What Do They Do With It?

Willie Bee Tingba, Jr
Digital Rights Advocate
Republic of Liberia

Liberia is one of the oldest and poorest countries in Africa with an increasing rate of illiteracy, according to statista, the total number of internet users in Liberia is 4.03 million of the approximately 4.9 million people living in Liberia; its covers about three times the total number of people living in Monrovia using the internet. The use of broadband data services in Liberia has increased substantially. The mobile penetration rate is about 76.6%. Liberia is aware of the cybercrime affecting all sectors of the economy and its vulnerability to cybercrime.
Cyber-crime refers to the body of technologies, processes and practice involves and uses computer devices and the Internet, it can be committed against an individual or a group; it can also be committed against government and private organizations. It may be intended to harm someone’s reputation, physical harm, or even mental harm.
In recent times, Lonestar cell MTN experienced the distributed denial-of-service (DDOS) attack, the cyber-attack was a targeted and sustained act of industrial sabotage designed to disrupt Lonestar’s business and that of Lonestars customers” so as to advantage Lonestar’s competitors. The attack caused considerable damages to Lonestar’s business and disruption to Lonestar’s customers in Liberia.
You would think a Telecommunication giant such as Lonestar Cell MTN would have some of the strongest CyberSecurity processes in place.
Much has been said about cyber-crimes on youth and organizations, this problem does not only affect a developing countries like Liberia, but it is, in fact, a global problem.
Liberia has been the fragility of cyberspace, low policies on cybercrime, lacking cybercrimes and threats education, ignorance to cybercrime, lacking sustainable law enforcement, the vulnerability of devices, and lack of a national legal and regulatory framework and lacking CyberSecurity-investment.
Moreover, Liberian has been introduced to other forms of cybercrime that can be any form of criminality utilizing the following: digital piracy, identity theft, financial theft, computer hacking, embezzlement, and espionage; cybercrime can also be of a sexual nature and include the production and possession of child pornography, or online communication leading to the sexual victimization of a minor.

In addition; too, more often than not, we hear about the huge data breach, with millions of records being stolen, costing businesses ´huge amounts of money. The biggest one to date is the 2013 cyber-attack on Yahoo, which affected 1 billion accounts. Also, you would think an IT giant such as Yahoo would have some of the strongest data protection processes in place. Yet, they could not prevent another attack just a year after, affecting 500 million accounts. As a future CyberSecurity expert, I’ve decided to let you know as well.

Personal Information
Also known as PII, Personal Identifiable Information is the primary target of many hackers. It can be non-sensitive and sensitive.
Non-sensitive information can be obtained from public records, directories, websites, etc. (home address, phone numbers, names which are listed and published, social media information). Disclosing it would not harm the individual.
On the other hand, disclosing sensitive information can lead to harm to the individual, so this information has to be encrypted. It entails data such as names, home, and email addresses, date of birth, phone numbers, and as of recently, IP addresses as well, which are not listed. It further includes biometric information (unique physical and behavioral characteristics), personally identifiable financial information (PIFI), medical information, and unique identifiers such as social security and passport numbers, passwords, etc.
They (cybercriminals) also go after the information you would not think of as valuable, such as the name of your first pet, your mother’s maiden name, the name of your best friends, etc. Combined with email addresses and passwords, they use them to easily hack into online accounts and retrieve old ones.

Personally Identifiable Financial Information
PIFI is any information that is disclosed to the financial institution, not available to the public – names, contact details, bank account, and payment card numbers, Social Security number, billing information, etc. and forms a part of a data breach. The quickest way cybercriminals can make a profit is by obtaining payment cards and any other banking details stored on phones in different apps (wallets, bank apps, shopping platforms) or desktops.
Trade Secrets
Apart from personal and financial information, hackers are after any information about a business which could be sensitive – methodologies, frameworks, plans, analysis, codes, etc. which they can later sell to their competition or ransom back.
Healthcare and Education Information
Even though this might not seem as attractive, medical information is also sensitive personal information that could be used for fraudulent activities. Hackers usually go after the hospital records and insurance information.
The same goes for education information, with hackers targeting student records, enrolment data, and transcripts.
So how do cybercriminals profit from all of this information?
Personal information is usually used for identity theft. They can also apply for loans or credit cards or file for tax returns.
Another method is blackmail, once they get a hold of information which you would not want to be made public (messages, photos, videos, etc).
Medical information is often used for healthcare abuse and insurance fraud, or fraudulent purchase of prescription drugs. With education information, hackers can apply for student loans, or use for identity theft, or sell diplomas online. Medical records are surprisingly more valuable than any financial information, worth up to $1000 on the dark web.
So, it is clear that the importance of CyberSecurity and protection of information grows each day. With so much data is stored on the internet, it will never cease to be the prey of cybercriminals, which is why new CyberSecurity technologies and strategies should be continually devised and implemented in the protection.
Below is a list for what I look forward to the Government of Liberia putting into place in other to have safe and secure cyberspace;
v Liberian Government should have and enforce cybercrime laws.
v Businesses or institutions should increase investment in tackling cybercrimes and understanding cyber-security
v There should be an establishment of cybercrimes department at the Liberia National Police to enhance the efficient coordination of cybercrimes.
v Make sure to use license and accredited antimalware software in your institution.
v Continuous enlightenment and education on cyber-crimes and cyber-related threats.
In conclusion to my write-up, with the rapid rate at which technology is advancing in Liberia, the current ICT infrastructure needs to be rebuilt and improved to make it compatible with modern standards. In addition to rebuilding the system to meet modern standards and increased capacity to deal with cybercrime issues, there is a need for increased training in the technical and legal human capacity to provide expertise in dealing with cybercrime. Lastly, technical assistance for trained Liberians in cyber-attack prevention and remedy is highly desired.

ABOUT THE AUTHOR

Willie Bee Tingba, Jr. holds a Bachelor of Science Degree Information Technology Infrastructure Management/Computer Science at the United Methodist University (UMU). He is an ICT Advocate and President Emeritus at the Liberia Information Technology Students Union (LITSU). He can be contacted on the following numbers and email addresses 0777538605/0880321976. Email: williebee0880321976@gmail.com / williebee19@yahoo.com