Research Proposal

Comp 328 A Research Proposal Submitted to the School of Science, Engineering and Technology in Partial Fulfilment of the Requirements for the Award of the Degree of Bachelor of Science in Computer Science

Control of Cyber Crime in IT Industries in Kenya.

FACULTY OF SCIENCE ENGINEERING AND TECHNOLOGY DEPARTMENT OF COMPUTING SCIENCE AND MATHEMATICS Presented by: MATHENGE ANTONY NJURE KAHUNGU JANET WANGECHI GIKUNDI DENIS NYAGA Supervisor: Dr. P.E RAGAMA CS/M/0383/5/10 CS/M/0365/5/10 CS/M/0494/5/10

A Research Proposal Submitted to the School of Science, Engineering and Technology in Partial Fulfilment of the Requirements for the Award of the Degree of Bachelor of Science in Computer Science

Page 1 of 28

DECLARATION
This is our original work and as far as we are concerned, has not been presented for the award of any degree in any other institution of higher learning.

S/NO. 1. 2. 3.

Students Name Mathenge Antony Njure Kahungu Janet Wangechi Gikundi Denis Nyaga

Signature

Date

Approval This research proposal has been submitted for examination with my approval as a university supervisor:

Signature: .

Name: ...

Date: ....

Page 2 of 28

DEDICATION:
Mathenge; I dedicate this piece of work to my mother for her continuous support financially and prayerwise. God bless you. I also dedicate it to my best friend Violet Kihara for your continuous encouragement and support. Youre such a darling.

Wangechi; Mum and Dad you have always been a source of inspiration to me, supporting both financially and through prayers and thats why I dedicate this proposal to you. May God bless you.

Nyaga;
I dedicate this project to my loving family for the care, love and support that they have shown me all through and I thank God for them.

Page 3 of 28

ACKNOWLEDGEMENT

First and foremost we thank the Almighty God for giving us the grace and the strength to complete this proposal. Secondly we want to acknowledge and thank our supervisor Dr. P.E Ragama for his continuous advice and support throughout the writing of this research proposal. Your efforts are highly appreciated. Our gratitude also goes to all our friends and classmates who tirelessly assisted us during our research. We appreciate your support.

Page 4 of 28

Table of Contents
DECLARATION ............................................................................................................................................2 DEDICATION: .............................................................................................................................................3 ACKNOWLEDGEMENT ...............................................................................................................................4 ABSTRACT ..................................................................................................................................................6 CHAPTER ONE: ...............................................................................................................................................7 INTRODUCTION .........................................................................................................................................7 BACKGROUND ...........................................................................................................................................7 PROBLEM STATEMENT ..............................................................................................................................9 OBJECTIVES OF THE PAPER ..................................................................................................................... 10 HYPOTHESIS ............................................................................................................................................ 10 CHAPTER TWO: ........................................................................................................................................... 11 LITERATURE REVIEW .............................................................................................................................. 11 CHAPTER THREE .................................................................................................................................... 21 RESEARCH METHODOLOGY ........................................................................................................... 21 3.1 Research design ................................................................................................................................ 21 3.2 Target population ............................................................................................................................. 21 3.3 Sampling procedures ........................................................................................................................ 21 3.4 Data collection .................................................................................................................................. 21 3.5 Data analysis..................................................................................................................................... 21 CHAPTER FOUR ........................................................................................................................................... 23 DATA ANALYSIS AND PRESENTATION OF RESULTS ................................................................................ 23 CHAPTER FIVE ............................................................................................................................................. 25 CONCLUSION AND RECOMMENDATION ................................................................................................ 25 REFERENCES ............................................................................................................................................... 27

Page 5 of 28

ABSTRACT
This project titled Control of Cyber Crime in Internet Technology in Kenya is based on the control of internet crimes experienced by users of the internet in day to day activities. The last half century or more witness some major progress in the development of various technologies in almost all areas of human endeavour in both developed and developing countries. Specifically, Information Technology has advanced so well that almost everyone anywhere uses computers for their day-to-day activities. Today's computers are becoming more powerful, smaller, cheaper, and more user-friendly as technology improves. As they have improved, computers have proliferated in our society, our businesses, and our personal lives. Most modern businesses and governments depend on their computer systems to support their operations, from personnel files to financial management. In addition, computers played an important role in computational research such as Bio-Informatics, Differential Calculus, and Evolutionary Genetics. In today's environment, most businesses and government processes could not survive without the computer-especially e-mail or totally web-based businesses. However, an organization that uses computer for its daily transactions is liable to be the target of computer crimes. This article evaluates the concepts of cybercrimes, detection and the controls. An understanding of various types of computer-related crimes is given. The paper finally exposed us to dangers it poses to organizations, factors that encourage it, and recommending possible controls and preventive measures against computer crimes.

Page 6 of 28

CHAPTER ONE:
INTRODUCTION
The internet in Kenya is growing rapidly and this has given rise to new opportunities in many fields including entertainment, business, sports or education. There are two sides of a coin. Internet also has its own disadvantages. One of the major disadvantages is cybercrime- illegal activities committed on the internet. The internet along with its disadvantages has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities such as email espionage, credit card fraud, spams and software privacy, which invade our privacy and offend our senses. Cybercrime also refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime (Moore, 2005). Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming.

BACKGROUND
To provide the most reliable picture of different type of crime, the Internet Crime Complaint Centres (IC3) statistics will be used. According to IC3 website (2011), from January 1, 2010 to December 31, 2010, the IC3 website received 303,809 complaint submissions. This is a (31.9%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet using computers. The 2010 Internet Crime Report demonstrates how pervasive online crime has become, affecting people in all demographic groups. The report provides specific details about various crimes, their victims and the perpetrators. It also shows how IC3 continually adapts its methods to meet the needs of the public and law enforcement. These complaints were composed of many different fraud types such as auction fraud, nondelivery, and credit/debit card fraud as well as non-fraudulent complaints such as computer intrusions, spam/unsolicited e-mail, and child pornography. All of these complaints are accessible to federal, state, and local law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts.

Page 7 of 28

From the submissions, IC3 referred 121,710 complaints of crime to federal, state, and local law enforcement agencies around the country for further consideration. The vast majority of cases was fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar loss from all referred cases of fraud was $264.6 million with a median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2010. Cybercrime has also affected other states and countries like California, New York, Florida, Texas, District of Columbia, and Washington, United Kingdom, Nigeria, Canada, China, and South Africa. There various types of computer crimes. This includes: Data Interception: This type is exclusive to network environment with teleprocessing activities in which the criminal may tap the signal sent to a computer from remote source. One of common example of interception of data in transmission is commonly called hacking. Data Modification: Alteration, destruction, or erasing of data in the computer, usually done with desire to misallocate money or to cover up management incompetence. Theft of Software: Taking or copying data, regardless of whether it is protected by other laws, e.g., copyright, privacy, etc. The cause of this may be for profit purpose or for private use. Network Interference: This is impeding or preventing access for others. The most common example of this action is instigating a Distributed Denial of Service (DDOS) attack, flooding Web sites or Internet Service Providers. DDOS attacks are often launched from numerous computers that have been hacked to obey commands of the perpetrator. Virus Dissemination: Introduction of software damaging to systems or data it contains. Aiding and Abetting: Enabling the commission of a cybercrime especially some cyber caf operators in Nigeria. Computer-Related Forgery: Alteration of data with intent to represent as authentic. Computer-Related Fraud: Alteration of data with intent to derive economic benefit from its misrepresentation. Misuse of Computer Assets: This is another form of computer crime, although it may be more correctly described as computer abuse. It involves the use of company assets, in this case computers, by employees for non-authorized activities. Theft of Computer Hardware: There have been occasions where the theft of computer hardware, specifically computer memory chips, made them more valuable than anything. Examples of this are hardware destruction, illegal borrowing of hardware etc. Cybercrimes are categorized into three:
Page 8 of 28

1. Cybercrimes against persons. Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled. 2. Cybercrimes against property 3. Cybercrimes against government

PROBLEM STATEMENT
According to Oxford Advance Learners dictionary (2001), crime is the activities that involve breaking the law or illegal act or activities that can be punished by law. Computer crime has been defined as the act of stealing or misusing the computer hardware or software (Olawepo 1999: 48). Nowadays, the computer has replaced manual records, and the fraudulent input document has been substituted by manipulating data held in a computer system. This manipulation does not need to be sophisticated. Computers have become the mainstay of business and government processes, for example, business has been using them for years and in most countries, there are drives towards electronic or joined up government to allow the people to access government services from their desktop in their own home. Computer crimes were committed for many reasons, some which are rational, others of which may make no sense to the observer. These internet crimes are like threat detection through crowds-sourced monitoring of social networksproblem like the twitter and Facebook which allow users to post messages. This is due to many reported cases of threats and illegal information passed through illegal messages. This has therefore led to the concern that there is lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information. Additionally, Mass Media and the internet reveal that social networks are growing at an alarming rate with related dangers which are likely to become catastrophic and difficult to solve if not well

Page 9 of 28

managed. Cyber criminals have targeted social networks in order to maliciously acquire and use the large quantity of information it has.

OBJECTIVES OF THE PAPER

a. To characterize the different type of cybercrimes prevalent in Kenyan economy. b. sensitizes computer users and organisations on the presence of cybercrime and the associated dangers to organisations in Kenya. C. quantify the effect of cybercrimes and how to prevent crimes. d. To improve security of information through the internet. e. To determine what type of people commits cybercrimes and the age group that are involved. F. sensate society on how to identify and control cybercrimes in Kenya and regions.

HYPOTHESIS
a. What are the different types of cybercrimes? How do they affect the Kenyan economy? b. What are the dangers of cybercrime in various Kenyan organizations? c. What preventive measures can be taken to reduce cybercrime in Kenya? d. How can information security be improved over the internet? e. Why do people commit cybercrime? f. How can theft through the internet be identified?

Page 10 of 28

CHAPTER TWO:
LITERATURE REVIEW
Social Networking sites have become the new go-to attack point for malware, phishing and spam, and security vendor Sophos found in its Security Threat Report, 2011. The report, which examines and analyses cybercrime during 2010 and highlights the trends to watch out, reveals that scammers and cyber-criminals have their sights trained on users mostly of social networks like Facebook and Twitter. The report contends that the number of social network attacks grew significantly in 2010. According to Sophos, about forty per cent (40%) of the one thousand and two hundred (1,200) website users polled have been sent malware, such as worms, via the websites sites they frequent visit. That is an increase of about ninety per cent (90%) as compared to the second the summer of 2009. Additionally, two thirds of the users queried, said they had been spammed especially via social networking sites. This is more than double the proportion of internet users affected two years earlier. Sophos also found out that forty three per cent (43%) of the respondents had experienced phishing attacks, which is more than double the number of 2009. The scams that are plaguing social networks were unheard of a few years ago (Richard Wang, Manager of Sophos Labs U.S. (2011). According to Wang, social networking platforms like Facebook and Twitter are struggling to keep up with the swell of threats as cybercriminals and scammers seek to leverage these new mediums. According to the study, a good deal of social networking happens in the workplace and fifty nine per cent (59%) of the survey takers believe cybercrime could endanger corporate security while fifty seven per cent (57%) worry that colleagues are sharing too much information on social networks. On the other hand, eighty two per cent (82%) feel that Facebook poses the biggest risk to security. Overall, the majority of the types of security threats from 2009 to 2010 stayed the same, despite their high impact on social networks. It is obvious that cybercrime is a major online threat; it is evident that many people have fallen victims to this crime. It is clear that social networks make a great contribution to cybercrime, but there is no actual information on how much they have contributed. This study intends to establish the correct and factual information.
Page 11 of 28

A study conducted by Trevor Smith, graduate student in the Department of Criminal Justice at UNLV (2010) examines cybercrime that is committed through the utilization of the internet. The study explains the criminal activity that is occurring on Social Networking Sites and what Social Networking Sites are doing to help users keep their information private and prevent them from being victimized. Trevor argues that with the advancement of technology for the benefit of mankind, comes the advancement of new technology to commit crimes. From 2000-2004 cybercrime complaints doubled, and from 2004-2007 they remained the same. However, the latest FBI statistics, produced by the Internet Crime Complaint Centre, show that in 2008 cybercrime increased by thirty per cent (30%) (IC3, 2008). According to the 2009 Unsecured Economies Report produce by McAfee, one of the worlds leading antivirus software and computer security companies, cybercrime costs $1 trillion or more annually, but that is also limited to what cybercrime was reported (McAfee 2009). This figure does not take into consideration the cost of physical damages to victims, or the cost of police investigations. The latest research by the Pew Internet & American Life Project (2010) as captured in the study conducted by Trevor indicates that seventy three per cent (73%) of teen internet users and forty seven per cent (47%) of online adults currently use social networking sites. According to PeterSommer, Internet crime literature review (March 2009), malware is the umbrella term for viruses and Trojans. The criminal offence is unauthorized data modification and is dealt with under section 3 Computer Misuse Act, 1990. The main practical prosecution problems are identifying the perpetrator and then making a precise link to a victim whose computer has been the subject of unauthorized data modification. Hacking has no precise legal definition, but the other main element in the Computer Misuse Act is section 1, unauthorized access to a computer. The section can be used equally against the stereotypical teenage engaged in malicious recreation, staff that exceed their authority in using a company computer, and private detectives. The Internet gives a number of opportunities to would-be cyber stalkers, from sending large numbers of distressing emails, to putting up malicious websites, to posting information on bulletin boards, chat rooms and social networking sites, to originating misleading material which purports to come from the victim and causes them distress. Most forms of computer misuse are expensive to investigate and prosecute because of the technical skills required from investigators and the frequency with which such events cross jurisdictional boundaries.

Page 12 of 28

The offences in distributing illegal Materials lie in publication, making, distributing and possessing obscene, indecent and extreme pornographic material. There is no offence in the publishing of material which falls short of the various statutory definitions and is merely disturbing. English law distinguishes between adult pornography, child pornography and extreme pornographic material. For this purpose a child is someone who is or appears to be under the age of 18 (s. 45 of the Sexual Offences Act 2003, until then the critical age was 16). According to the seminar paper on cybercrimes: control prevention and detection (12th December 2011), the view on security measures for preventing computer crime: 1. Computer Access Control

Considering the facts that are various categories of computer related crime, different strategy should be used in controlling them. The following controls may be used to restrict unauthorized people access to sensitive system. i. Password: The use of password will only allow the authorized users access to the system. The password should be enough so that it will be difficult to guess. ii. Compartmentalization: This restricts users to specific files and program they have a job related need access. Regular updating is required to confirm access to the needs of people moving from responsibility to responsibility within the organization. iii. Use of Biometrics: These include the use of fingerprints, hand geometry, and voice recognition and so on to restrict access to unauthorized users. iv. Automatic Logoff: This measure prevents unauthorized access to the system when authorized users failed to logoff. Random Personal Information checks: This is used in identifying unauthorized login attempts. The system randomly transmits a question that only the authorized individual could answer and denied access unless the right answer is received.

2.

Network Access Control

i. Encryption: This can be described as the use of codes to transform original data into a code which can only be deciphered by the software which handles the file. The transform data appears to be nonsense or jargon until the encryption key is applied to the data. Encryption key is a number which enables encrypted data to be decoded. In some cases hardware key must be attached to the computer before it can read encrypted files.
Page 13 of 28

ii. Firewall: A firewall allows you to protect your computer from hackers, who often target the IP address ranges used broadband providers. The use of firewalls and similar safeguards prevent unauthorized access through the Internet. Firewalls, however, are only effective when they are properly sited within the company network and, when they are managed properly configured or otherwise not providing the security that users and management expect. iii. Spy-ware: A spy-ware is a tool used by the cyber caf operators to monitor peoples activities while browsing on the Internet. Spy-ware is a tool used for monitoring and gathering information about people and information gather are often used for malicious purpose (Agboola, 2005:1). This will go a long way to know if the Internet user is visiting prohibited sites. According to the Computer Crime Research Centre Cyber-crime (20th January 2012) by Costin Raiu, director, Global Research &Analysis, Kaspersky Lab, five categories of key players at the top of the cyber-crime game in 2012, are discussed. The hacktivist groups such as the Saudi and Israeli hacktivists are at the top, the best examples are the Israeli-Saudi hackers who are hacking each other for national pride reasons; the Anonymous group which will target pretty much anyone they think is worth their attention; the Lulzsec team; the poison team, there are quite a few hacktivist groups to be honest, they are not doing it for money or profit, but for fun and national pride," said Raiu. The second group of key players is the big military superpowers, which are now using the internet to create a silent war. "Big military superpowers have discovered the internet and the fact that they cannot just fight each other on the internet, but can exploit the internet by doing a cold war silently with cloak and dagger activities, which at the moment, works well for some and not others," said Raiu. Japan, a country not usually associated closely with cyber-crime activities, recently announced that they are developing a sophisticated virus which they will use, although they did not specify for what, according to Raiu. The third group, according to Kaspersky Lab's research is the big software companies such as Apple, Adobe and Microsoft, because they create the software which runs on all computers and they are the main target for hackers, because hackers need new zero-day exploits to break computers. Hackers can find new zero-day exploits by attacking the big software companies. "The best example of such software companies is Adobe which was hacked in the Aurora attack. According to some information, the hackers got access to the source code for the Abode PDF reader and that can be used to find new zero-day exploits," said Raiu.

Page 14 of 28

The fourth big player on the cyber-crime landscape is the security companies, because they provide the protection for the world's computers. "The evolution of attacks in the future will follow the latest developments in security technologies," said Raiu. Cybercrime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime (Moore, 2005). Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. To provide the most reliable picture of different type of crime, the Internet Crime Complaint Centres (IC3) statistics will be used. According to IC3 website (2011), from January 1, 2010 to December 31, 2010, the IC3 website received 303,809 complaint submissions. This is a (31.9%) increase when compared to 2007 when 206,884 complaints were received. These filings were composed of complaints primarily related to fraudulent and non-fraudulent issues on the Internet using computers. These complaints were composed of many different fraud types such as auction fraud, nondelivery, and credit/debit card fraud as well as non-fraudulent complaints such as computer intrusions, spam/unsolicited e-mail, and child pornography. All of these complaints are accessible to federal, state, and local law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts. From the submissions, IC3 referred 121,710 complaints of crime to federal, state, and local law enforcement agencies around the country for further consideration. The vast majority of cases was fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar loss from all referred cases of fraud was $264.6 million with a median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2007.

Page 15 of 28

Extracted from http://www.consumerfraudreporting.org/Scammers_caught.php From the above chart, the following were discovered: Non-delivered merchandise and/or payment were, by far, the most reported offense, comprising 32.9% of referred complaints. Internet auction fraud accounted for 25.5% of referred complaints. Credit/debit card fraud made up 9.0% of referred complaints. Confidence fraud ("con men"), computer fraud, check fraud, and Nigerian letter fraud (Also called "Advance Fee Fraud" or AFF or 419) round out the top seven categories of complaints referred to law enforcement during the year. Of those complaints reporting a dollar loss, the highest median losses were found among: check fraud ($3,000), confidence fraud ($2,000), Nigerian (west African, 419, Advance Fee) letter fraud ($1,650)

Page 16 of 28

Amount Lost by Selected Fraud Type for Individuals Reporting Monetary Loss:

Complaint Type

Percentage of Reported Total Loss

Of those who reported a loss the Average (median) $ Loss per Complaint

Check Fraud

7.8%

$3,000.00

Confidence Fraud

14.4%

$2,000.00

Nigerian Letter Fraud

5.2%

$1,650.00

Computer Fraud

3.8%

$1,000.00

Non-delivery (merchandise and payment)

28.6%

$800.00

Auction Fraud

16.3%

$610.00

Credit/Debit Card Fraud

4.7%

$223.00

Also IC3 observed that among perpetrators, 77.4% were male and 50% resided in one of the following states: California, New York, Florida, Texas, District of Columbia, and Washington. The majority of reported perpetrators (66.1%) were from the United States; however, a significant number of perpetrators where also located in the United Kingdom, Nigeria, Canada, China, and South Africa. And among complainants, 55.4% were male, nearly half were between the ages of 30 and 50 and one-third resided in one of the four most populated states: California, Florida, Texas, and New York.
Page 17 of 28

While most were from the United States (92.4%), IC3 received a number of complaints from Canada, United Kingdom, Australia, India, and France. Males lost more money than females (ratio of $1.69 dollars lost per male to every $1.00 dollar lost per female). This may be a function of both online purchasing differences by gender and the type of fraudulent schemes by which the individuals were victimized.

E-mail (74.0%) and web pages (28.9%) were the two primary mechanisms by which the fraudulent contact took place.

Visit IC3 webpage on statistics (http://www.ic3.gov/media/annualreports.aspx) for detail information. According to IC3 website (2009), in 2008, most scammers operated from the United States. The U.S. still held a huge lead in active internet users then, a gap that has since closed considerably. In 2008, China and the U.S. each have approximately 200 million internet users, and most of the world has grown commensurately. As the user populations have grown abroad, so have their scammer populations. Several countries stand out in 2008 as have disproportionately huge populations of scammers: Nigeria, Romania, the Netherlands and China. Lottery and fake money transfer (AFF) frauds seem to be the specialty of the Nigerians. The United States still leads in Identity Theft and Spoofing frauds. According to (Aghatise, 2006), majority of the cybercrimes perpetrated in Nigeria generally are targeted at individuals and not necessarily computer systems, hence they require less technical expertise. The damage done manifests itself in the real world. Human weaknesses such as greed
Page 18 of 28

and gullibility are generally exploited. The damage dealt is largely psychological and financial. These crimes are similar to theft, and the likes that have existed for centurys offline even before the development of high-tech equipment. Through the Internet, the same criminals or persons with criminal intents have simply been given a tool which increases their potential pool of victims and makes them all the harder to trace and apprehend Among categories of fraud identified by Peter & Grace (2001) are fraud committed against a number of individuals through print or electronic media, or by other indirect means. This would include Nigerian advance fee frauds (Smith, Holmes & Kaufmann 1999), share market manipulation, and deceptive advertising or investment solicitations pitched at a relatively large number of prospective victims. The following categories of crime are the most common ones in the Nigerian Internet landscape according to (Longe and Chiemeka 2008:134). (a) Hucksters: The hucksters are characterized by a slow turnaround from harvest to first message (typically at least 1 month), a large number of messages being sent to each harvested spam-trapped addresses, and typical product based Spam (i.e. Spam selling an actual product to be shipped or downloaded even if the product itself is fraudulent). 4 Email addresses are obtained from Internet access points using e-mail address harvesting software (web spiders) such as E-Mail Extractor Lite1.4. These tools can automatically retrieve e-mail addresses from web pages. They are therefore referred to as harvesters. (b) Fraudsters: The fraudsters are characterized by an almost immediate turnaround from harvest to first message (typically less than 12 hours), only a small number of messages are sent to each harvested addresses (e.g. phishing, advanced fee fraud-419 from the Nigerian perspective). Fraudsters often harvest addresses and send only a message to them all at a particular time. The tool for getting addresses is mailing address extractors (Longe & Chiemeke, 2006). (c) Piracy: Piracy involves the illegal reproduction and distribution of software applications, games, movies and audio CDs. (Longe, 2004). This can be done in a number of ways. Usually pirates buy or copy from the Internet an original version of a software, movie or game and

Page 19 of 28

illegally make copies of the software available online for others to download and use without the notification of the original owner of the software, this is known as Internet piracy. Modern day piracy may be less dramatic or exciting but is far subtler and more extensive in terms of the monetary losses the victim faces. This particular form of Cybercrime may be the hardest of all to curb as the common man also seems to be benefiting from it. (d) Hacking: Young Nigerians can be observed on daily basis engaging in brainstorming sessions at Cybercafs trying to crack security codes for e-commerce, ATM cards and emarketing product sites. The surprising thing is that even with their low level of education or understanding of the intricacies of computing techniques, they get results! Phishing is also becoming popular as criminals simulate product websites to deceive innocent Internet users into ordering products that are actually non-existent. Phishing refers to imitating products and ecommerce web pages in order to defraud unsuspecting users. This method is used mostly to obtain credit card numbers. The Cyber criminals apart from the mentality and the strength of their motivations, needs to see the path of crime ahead of him clear of obstacles. If every single individual were to put up obstacles of their own, no matter how small, the crime path will seem to be far less lucrative in the eyes of even the most desperate criminal (Aghatise, 2006). Progress is observable in the fight against Internet pornography (except in few cyber cafes) content filters are downloaded and installed to filter unwanted Internet content (Longe & Longe 2005: 1-7). On the other hand, even in Cybercafs with notices warning against spamming activities, bulk tickets are sold obviously meant for the purpose of sending Spam mails. This is to say that most cyber caf in Nigeria are aiding and abetting the perpetrators, some of them do not bother the kind of site the Internet users are doing on the Internet.

Page 20 of 28

CHAPTER THREE
RESEARCH METHODOLOGY
This includes the theoretical framework that is intended to be used. 3.1 Research design The study will be conducted using a questionnaire survey implemented by the study team. Pertinent issues arising from the questionnaire survey will be pursued and clarified through probing questions posed to the interviewees by the study team. 3.2 Target population The target population will be composed of frequent Internet users from Nakuru and Nairobi which are some of the major cities in Kenya; they will include high school students, students in institutions of higher learning and the working class. 3.3 Sampling procedures Probability sampling, precisely simple random sampling will be used to draw the study sample. 3.4 Data collection Data will be collected directly from the respondents by the study team using the questionnaires. 3.5 Data analysis The study team will edit the resultant data to ensure that the figures and words are accurate. This will be done manually after which it will be typed prior to analysis. Questionnaires with twenty five per cent (25%) blank spaces will discarded. the data will then be alphanumerically coded for computer analysis. Where necessary data will be transferred to coding sheets and responses to negatively worded questions will be revised to confirm to the same direction. Data will be put into classes which are mutually exclusive such as gender, age or religion. The data will be analysed using t-test, chi-square, correlation descriptive statistics and regression analysis. Three measures of tendencies will be used namely: mode, medium, and mean.
Page 21 of 28

The data characteristics will be described and explored by drawing graphs and charts, performing cross tabulation and calculating means and standard deviations. Patterns and relationships in the data will be sought by comparing means, exploring correlations, performing multiple regressions, or analyses of variance. Advanced modelling techniques will be used to build sophisticated explanations of how the data collected addresses the original question. Qualitative data analysis will be used to describe and summarize the mass of words generated from the interviews. This will establish the relationship between various themes identified from the study. A report of the findings will then be documented proving or disapproving the hypothesis besides drawing up conclusions and recommendations on the way forward

Page 22 of 28

CHAPTER FOUR
DATA ANALYSIS AND PRESENTATION OF RESULTS
4.1 Work plan and Budget

The study will be conducted in twelve months commencing May, 2012 as detailed in table 4.1. The study budget will be as detailed in table 4.2.
Table: 4.1 Work plan

Period

Activity Preparing, proposal Collecting Data Analysing the Data Compiling the report Typing and printing the report Presenting the report Defending the report Publishing the report presenting and defending the

February-March 2012

May-June 2012 July-August 2012 September, 2012 October, 2012 November, 2012 December, 2012 January, 2013

Page 23 of 28

Table 4.2 Budget Item Hire a van for one month Fuel for the van for one month

Unit Cost (KES) 10,000 40,000

Total (KES) 10,000 40,000 15,000 30,000 1,500 3,500 18,000 118, 000

Accommodation for three people for one month 15,000 Catering for three people for one month Typing and printing questionnaires Typing and Printing the and binding report Upkeep allowance for three members Total 30,000 1,500 3,500 4500

Page 24 of 28

CHAPTER FIVE
CONCLUSION AND RECOMMENDATION
Recommendations Some of the suggestions to improve computer security include: a. b. The use of more effective policies for security over proprietary information. Implementing better internal accounting controls.

c. Improving interaction between the human resources department, the systems department and corporate security functions. d. e. f. g. Continuous supervision of those with sensitive access to system. The use of better software security. Implementing better and regular computer audit software. The use of adequate, physical security in the workplace.

Page 25 of 28

CONCLUSION

Most of the recorded computer crimes cases in most organization involve more than individual and virtually all computer crime cases known so far are committed by employer of the organization. Criminals have also adapted the advancements of computer technology to further their own illegal activities. Investigators must know the materials to search and seize the electronic evidences to recover, and the claim of custody to maintain. Without question, law enforcement must be better prepared to deal with many aspects of computer-related crimes and the techno-criminals who commit them. This article is not meant to suggest that programmers or computer users are fraudulent people or criminal but rather to expose us to the computer-related crime and provides ways to prevent them.

Page 26 of 28

REFERENCES
1. Computer application for business; Effects of cybercrimes on business http://www.scribd.com/doc/54756700/CAB-566-Assignment-2 accessed on June 15, 2011 2. Cybercrime Awareness http://www.cybercellmumbai.com/files/Types%20of%20cyber%20crime.pdf accessed on June 15, 2011

3. Sophos http://en.wikipedia.org/wiki/Sophos accessed on 18th June 2010 4. Agboola O. (2005), Spay-ware: Concept, Danger, and relevance to Business Organization in Nigeria. A paper presented at 1st national Conference on Inter-Disciplinary, at Kwara State Polytechnic, Ilorin.

5. Aghatise, E.J (2006): Cybercrime Definition. Computer Crime Research Centre. June 28, 2006. Available online at www.crime-research.org 6. Longe O.B & Longe F.A (2005): The Nigerian Web Content: Combating the Pornographic Malaise Using Content Filters. Journal of Information Technology Impact, Vol. 5, No. 2, pp. 59-64, 2005

7. Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. 8. Peter, G & Grace, D. (2001): Red Flags of Fraud. Trends and Issues in Crime and Criminal Justice, no. 200, Australian Institute of Criminology, Canberra. Available online at http://www.aic.gov.au.

9. Trevor Smith, graduate student in the Department of Criminal Justice at UNLV (2010) 10. PeterSommer, Internet crime literature review (March 2009)

11. According to the seminar paper on cybercrimes: control prevention and detection (12th December 2011)

12. According to the Computer Crime Research Centre Cyber-crime (20th January 2012) by Costin Raiu, director, Global Research &Analysis, Kaspersky Lab

Page 27 of 28

13. Internet Crime Complaint Centres (IC3)

14. http://www.consumerfraudreporting.org/Scammers_caught.php

15. Longe, O.B and Chiemeke, S.C (2008) Cyber Crime and Criminality in Nigeria What Roles are Internet Access Points in Playing? European Journal of Social Sciences Volume 6, Number 4(2008) 16. Longe, O.B.& Chiemeke, S.C. (2006): The Design and Implementation of an E-Mail Encryptor for Combating Internet Spam. Proceedings of the 1st International Conference of the International Institute of Mathematics and Computer Sciences. Pp. 1 7. Covenant University, Ota, Nigeria. June, 2006

17. Computer crime has been defined as the act of stealing or misusing the computer

hardware or software (Olawepo 1999: 48).

Page 28 of 28