Last Updated on by SCARS Editorial Team
SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS.™ Research: Socio-Economic Theory of Nigerian Cybercriminals
This paper sets out with the aim of developing and improving upon existing taxonomies used in cybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. scholarship.
[lwptoc]
1. Introduction
Listed in prevalence of cybercrime perpetrators, Nigeria, the UK and the USA (in ascending order of significance) are on top of the ‘league table’ (ICCC, 2006, ICCC, 2008, ICCC, 2009, ICCC, 2010). Considering Nigeria as an exemplary social context – representing the Sub-Saharan world region – this article will emphasize the need to incorporate social and contextual factors into the classification schemas. Whilst the establishing of the particularities of cybercrime in Nigeria will concomitantly suggest problems with prevailing taxonomies of cybercrime, it will also render problematic, the basis for ICCC, 2006, ICCC, 2008, ICCC, 2009, ICCC, 2010 claim on the prevalence of cybercrime perpetrators.
Whilst cybercrime primarily operates in the realm of cyberspace, terrestrial crimes operate in physical spaces (Manjikian, 2010). Seeking to summarise and encapsulate various conceptualizations within cybercrime literature, Yazdanifard et al. (2011) defined ‘cybercrime’ as ‘any type of intentional criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. scheme that is computer or/and internet-mediated’. However, whilst such a description describes a wide spectrum of cybercrime, it fails to account for the dual model of criminal schemes within 1cyberspace. Ogwezzy (2012, p.91) elaborated that the term ‘cybercrime’ implies “offenses committed through the use of the computer in contrast to ‘computer crime’ which refers to offenses against the computer and data or program therein”. Whilst the computer and its content are the primary targets in computer crimes, the meaning of cybercrime is wrapped around the use of a computer or/and the Internet to commit age-old crimes (Ogwezzy, 2012, McGuire and Dowling, 2013).
Conceptions of ‘computer crime’ and ‘cybercrime’ interpenetrate one another; their entities are intertwined and therefore difficult to disentangle. The intertwining of computer crime and cybercrime further challenges the simplistic rendering of cyberspace and physical space as two different entities with easily defined boundaries. Regarding ‘cybercrime’, there are over 30 types identified in existing literature, since cyberspace-crime linkage was first constructed in cyberpunk stories (Wall, 2008). Most of them are listed in Table 1 below. These numerous variances are implicated in obscuring the effective conceptualization of ‘cybercrime’. Yet, whilst the existing dichotomized categories (Gordon and Ford, 2006, McGuire and Dowling, 2013) adhere to the basic psychological principle of categorization (Rosch, 1978), they fail to acknowledge the roles of motivations in offending. Relatedly, when the existing motivational categories (Chawki et al., 2015a, Wall, 2013) do consider the motivational element of offending, they take for granted the basic psychological principle of categorization. Insights from Rosch’s (1978, p.28) general and basic principles for the formation of categories stipulate that:
“the task of category systems is to provide maximum information with the least cognitive effort [and] the perceived world comes as structured information rather than as arbitrary attributes. Thus maximum information with least cognitive effort is achieved if categories map the perceived world structure as closely as possible. This condition can be achieved either by the mapping of categories to given attribute structures or by the definition or redefinition of attributes to render a given set of categories appropriately structured”.
Table 1. Tripartite cybercrime framework (TCF).
| Socioeconomic cybercrime | Psychosocial cybercrime | Geopolitical cybercrime |
|---|---|---|
| *Hackers and crackers | *Hackers and crackers | *Hackers -‘Hacktivist’ |
| Cyber fraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. | Child pornography | Cyberspies |
| Cyber embezzlement | Cyberstalking | Cyber espionage |
| Cyber piracy | CyberbullyingCyberbullying Cyberbullying or cyberharassment is a form of bullying or harassment using electronic means. Cyberbullying and cyber harassment are also known as online bullying. It has become increasingly common, especially among teenagers, as the digital universe has expanded and technology has advanced. Cyberbullying is when someone bullies or harasses others on the internet and other digital spaces, particularly on social media sites. Harmful bullying behavior can include posting rumors, threats, sexual remarks, a victims' personal information (Doxing), or pejorative labels (i.e. hate speech). Bullying or harassment can be identified by repeated behavior and an intent to emotional harm. Victims of cyberbullying may experience lower self-esteem, increased suicidal ideation, and various negative emotional responses, including being scared, frustrated, angry, depressed, or PTSD. | ***Cyber terrorism |
| Cyber blackmail | Revenge porn | Cyber Vandalism |
| Romance scamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. | Cyber rape | Cyber assault |
| Online drug trafficking | *Cyberhate speech | *Cyberhate speech |
| Cyber prostitution | *Cyber extortion | Cyber riot |
| *Cyber extortion | Obscenity | Cyber sabotage |
| Illegal online gambling | *Cyber-prostitution | Cyber-colonialism |
| *Cyber Trespass | *Cyber Trespass | Cyber rebellion |
| ***Cyber terrorism | *Cyber homicide | |
| ***Cyber terrorism |
*Where the type of cybercrime appears in more than one column.
***Where the type of cybercrime appears in more than two columns.
In line with motivational theories framed within the basic psychological framework of categorization, this current endeavor will, firstly, aim not only to complement the existing categories but also offer a more conceptually robust framework for grouping cybercrime. The implication being that whilst cybercrimesCybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. constitute a global problem, recognizing the limits of a ‘one size fits all’ binary of taxonomies is of utmost importance. Secondly, Nigeria will be presented as an exemplary cultural context to illustrate certain aspects of these limitations (binary model) and the importance of social/contextual factors in the classification schemas. Through the precise delineation of the particularities of cybercrime in Nigeria, this article aims to determine the extent to which this exemplar problematizes or contradicts prevailing taxonomies of cybercrime. At its core, this paper has three research questions, which it will aim to answer: firstly, how useful are the existing cybercrime taxonomies in making sense of social and contextual factors (such as the category of cybercrimes that the Nigerian cybercriminals exclusively commit)? Secondly, since ‘cybercrime’ is a globalized phenomenon, how is the Nigerian case – representing the Sub-Saharan region, any different from Western regions? Thirdly, what exactly is ‘cybercrime’ in a Nigerian context?
2. A Dual Model Of Cybercrime
The word ‘cybercrime’ comprises a wide range of online crimes. For McGuire and Dowling (2013, p.5), “[C]yber-dependent crimes are offenses that can only be committed by using a computer, computer networks or other forms of ICT [Information and Communications Technology]” such as creation or/and distribution of malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts./viruses. On the other hand, cyber-enabled crimesCyber-enabled Crimes A Cyber-enabled crime is one where technology facilitates a criminal to commit a crime against an individual or a business. These are where there is a one to one relationship between the criminal and the victim. Romance scams, email fraud, and many other types of scams are considered cyber-enabled crimes. The technology used can be the Internet, a computer, a phone, or other devices. “can still be committed without the use of ICT″ such as cyber fraud. These dual categories are illustrated in Fig. 1. Unlike traditional crimes however, one criminal scheme in the realm of cyberspace may involve multiple nations and actors and even impact on multiple nations simultaneously (Yazdanifard et al., 2011). Thus whilst traditional crime tends to be regarded locally, cybercrime is usually considered on a global scale (Yar and Jewkes, 2010). For example, if a person in Russia creates computer ‘viruses/malware’ while another person in Nigeria rents it to send credit scam e-mails and a third party in the USA transfers funds using the illegally acquired data, (Wall, 2013), all three individuals are implicated in different strands of cybercrime. Whilst all three actors are motivated by monetary benefits, they are in fact involved in cyberspace in varying degrees. The virusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program./malware creator has committed a cyber-dependent offense, whereas the other two have committed cyber-enabled offenses. This existing traffic between cyber-enabled and cyber-dependent categories clearly illustrates the complexity of cybercrime and how one criminal act can impact on multiple nations and involve various networks of actors simultaneously.
Fig. 1. The binary model of cybercrime.
Closely related to cyber-enabled and cyber-dependent categories are ‘techno-centric (type I) and people-centric (type II) subsets’. Gordon and Ford (2006, p.15) specifically posited that techno-centric and people-centric cybercrime is at the opposite ends of a continuum; dichotomizing cybercrime based on the strength of the cyber-element versus people-component of the criminal act in question. They distinguished Type I (techno-centric) crimes such as e-commerce fraud, cyber-vandalism, data manipulations through hacking, phishing, from Type II (people-centric) crimes such as cyber fraud, cyberbullying, and cyber-stalking as illustrated in Fig. 1. The latter being less technologically oriented than the former and therefore grounded in perpetrator-victim interactions. These binary models (people-centric and techno-centric; cyber-enabled and cyber-dependent), anchoring on a basic psychological principle of categorization, have no doubt offered a useful tool in looking at voluminous cybercrime variances.
However, motivational elements are not configured in the properties of these binary typologies. As a result, they are ill-equipped to differentiate between the psychological-motivated cybercrimes such as cyberstalking and cyberbullying from financially motivated ones such as cyber fraud and cyber embezzlement. Simply put, they have taken for granted the motivational lens of looking at cybercrime, which renders them unable to answer a simple question: how exactly is a digital crime that is primarily geared towards defrauding a person or a group of persons, different to another online scheme intended to fundamentally disrupt a person’s psychological state of mind? It is essential to isolate the primary motive behind cybercrimes in the meaning-making of what any particular cybercrime is in a given context, as illustrated in Table 2 below.
Table 2. Perpetrators’ benefits and victims’ losses.
| Attacker/attacked | Socioeconomic | Psychosocial | Geopolitical |
|---|---|---|---|
| Perpetrator (primary benefits) | Economic gain | Psychological gain | Geopolitical, economic & psychological losses |
| Victim (primary loss) | Economic loss | Psychological distress | Geopolitical, economic & psychological losses |
| Perpetrators (secondary benefits) | Both economic & psychological gains | Psychological gain | Geopolitical, economic & psychological gains |
| Victim (secondary loss) | Both economic & psychological losses | Both economic & psychological losses | Geopolitical, economic & psychological losses |
It is reasonable therefore to argue for grouping cybercrimes according to criminals’ motivations. This could and would sharpen the distinction between cybercrimes that are rooted in financial gains such as cyber fraud, and psychologically motivated cybercrimes such as cyberstalking. However, conceptually, the above binary models appear to be ‘explanatory-tools’, which cannot capture the differences between cybercrimes primarily driven by financial rewards and cybercrimes fundamentally propelled by psychological benefits as shown in Table 2. Based on these rationales, it is reasonable to complement these models – ‘techno-centric and people-centric (Gordon and Ford, 2006) and cyber-enabled crimeCyber-enabled Crime A Cyber-enabled crime is one where technology facilitates a criminal to commit a crime against an individual or a business. These are where there is a one to one relationship between the criminal and the victim. Romance scams, email fraud, and many other types of scams are considered cyber-enabled crimes. The technology used can be the Internet, a computer, a phone, or other devices. and cyber-dependent (McGuire and Dowling, 2013). That said, the existing motivational categories, despite usefulness in acknowledging the motivational element of cybercrime, have their limitations too.
3. Some Existing Motivational Taxonomies
In endorsing motivational categories, Chawki et al. (2015a, p.16–17) argued that it is crucial to understand a person’s profile in the case of a particular cybercrime. Particular educational attainment, occupation, and childhood experiences, he argued, help shed light on the individual implicated in any cybercrime. As Chawki et al. (2015a) further postulated that cybercriminals can be categorized as: [a] children and adolescents [b] organized hackers [c] professional hackers [d] discontent employees. Whilst Chawki et al.’s (2015a) categories tell us about different levels of sophistication involved in offending (e.g., professional hackers and organized hackers), they also reveal the extent to which cybercriminals could be age-graded.
However, cross-cultural insights from young offenders have pointed out that age is not lived similarly across cultures and age-related behaviors are constituted differently across cultures (Cain, 2000, Brathwaite, 1996). For example, in line with Tade and Aliyu’s (2011) sociological work in Nigeria and Armstrong’s (2011) anthropological analysis in Ghana, most ‘young people’ in Nigerian and Ghanaian universities involved in cybercrime, in general, are involved in cyber fraud in particular. In contrast, studies on Canadian undergraduates (Cunningham et al., 2014, Faucher et al., 2014) university students in the USA (Lindsay and Krysik, 2012) ‘young people’ in Finland (Oksanen and Keipi, 2013) and higher education students in Britain (Benson et al., 2015, Boulton et al., 2012) suggest that young people in Canada, Finland, the USA, and Britain – the Western world region, are more involved in psychological-oriented cybercrime such as cyberbullying and cyber harassment than cyber-fraud. The key point is that “young people” as a category is insensitive to the differentiation between ‘what is true of all societies’ and ‘what is true of one society at one point in time and space’ (Nelken, 2010). Another limitation is that Chawki et al.’s (2015a) taxonomy does not adhere to the basic principles of categorization.
In a similar vein, Wall 2007 (2013, p.62–65) proposed seven different motivational subsets, based on: self-satisfaction; the need for peer respect; to impress potential employers; criminal gain, or commercial advantage; revenge; distance from the victim; politically motivated protest. These motivational signposts help to illustrate that the specific motivations behind cybercrime are diverse. An equally important issue is that the seven subsets for cyber offenders, as revealed by their titles, shed more light on the drives, the ‘push and pull factors’ of cybercriminals to cybercrime (Wall, 2013). The value of this grouping is most evident in the ‘criminal gain or commercial advantage’, and ‘politically motivated’ categories. For example, whilst some types of cybercrime such as cyber extortion, cyber fraud, and cyber embezzlement fit squarely under the canopy of the former, cyber espionage, cyber terrorism, cyber rebellion, can be located smoothly in the sphere of the latter.
There is, however, a primary limitation of this taxonomy, as aforementioned, in that it neglects the basic principle of categorization. Some of the proposed groups, such as ‘distance from the victim’, involve almost all types of cybercrime. Indeed, ‘distance from the victim’ is a specific aspect of most cybercrimes as Brown (2001) intimated in the analysis of cost-benefits and economics of criminal conduct. Similarly, ‘self-satisfaction’ – rooted in the utilitarian maximization principle – may be in the form of tangible things such as monetary reward or intangible ones such as psychological thrill. Either way, ‘self-satisfaction’ is integral to almost all types of cybercrime, and arguably does not seem to represent a specific category of cybercrimes.
In the same vein, ‘revenge’ as a category could be the driver of cyberstalking, cyber fraud, or hacking. Whilst ‘revenge’ may be a principal impetus behind this range of cybercrimes, it requires a lot of cognitive effort to see the ‘rope’ that binds them together as a distinct subset. ‘Thus maximum information with the least cognitive effort is only achievable if categories map the perceived world structure as closely as possible’ (Rosch, 1978, p.28). The crux is that existing motivational categories (Chawki et al., 2015a, Wall, 2013) have ignored a basic psychological principle of categorization (Rosch, 1978, p.28): ‘to simplify a complex set of data and increase information intake with the least cognitive effort’.
4. The Tripartite Cybercrime Framework (TCF)
In complementing the above taxonomies, this current endeavor anchors on the basic psychological principles of categorization alongside motivational insights to offer a 2tripartite-cybercrime-framework (TCF). An individual is said to be motivated when such an individual is moved, energized, or inspired to do something (Deci and Ryan, 2011, Deci and Ryan, 2000, Deci and Ryan, 1985). Motivation is orientation graded; it varies according to the underlying variable behind the actions in question. It can also vary in terms of the intensity of occurrence, i.e., whether a person is highly motivated or otherwise. Whilst the latter centers on the amount or size of the impetus behind the action, the former is concerned with the reason for the action. Arguably motivation can be conceptualized as the foundation of most crimes; it is reasonable therefore to offer a social/contextual basis for the categorizing of cybercrime. Self-Determination Theory (Deci and Ryan, 2011; 1985) specifically argues that motivational types – intrinsic and extrinsic, define the strength or intensity of motivation.
Motivation therefore can be schematized as a dual phenomenon; incorporating intrinsic and extrinsic motivations. This binary model is necessary for the precision of illustrations and the discussion that follows. Whilst extrinsic motivation is the doing of an activity solely to achieve a distinct result, intrinsic motivation is the demonstration of actions inherently for the mere satisfaction of doing them (Deci and Ryan, 2011; 1985). For example, a poet is more likely to write poems for the inherent satisfaction of such an activity rather than for the approval of his/her parents – intrinsic motivation; whereas a student is more likely to study hard for good grades and a better future – extrinsic motivation. The majority of activities are generally propelled by extrinsic motivation, i.e., people fundamentally motivated to do something due to the direct and expected consequence of their actions (Deci and Ryan, 2011; 1985).
However, as Kshetri (2006), in describing cybercriminals – hackers – emphasized, intrinsic motivation may have a superior impact compared to extrinsic motivation. This paper conceptualizes extrinsic and intrinsic motivations of cyber crimes as twin interlocking entities, which are difficult to disentangle, and, as Wehmeyer and Little (2009) note, extrinsically motivated behaviors can parallel intrinsically motivated activities if actors internalize their actions and experience flow in their activities. Nevertheless, Layous et al. (2013) pointed out that intrinsically motivated people are more likely to experience flow than those who are extrinsically motivated. Nakamura and Csikszentmihalyi (2002, p.95) defined flow as “the balance of challenges and skills when both are above average levels for the individual”. This suggests that it is a state of profound task-absorption and task-enjoyment experience, most likely to condition the actor involved to lose the sense of time in doing the task in question (Csikszentmihalyi, 1990, Csikszentmihalyi, 2000, Csikszentmihalyi, 2014). Flow experience has the following nine components: [a] Clarity of goals at every stage [b] Availability of immediate feedback [c] a balance between challenges and skills [d] Interpenetrations of action and awareness [e] Limited distractions from consciousness [f] Absence of concern in terms of failure [g] The disappearance of self-consciousness [h] The distortion of the sense of time [i] The activity is autotelic (Csikszentmihalyi, 1990, Csikszentmihalyi, 2000, Csikszentmihalyi, 2014). Arguably, flow experience is crucial to the understanding of cybercrime motivations.
Given that the type of primary motivation behind an action matters in relation to the opposing forces that could inhibit the intended action underlines the importance of incorporating social factors into classification schemas. This paper also acknowledges that certain types of cybercrimes listed in Table 1 fit into two or more motivational categories. Although there are some degrees of overlap between the categories, the primary motivation behind the action is the basic tool to differentiate between types of cybercrimes. For example, whilst cyber fraud is under the socioeconomic cybercrime category, revenge porn is under the umbrella of psychosocial cybercrime, as illustrated in Table 1. Theoretically therefore, in complementing the existing categories, this paper provides a more refined motivational taxonomy based on perpetrators’ primary benefits as well as victims’ primary loss, as shown in Table 2.
As Table 1, Table 2 fundamentally illustrates, in socioeconomic cybercrimes, the perpetrator often has a direct contact with his/her victim; this can be defined as financially motivated crimes that are computer or/and internet-mediated, such as online fraud, romance scam, and e-embezzlement. Psychosocial cybercrime are cybercrimes, which are principally psychologically driven such as cyberstalking, cyber harassment, and cyber rape. Whilst socioeconomic cybercriminals may aim to deflate the economy of their victims, psychosocial cybercriminals focus fundamentally on inflicting psychological distress (full analysis of the implications of the TCF, can be found further down).
Yet there remains a considerable amount of similarity between the two loose categories. Unlike the viewpoint that not all actors are economically motivated (Hayward, 2007), the analysis of the motivational drives and economic decision-making in relation to crime in general is more refined (Farrell, 2010). According to Farrell (2010), the application of utility maximization rather than the monetary benefit or economic maximization is a more appropriate term to deploy in conceptualizing the general costs and benefits of crime. Hence, psychological benefits, including expressive emotional elements and sensations, are critical in determining if the crime is economically motivated or not. Flowing from the above, different primary motivations underpin different types of cybercrimes identified in the literature – listed in Table 1. Collaterally, victims of cybercrimes may suffer differently based on the primary motivation – the perpetrators of cybercrime in question as shown in Table 2. Therefore, this current paper proposes that cybercrimes are motivated in three different ways: socioeconomic, psychosocial, and geopolitical.
In terms of the penetrator-victim transactions, the primary driving forces behind cyberbullying, online harassment and cyberstalking are psychological in nature. Unlike fraud-based cybercrimes, the injuries as well as the benefits lie within the realm of the mind. The above distinction is not to suggest that acquisitive motivations involved in financial crimes are absolutely non-psychological. Insights from health psychology (Lazarus, 2006, Lazarus and Folkman, 1984a, Lazarus and Folkman, 1984b) support the fact that financial loss (e.g. due to cyber fraud) can manifest physiologically as distress. However, the key element of differentiation between socioeconomic and psychosocial categories is that the primary benefits of the perpetrators as well as the primary losses of victims are different, as illustrated in Table 2. In contrast, under the binary model discussed above, both socioeconomic and psychosocial cybercrimes are grouped as one, that is, cyber-enabled crimes. Whereas the lens of the TCF can further differentiate between the two, as well as a third category: geopolitical (as discussed further below).
For example, when these 3cybercriminals deploy the ‘Freestyle trick’ using accounts on dating sites to befriend/condition unsuspecting victims to the point that they ‘fall in love’ with them and support them financially, the victims of Nigerian cybercriminals’ ‘Freestyle trick’, may suffer psychological distress as well as financial loss, but the primary aim of the perpetrators is commercial gain. In terms of the predicament of victims, economic losses are more grounded in the quantifiable realm than psychosocial cybercrimes that are in the sphere of the mind.
On the other hand, geopolitical cybercrimes can be defined as those e-crimes that involve agents of statecraft or/and industrial representatives (e.g. cyber espionage). Yet even geopolitical cybercrimes constitute some elements of socioeconomic and psychological cybercrimes as illustrated in Table 2. For example, Hacktivists, primarily aiming to make a political statement could expose sensitive data from the law enforcement agencies and their actions could have economic, psychosocial and geopolitical consequences on a person or group of people. The collective consequences of the tripartite categories could lead to a security fault, which this paper calls ‘cyber insecurity’, defined as a situation where security mechanisms in both the existing cyberspace and physical space cannot guarantee perfect security, nor have the full capacity to resist and respond to both intentional and unintentional cyberspace threats and hazards. In terms of victim-perpetrator interaction, while socioeconomic and psychosocial cybercrimes are fundamentally engineered and executed on individual levels, geopolitical cybercrimes, broadly speaking, are actions of state agents, groups of individuals against other groups, nations or industrial entities acting on behalf of more complex statecraft or vested interests. In other words, each group – especially but not limited to, socioeconomic and psychosocial cybercrimes – may involve individual actors or group actors as both targets and perpetrators. A crucial element of these categories – as illustrated in Table 2, is their capacity to simplify complex sets of information, given that there are over 30 types of cybercrimes identified in the existing literature. The TCF also help to enhance our understanding of ‘cybercriminals’, and their geopolitical, socioeconomic, and psychosocial factors. Another significant issue is that, unless they go against the grain that constitutes ‘normality’ in their home country, agents of statecraft that commit geopolitical cybercrimes are rarely considered ‘criminals’ at all. The assumption underpinning this is that they represent authority, rather than subversion. Therefore it is the nation they represent that is categorized as criminal, unlike individual subcultural rule-breakers such as the Nigerian 4419419 An advance fee scam or fraud (419 scam) is a form of fraud and is one of the most common types of online confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears. The 419 comes from the Nigerian law against this type of scam. cybercriminals.
5. What Is ‘Cybercrime’ In Nigeria?
Drawing on the TCF as shown in Table 1, Table 2, the focus of this discourse confines itself to an examination of Nigeria – representing the Sub-Saharan region, as an exemplary cultural context. It is critical therefore to underscore the peculiar economic-benefit induced trend of cybercrime in Nigeria – generalizable to other Sub-Saharan nations such as 5Ghana, which may not represent squarely the hydra-headed nature of cybercrime in Western societies. Although there are multiple variations on how ‘419 fraud’ happens (e.g. Adogame, 2007, Igwe, 2007, Aransiola and Asindemade, 2011, FBI, 2016), monetary benefit is central to the Nigerian 419 fraud as illustrated in Fig. 2 (for fuller accounts on how 419 happens, see the above authors). Although cybercrime is a global phenomenon, in most Western nations, in addition to socioeconomic cybercrime, the term cybercrime represents a range of computer/Internet-mediated crimes under the umbrella of psychosocial and geopolitical cybercrimes – see Table 1, Table 2. Couched within the aim of establishing the particularities of cybercrime in Nigeria is a wider critique of prevailing taxonomies of cybercrime. Nigerian cybercriminals to date, have been consistently implicated in money-oriented rather than psychosocial and geopolitical cybercrimes. In fact, the convergence of emerging evidence reinforces that perpetrators of cybercrimes in Nigeria focus exclusively on cyber-fraud (Ojedokun and Eraye, 2012, Smith, 2008, Tade and Aliyu, 2011, Adogame, 2007, Doyon-Martin, 2015; Chawki et al., 2015b, Akpome, 2015, Ellis, 2016, Ibrahim, 2016). Arguably, the Nigerian 419 fraud invented and revolutionized by Nigerian kingpins such as Fred Ajudua (Longe et al., 2010) is rooted in socioeconomics.
Fig. 2. How the Nigerian 419 happens.
Given the foregoing remarks, cybercrime in Nigeria can be conceptualized simply as the use of computer/Internet to commit fraud. According to the yardstick of the binary model, the use of computer/Internet to commit fraud falls under the scaffolding of cyber-enabled crime (see Fig. 1). Unlike ICCC’s (2010) survey, which concentrated mainly on a range of 6cyber-enabled crimes as shown in Table 3, some recent inquiries which focused exclusively on cyber-dependent crimes could not locate Nigeria at the upper part of the cybercrime perpetrators’ hierarchy (e.g. Kaspersky, 2016). This comparison between these observations supports the notion that Nigerian cybercriminals are more implicated in cyber-enabled than cyber-dependent (or techno-centric cybercrime) listed in Fig. 1. Does this not suggest problems with prevailing taxonomies of cybercrime?
Table 3. Top ten types of cybercrime covered by ICCC (2010).
| Type | Percentage | Definitions |
|---|---|---|
| 1. Non-delivery Merchandise | 21.1% | The purchaser did not receive items purchased, or the seller did not receive payment for items |
| 2. FBIFBI FBI - Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counter-terrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes, including financial fraud.-Related ScamsScams A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. | 16.6% | Scams in which a criminal poses as the FBI to defraud victims |
| 3. Identity TheftIdentity Theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources. | 10.1% | Unauthorized use of victim’s personally-identifying information to commit fraud |
| 4. Computer Crimes | 9.3% | 1) Crimes that target computer networks or devices directly 2) Crimes facilitated by computer networks or devices |
| 5. Miscellaneous Fraud | 7.7% | Variety of scams meant to defraud the public such as work-at-home scams and fraudulent contests |
| 6. Advance Fee FraudAdvance Fee Fraud An advance fee scam or fraud is a form of fraud and is one of the most common types of online confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears. | 6.1% | Criminals convince victims to pay a fee to receive something of value but do not deliver anything of value to the victim |
| 7. Spam | 4.1% | Mass-produced, unsolicited bulk messages |
| 8. Auction | 4.0% | Fraudulent transactions that occur in the context of an online auction |
| 9. Credit Card FraudCard Fraud Card Fraud is one of the most commonly referenced fraud definitions. It occurs when a fraudster uses a card (debit or credit) to make a purchase without the authorization of the cardholder. Card fraud can occur in-person or through digital channels. | 3.6% | Fraudulent, unauthorized charging of goods and services to a victim’s credit card |
| 10. Overpayment Fraud | 3.4% | An incident in which the complainant receives an invalid monetary instrument with instructions to deposit it in a bank account and send the deposited money back to the sender |
If we look at the Nigerian case through the lens of the binary model (see Fig. 1), the problem is that we would be led to conclude that cybercrime in Nigeria is just cyber-enabled. Cybercrime in Nigeria is fundamentally rooted in socioeconomics, whereas the cyber-enabled crime framework encompasses a range of other crimes such as cyber-bullying and cyber rape. This is problematic. In terms of cyber-bullying and cyber rape, the perpetrators’ gains and the victims’ losses, as illustrated in Table 2, are primarily psychosocial unlike cyber-fraud (which is primarily rooted in economic gains/losses). It suggests problems with the binary model because these other crimes under the umbrella of psychosocial cybercrime may not be primarily rooted in economic gains/loss (as illustrated in Table 2). In other words, whilst socioeconomic cybercrime constitutes only a sub-category of cyber-enabled crime, a cyber-enabled conceptual framework comprises a range of crimes other than cyber-fraud. Therefore, clearly, the existing binary categories discussed above are ill-equipped to differentiate between psychosocial, socioeconomic, and geopolitical cybercrime. The crux is that the evidence that supports the centrality of socioeconomic cybercrime in Nigeria, concomitantly suggests problems with the dual model of cybercrime. These illustrations highlight the usefulness or utility of the TCF, which is more robust than the prevailing taxonomies in dealing with the complexities of numerous varieties of cybercrime.
6. Internet Crime Complaint Center: The Critique Of Evidence
Having offered a theoretical critique of the prevailing models of cybercrime, this article will render problematic the basis for 7ICCC, 2006, ICCC, 2008, ICCC, 2009, ICCC, 2010 claim on ‘cybercrime perpetrators’ league table’, i.e., Nigeria being the third-worst nation in the world. The FBI in partnership with the National White Collar Crime Center, aiming to reduce the volume of economic loss by Internet crime, established the Internet Crime Complaint Centre (ICCC or IC3) in May 2000. As its name implies, the ICCC is a center to receive victims’ complaints concerning ‘cybercrime’ and over the past years, the ICCC received about 300,000 responses annually (ICCC, 2008, ICCC, 2009, ICCC, 2010, ICCC, 2011, ICCC, 2012, ICCC, 2013, ICCC, 2014, FBI, 2015). These data appear to be robust because they come directly from the people who experience the offense. However, the accuracy of responses were only self-reportedly measured, which highlights the ICCC’s over-reliance on participants’ honesty and accuracy. Secondly, given that it is only a small percentage of people who voluntarily report themselves as victims of cybercrime (Bohme and Moore, 2012) or crime in general (Reiner, 2010), the generalisability of the populist claim is questionable. In fact, according to the FBI (2014), less than 10% of people report themselves as victims of cybercrime globally. Apart from cybercrime being underreported, the vast bulk of cybercrime as Brenner, 2007, Brenner, 2012 pointed out, is undetected. Arguably, even if an average of 300,000 respondents could be seen as a huge sample size in itself, it is far from being representative of the general population of all victims of cybercrime on earth. Additionally, there is the possibility that a majority of responses obtained by the ICCC may represent a selective group. For example, people who perceive themselves as ‘victims’ of the law are unlikely to channel their predicaments to the FBI. Also, Asian and African populations in the ICCC’s global research were not significantly represented in comparison to North American and European populations. As Stevens (2011, p.9) reminded us, “statistics, even when they represent the underlying reality, are socially and selectively constructed, and cannot (or should not) simply speak for themselves”. Therefore, regarding the cases that come to light, even if their statistical basis should be taken at face value, the claim is far from straightforward. A league table, therefore, is a pictorial representation of that construction, which not only renders invisible the process of construction but also obscures the entirety of what it represents.
Thirdly, whilst the media and the political discourses tend to amplify the moral panic on the Nigerian 419 fraud (e.g. Adogame, 2007), Akpome (2015), in ‘unsettling the myth of Nigerian exceptionalism’ contended, there is an impossibility of knowing if every cyber-criminal using the Nigerian 419 letter/email templates is actually a 8 Nigerian citizen. It is reasonable also to point out that, there is an impossibility of knowing if some of those perpetrators grouped as ‘Americans’ or ‘British’ are not citizens of other nations. The key point here is that it is challenging to isolate cybercriminals from other nations and world regions who may have as Adogame (2007, p.7) pointed out, ‘masked themselves as Nigerians and entered the theatre of 419 fraud as actors’. One of the implications is that, as Reiner (2010) noted, most people depend on the media, law enforcement agencies, and politicians for ‘authentic’ information on issues such as crime. Regarding the Nigerian case, bearing in mind that some victims may not have accurate information about the actual perpetrators’ identities, suggests that the media and political rhetoric on the ‘Nigerian’ fraud letter/emails may have unintended knock-on-effects on some victims reporting cybercriminals disproportionately as Nigerians. Given that ‘there is a long-standing demonization of Nigeria in the West as being full of criminals’ (Agozino, 2003, p. 231) reinforces the notion that the ICCC’s league table framed with a loose term ‘cybercrime perpetrators’ may have factored and impacted on some victims’ perceptions.
Lastly, as shown in Table 3, over 90% of crimes covered (2006–2010) were primarily ‘cyber-fraud’ and under this specific category (which this article called socioeconomic cybercrime), Nigeria was found to be the third-worst nation. Could the outcome be any different if geopolitical and psychosocial categories were covered? Given the limitations of the binary model, could the effect of the ICCC’s report on various discourses be any different if the exclusion of geopolitical and psychosocial categories were made explicitly? This highlights the usefulness of the tripartite framework as it helps to simplify such league-table-claim into a nuanced umbrella (e.g. socioeconomic cybercrime). Unlike the popular representation of the ICCC’s report in various discourses such as the media (e.g. ‘Nigeria ranked third in the world for cybercrime’ in Balancing Act, 2014), if we should view ICCC, 2006, ICCC, 2008, ICCC, 2009, ICCC, 2010 reports through the lens of the TCF, we could interpret it differently: ‘cybercrimes are motivated by three possible factors: socioeconomic, psychosocial and geopolitical. As regards to the socio-economic category, Nigeria was found to rank third in the world’. The term ‘cybercrime’ embodies multiple strands of crimes other than the socioeconomic category.
7. Further Justifications For The Usefulness Of The TCF
In turn, this paper has developed another scope for categorizing cybercrime (TCF), having critiqued the prevailing taxonomies and rendered problematic the statistics relied on to inform the prevalence of cybercrime perpetrators across nations. Accordingly, it will henceforth offer further justifications for the usefulness of the TCF. One of the implications is that if the ICCC’s reports and the likes are framed with TCF, the outcomes could be most precise. Concurrently, both the immediate outcomes and their subsequent knock-on-effects could be different and to a great extent, less ambiguous.
Let us suppose, hypothetically, that river A, B, and C have between them the greatest numbers of ‘animals’ (fishes and reptiles) in the world: river A has 4000 fishes, and 2000 reptiles, river B has 2000 fishes and 8000 reptiles, river C has 3000 fishes and 6000 reptiles. If we were required to count the numbers of all the ‘animals’ in them and reported only our findings about fish, without applying the basic categorization of ‘animals’ already in place, which includes reptiles as well as fish, we could and would be led to say that: ‘regarding animals that live only in water, river A has 2000 more animals than river B and 1000 animals more than river C’. By the same token, river A, river C, and river B – in descending order of significance, have the greatest numbers of animals that live only in water. We would then be led to conclude that river A has the greatest number of animals in the world when it is only in ‘fish’ category that river A is dominant. River B and river C both have more animals than river A in terms of the other category of animals called ‘reptiles’. In fact, regarding the overall population of animals in these three rivers, in ascending order of rank, river A, C, and B have the greatest number of animals in the world. This information is made easy because categories map the perceived world structure closely. The TCF could help to showcase data in a clear light by funneling information into nuanced umbrellas.
Beyond abstraction, TCF could be useful in policy-making processes, given that to simplify a complex set of data and maximize information intake with the least mental effort are at the heart of the TCF. The utilitarian value of the TCF could translate into policy-making processes because the instruments of persuasion in policy-making arenas are often constructed with ‘killer-charts’ rather than elaborate text and analysis. ‘Many policy documents transmitted between policy-making civil servants are mostly characterized by bullet points and simple diagrams – they do not grant lengthy analysis of imprecise nature of knowledge’ (Stevens, 2011, p.9). Arguably, bearing in mind the foregoing remarks on the nature of policy-making operational-practice, the TCF could be a useful ‘storytelling’ tool in the hands of policymakers. This specific usefulness of the TCF emphasizes that a robust taxonomy in cybercrime scholarship is by no means a sign of regress but on the contrary, an indication of progress.
Furthermore, given that everyone who may be interested in cybercrime reports may not be an ‘expert’ in cybercrime, the TCF would provide a simplified tool of making sense of the complexities around the conceptualization of cybercrime. Simply put, the TCF would have helped to showcase the statistical results of the ICCC’s endeavors (and other cybercrime oriented undertakings) in a clearer light. In turn, it reinforces the elementary principles and the psychological benefits of categorization (Rosch, 1978), which is central to the TCF. Therefore, the inability to differentiate between socioeconomic, geopolitical, and psychosocial cybercrime is not a feature of the binary models alone: it limits the precision and clarity of ICCC, 2008, ICCC, 2009, ICCC, 2010 reports as well. The crux is that the ICCC’s umbrella term: ‘cybercrime’ or ‘cybercrime perpetrators’ is ambiguous and misleading at best.
It is not only misleading: it has consequences on the emerging academic discourse in Nigeria over the years. Specifically, it has influenced the framing of most scholarly endeavors in Nigeria (e.g. Adomi and Igun, 2008), which echo a sense of ‘moral panic’ on ‘419’ phenomenon. Relatedly, the ICCC’s reports could be implicated in supplying ‘ammunitions’ to ‘Western propaganda machinery, which often blows the Nigerian 419 fraud-news out of proportion’ (Adogame, 2007, p.7). Given that repeating discourses normalize their claim, the problem is deep. Whilst there is a total absence of social/contextual taxonomies in cybercrime scholarship, it is not difficult to notice the presence of ‘league tables’ as well as the binary models discussed above. This mismatch could be implicated in the uncritical representation of ‘Nigeria as the third-worst nation’ in cybercrime literature (Aransiola and Asindemade, 2011, Adomi and Igun, 2008). Based on the premise that conceptualizing cybercrime is challenging, this article, therefore, aims to stimulate contemporary scholarly endeavors from Nigeria and elsewhere to look beyond the ‘league tables’ and the binary models and consider contextual/social nuances at play. This is one of the usefulness of the TCF as it has the capacity to enable a clearer conceptualization of cybercrime in Nigeria and beyond.
Unlike geopolitical and psychosocial categories, socioeconomic cybercrime is prevalent in Nigeria. Bearing in mind that the recognition of the socio-cultural fabric elements of a given situation is at the core of this paper, reinforces its value. The over-reliance on the populist ‘league table’ and the binary models in cybercrime scholarship has led some authors (e.g. Adomi and Igun, 2008, Chawki et al., 2015b) to overlook jurisdictional cultures and nuances. It has possibly misled some people in policy arenas. As Lagazio et al. (2014) observed, the orchestration of the fear of cybercrime in itself stimulates over-spending on defense measures as strategic responses by various states. Hyped rates of cybercrime in Nigeria by various discourses (academic, media) framed with the limitations of the prevailing taxonomies above have possibly influenced people in policy-making arenas. These conditions could be implicated in having knock-on-effects as AllAfrica (2013) pointed out, on the rise of the Nigerian government’s budgets/expenses on cyber security-oriented issues. Bearing in mind that there is a general ‘paranoia’ on the social ‘problem’ of Nigerian criminals (e.g. Agozino, 2003, Adogame, 2007), the concerns of international communities could creep into regional policy responses against the cybercrime ‘problem’. In turn, international communities’ concerns help to stretch the already over-stretched Nigerian expenses on a wide spectrum of cybercrime problem. The TCF would not only help to question the taken-for-granted assumptions on Nigerian cybercriminals’ position on the global map but also help policymakers to funnel down resources to cope with the specific category where Nigeria is most vulnerable. The key point is that the benefits of the TCF in coping with the complexities around cybercrime conceptualization outweigh that of the prevailing cybercrime taxonomies.
8. Historical Perspectives: The Nigerian 419 Fraud
Having problematized ICCC, 2006, ICCC, 2008, ICCC, 2009, ICCC, 2010 claim, it is worth considering the background to the Nigerian 419 fraud. ‘Scam’ is an age-old game in all human societies and the Nigerian 419 fraud, like its historical antecedents such as the Spanish Prisoner Swindle (Ogwezzy, 2012; Whitaker, 2013), has emerged from a particular history. Therefore, to dismiss long-term historical perspectives is vulnerable to omit critical factors necessary to understand the social and contextual platforms on which ‘419 fraud’ has emerged. The underlying idea is to further develop the socioeconomic theory of Nigerian cybercriminals – answer to the question, what is a cybercrime in Nigeria? Historically, socioeconomic cybercrime in contemporary Nigerian society metamorphized as Igwe (2007) narrated, from various types of deceptive ‘games’ played in pre-colonial Nigeria. Like all human societies, the contemporary Nigerian society that has sprouted from the ruins of three ancient West African kingdoms: Benin kingdom, Bornu empire, and Songhai empire, (Shuter, 2008) has not done away with the relics of scam. Such scam-games of pre-colonial Nigeria are called the ancient relics of scam, as illustrated in Fig. 3 below. These relics of the scam may be conceptualized as ancient assemblages of beliefs and practices that have evolved over time and entangled with the contemporary Nigerian democracy and politics, to become a common ‘toolbox’ for money success. Drawing from Robinson and McAdams (2015), in order to communicate this theoretical position beyond abstraction, the relics of the scam hypothesis is simplified down to a set of verbal postulates, a box-and-arrow diagram – as illustrated in Fig. 3 below. One of the primary rationales being to enhance our understanding with the least cognitive effort. During the colonial period in Nigeria, whilst some commentators observed that ‘crime’ made little appeal to young Nigerians (e.g. Paterson, 1944), others noticed that Nigerian schoolboys were very gifted in the psychology of manipulations (e.g. US Consulate 1949). It could be that the former were referring to the general population of Nigerian youth, whereas the latter were referring to a specific group of young Nigerians – those who had the opportunity to embrace Western education in the 1940s. Besides, a majority of these reports on schoolboys were generated directly from their headteachers. The key point is that ‘schoolboys’ rather than ‘illiterates’ were principally implicated in authoring various kinds of letters, claiming as Ellis (2016) commented, to be sellers of diamonds, ivory, gold, and other exotic items from ‘Africa’, whereas they were the ‘Wayo trickers’ – fraudsters. However, the ‘destiny’ of ‘Wayo trickers’ changed drastically when petroleum was found in Nigeria (Adogame, 2007).
