The Fight Against Cybercrime in Tanzania - Report

KILEO ©2013 FIGHT AGAINST CYBERCRIMES

ABSTRACT

Cybercrimes have taken a new turn with the rapid growth of different techniques that

cybercriminals use to perform the act. Whenever an individual is going through News Channels

or Magazine and newspapers it has been an ambiguity to hear and read about the victims of

Cybercrimes.

Initiatives to the fight against Cybercrime have started to rise to some countries and the impact is

expected to be seen near future. It is about time to each and every individual to understand the

fight against Cybercrimes should not remain to a certain group of people but each Individual has

to play part in the fight in order to win the war against it.

Despite of the initiatives which are taken by some countries, Cyber terrorism, Cyber war and

organized crimes are considered growing threats. Millions of money has been invested by the

large developed country to facilitate the fight against these crimes.


“In terms of global communications, we

are living through the most exciting period

in human history. There are almost as

many mobile subscriptions as there are

people on the planet and by the end of

2013, 2.7 billion people will be using the

internet; with 2.1 billion active mobile-

broadband subscriptions.” – Dr. Toure

“With the rise of the Internet as a platform

to share information and conduct business

online, the world has never been as

connected as it is today. Unfortunately the

threat to the confidentiality, integrity and

availability of information is also increasing

at a similar rate.” – Craig Rosewarne

INTRODUCTION

There is a common says state that, “Human being are complicated creatures” a very beneficial

and useful thing might be used by some to cause destructions. Today’s Technology is one of the

most useful things but then there are those who made use of it in the name of destruction.

Information and communication technology

ICTs is ubiquitous, meaning that it is available

just about everywhere at all times. This

includes the use of Mobile devises and internet

to provide the possibility to do as many things

in a very simple way compare to the past years.

The Internet is an international platform that

makes the small world. It has been seen most of

the people make use of it more compare to the

previous years back. The research that

conducted in 2008 shows the internet users were 1.15 billion and in 2013 according to Dr. Toure

(ITU chairperson) the number is expected to increase to 2.7 billion. This increase is almost

double to the number of users back in 2008 which prove the ubiquity of the ICTs in a today’s

world.

As stated, every good thing has its dark side.

Information communication technology is no

different. There is a dark side to it which

stems from the misuse of information and

communication technologies, ICTs,

including Cyberthreats and cybercrime.

Information’s are stolen, manipulated,

destroyed, websites, targeted networks, and

code war (Cyber war) is taken places performed by Cybercriminals. All these are the misuse of

the Information communication technology.


PROBLEM DESCRIPTION

The use of technology in Tanzania is

growing faster compare to the past ten years

and the rate of crime committed with aid of

growing technology has increased as well.

These crimes are classified as Cybercrimes.

Majority of the people leaving in major city

like Dar-es-salaam make use of the internet

to exchange ideas, keep in touch with family

and friends, buying and selling products

(Online transactions) and accessing online

services. In other words the use of social

media, blogs, Portals, e-mails and other ICT

resources has grown in most cities in

Tanzania.

When we look at this ambiguity of the use

of technology, it’s easy to see the benefit of

using internet and technology at large to

bring the world together and make the life

easy; however there is increasing number of

individuals that misuse these ICTs to

perform bad acts which leads the increase of

cybercrimes in Tanzania.

Cybercrimes in Tanzania is committed with

two group of people one those who perform

the act without Knowledge of what they are

doing is wrong and there are those who

knows what they are doing but they are

determined to perform the act in the name of

distracting the country’s equilibrium in

different angles from destabilizing peace in

a country through a bad use of social media

and other communication media to stilling

money through Online transactions.

From 2010 there increasing of unauthorized

access to websites and networks in order to

steal sensitive information, destructing/

changing web contents and performing of

DoS attacks to some networks took a new

turn and this happen to be one of the

growing threat in cybercrime in Tanzania.


The Newspaper headline highlights the increase rate of theft through ATMs. It is

clearly stated that 700 Million TSH which is approximately to 437,500/= USD has

been stolen using fake ATM cards generated in Tanzania.

FACT ON CYBERCRIMES IN TANZANIA

Despite the fact that Cybercrimes are threatening the world due to some startling facts from the

2013 Internet Security Threat Report from ITU-IMPACT which state that; There was a 42%

increase in targeted attacks in 2012.The number of phishing sites spoofing social networking

sites increased 125% and web-based attacks increased 30%. In Tanzania, the increase of the

Cybercrime is rapidly growing.

Few years back, it was difficult to

experience the cases where individual made

use of technology to temper with ATM

machines in Tanzania. As the time goes on

the act is growing faster and the fear among

the ATM user has increased due to the fact

that each day Cybercriminal bring in new

techniques to steal money from ATMs.

This has been an increasing crime which is

then reported in Medias most of the time.

Here are some of the popular techniques

used by cybercriminals to steal money

through ATM in Tanzania.

Stealing of ATM card details, this is done

through many ways and one of the most

popular ways is social engineering (SE)

where by a criminal can easily gather


information through a technique called

fishing acting there is a way to make money

and end up cheating a victim by convincing

to provide details and eventually the details

might be used in a fake card to draw money

through ATM.

Similar case is when a criminal try to send

money to a victim so that the victims’ card

can be used to draw the stolen money from

other account through ATM. Both cases a

criminal state to a victim that he has money

and he has used the ATM and reach the limit

if possible he can transfer the money to a

victims Account so that to continue drawing

money. Victims with great heart not

knowing the cybercriminal was trying to

hide the track on his act by diverting the

crime to the innocent person (victim).

“A customer in Dodoma who was affected

by the cybercrime cited a foreign link in the

thefts, noting: “In the recent cyber thefts

from bank customers’ accounts in Dodoma

and Dar, the statement [showed it was] done

by International ATM card. Also, this

International ATM card was withdrawing

money to the tune of 438,618/72 while our

banks here in Tanzania limit each single

withdrawal to the maximum 400,000/-.” An

official from one of the largest bank in the

country admitted having trouble with

customers whose accounts were tempered

with.” – The Guardian newspaper, 2013.

At the same time, Cybercriminal, may use

“shoulder surfing” as another way of

obtaining card details “Password” after

obtaining the account number by looking

from the victims shoulder after creating

friendship that including transfer of money

to the account and sometime promise to give

some money as a way of saying thank you.

Card Skimming is another way where by

Cybercriminals in Tanzania use it to record

card detail using the devise called “Card

skimmer” which they normally place it right

over the card slot or over the keypad of the

ATM machine. The presence of the device is

usually camouflaged, leading the user to not

suspect the prevalence of any malicious

activity. Both the information of the

magnetic strip and the PIN number keyed in

the keypad are recorded. Using these

credentials, counterfeit cards are made and

the original card holder realizes the issue

only after a fraudulent transaction has been

made using his/her card.

Hate massages – With the aid of Mobile

phones (SMS) Blogs, Social media

(Facebook, Twitter and others) individuals

in Tanzania have been using them to spread

hate speech, unsafe contents that may

destruct the community especially the

young. This has been the major situations


where some are performing the act without

Knowledge of what they are doing is wrong

and can be classified as Cybercrime.

“Web Attacks” – Hacking websites is

another type of cybercrime that has stated

taking a very rapid turn in Tanzania.

Unauthorized access to website in Tanzania

has been popular these days where by Cyber

attackers, hacktivists, criminal elements and

nation states are today using the internet to

destabilize websites equilibriums by

performing DoS attack to deny and/or

disrupt access to information on website,

destroy information, steal information,

manipulate information, alter the context in

which the information is viewed, change the

perceptions of people towards the

information.

“The research I did in Tanzania By asking

few hackers / student who are into hacking

the response were “I’m just hacking for fun

or I love looking at people’s privacy and

some information when stolen from

sensitive websites can be sold in a good

price. This has been a disappointing

response but, yes we have those who

perform these act in Tanzania” – Yusuph

Kileo, 2013.

Cyber attackers exploit numerous

vulnerabilities in cyberspace to commit

these acts. The increasing complexity and

nature of these threats is becoming

increasingly difficult to manage.

Cybercriminals extend their wings to bank

accounts. Tanzanian banks just like many

other banks around the world have been

victims. During online transactions many

customers have experienced loss to their

accounts. Millions of dollars have been

stolen from banks, this has taken a new turn

and it’s hardly noticed since most banks do

not reveal the actual loss. “Due to an

increasing number of fraudulent transactions

we have made some changes to our

requirements at the airport for passengers

paying by credit card.”- Fast jet Tanzania,

2014.

Few years back, hacking to bank accounts

and stole money in Tanzania was not as

popular as it is today. Mostly are aware of

stilling money through ATMs and forget

there are those directly hack bank accounts

and steal money thought multiple accounts.

In Tanzania the most widely used technique

used on this is Phishing attacks. Many

victims have fallen in to fishing attacks

through mail accounts without realising it.

What is Phishing Attacks?

“Phishing involves sending an e-mail,

usually posing as a bank, credit-card

Company, or other financial organization.


The e-mail requests that the recipient

confirms banking information or reset

passwords or PIN numbers.” – Web

definition, 2013.

The user clicks the link in the e-mail and is

redirected to a fake website. The hacker is

then able to capture this information and use

it for financial gain or to perpetrate other

attacks. E-mails that claim the senders have

a great amount of money but need your help

getting it out of the country are examples of

phishing attacks. These attacks prey on the

common person and are aimed at getting

them to provide bank account access codes

or other confidential information to the

hacker.

“There is one woman in the region

(Kilimanjaro, Tanzania) who steals money

from Mobile Money agents and she is very

good at it. When she goes to the Agent

pretending she want to draw some money

after a while the agent will find all

his/money has gone after she left the place.

It hard to tell what she does but most of the

agent have confirmed that the criminal is the

same woman” – Unknown, 2013.

Transactions through Mobiles have growing

faster in Tanzania. Telecommunication

companies in Tanzania (Tigo, Vodacom,

Airtel and Zantel) have introduced Mobile

transactions. Some (Tigo, Vodacom)

extended their wings by linking these

transactions with banks (NMB, CRDB).

It has been very easy to transfer or receive

money through this mobile transactions

named as Tigo-pesa, M-pesa, Airtel-Money

and others and base on that note it has gain

popularity and it is growing very fast.

“There are some people, they call trough

Landline to some of business man here in

the region and tell them I’m having problem

with my car and I need them to send me

money through Tigo-Pesa. But then they call

on my mobile to confirm and I told them

there is no such thing I don’t have any

problem with money. Can you kindly advise

me what should I do and how should I know

these people Mr. Kileo?” – Regional

commander (Lindi) Tanzania, SACP G.

Mwakajinga, 2013 (with permission).

Cybercrime in relation to mobile

transactions has no difference. It has been

one of the major threats in a country. Apart

from Social engineering that mostly affects

agents there is another famous technique

named as “Card Swapping”. Some shared

stories on Mobile transaction cases shows

this type of technique is growing faster and

mostly of Tanzanian are unaware of it.


Something confusing about this, it hard to

recover the money since the transactions

always looks very genuine. Meaning, the

card used to draw the money is seen as from

the genuine user (the one owns the money).

In some cases, Cybercriminals use some

famous names in a country (Politicians,

Musicians or actors) and act as they

experience some problem and ask a victim

to use Mobile money to transfer cash. This

is happening to multiple users of mobile

transaction in a Tanzania.

When an individual tries to verify before

performing transaction through other

number (for those with more than one

number) mostly it appears to be unavailable

and when using use someone else close to

the person (Relative/ coworker) to verify the

issue will eventually reveal the number was

swapped by Cybercriminal as their way of

performing the crime since the person

belonging to the number is outside the

country at that time.


EFFECT OF CYBERCRIMES ON TOURISM IN

TANZANIA

In Tanzania tourism is highly contributing to

the economy of the country. Most of the

tourists are coming from foreign countries.

From booking of the hotel to the payment of

the services that expected to be provided

online transaction is widely used.

With the growing technology that allows

individual to perform online transactions

through internet to do all sort of payment

before visiting the country in name of

tourism also the rate of threats have

increase. The fear among the internet users

who perform their online payment before

visiting the country has grown.

This might affects the flow of individuals to

pay through online transaction and

eventually slows down the rate of tourist

visiting the country. The impact can’t be

measured easily of why tourist rate is seen to

be decreased but when a dipper investigation

is done It obvious that when an individual

once paid through online before visiting and

cybercriminals who use internet in a bad

manner manage to deviate the money

elsewhere which leads to the double

payment then next time the same tourist will

find a safer place else where that the

transaction can successfully done without

any further inconveniences.

Recently, one of the leading airlines that

believe to have cheap prices known as Fast

jet release information through its social

media to worn their customers who use

Credit cards as their means of payment may

fail to get boarding pass although they might


have the ticket with them paid with credit

card, the statement was released on 7 Feb

2014 and according to fast jet, they

mentioned they had to do it due to an

increasing number of fraudulent

transactions. Fast jet is one of the Airlines in

Tanzania which offers international flight

including South Africa and other

destination.

Base one this note the growing cybercrime

in a country may cause damages to the

tourism sector that contribute a lot to the

country economy. The need to mitigate

these risks is highly needed so that to

provide a safer environment for the tourist to

perform their online transactions without

fear of any double payments due to some

online transactions issues (cybercrimes).

RECOMMENDATIONS

Development of Legal Framework for

Cyber Security

Currently Tanzania does not have a Cyber

Law. It had been reported that the law is

under development and will be introduced

soon. The current situation is handled using

the available laws including the Electronic

Evidence Act, 2007. However, the laws are

not adequate to provide a comprehensive

guidance and an oversight on cyber issues. It

is therefore relevant to recommend that the

Government and other relevant stakeholders

fast track the development and enactment a


legal that for the Tanzanian business

environment.

Enhance Stakeholder Collaboration

Issues regarding cyber security are many

and varied. Although the government should

be the leading stakeholder on cyber security

initiatives, it is imperative that other

stakeholders are also involved. Examples of

such stakeholders are the academia, research

and Development (R&D) institutions,

security organs (the army-JWTZ, police

force, and prison services, and TISS),

telecommunication operators, media, the

Parliament, and not-for-profit organizations.

These stakeholders have the potential to

greatly contribute into a robust cyber

protection in Tanzania.

Raise end user Awareness

People are the weakest point in the network

of cyber protection. For instance, highly

skilled professionals can pose substantial

cyber threats (e.g. creating and distributing

malicious codes and hacking). Further, users

with low awareness and skills on

cybersecurity can provide serious

vulnerability threats (e.g. ignoring data

protection, compromising access

credentials). It is therefore imperative that

deliberate efforts are made to sensitize, raise

awareness, and impart skills on cyber

protection. Otherwise, cyber protection

efforts may have limited success.

Build Institutional Capacity for Cyber

Safety

In Tanzania, ICT initiatives are undertaken

mainly at institutional level. The main

explanation to this is that, each organization

has its own mandate, business environment,

budget and plans. Further, the organizations

operate as a network. ICT initiatives are

therefore implemented to facilitate this

environment. However, this situation has an

implication on the national cyber safety.

Organizations with low cyber protection

preparedness may pose serious cyber holed

in the network. It is therefore imperative that

efforts are made to ensure that national level

standards are developed and institutions

foster and are facilitated to build capacity to

respond and address cybersecurity issues in

the country.

Forge international Cooperation in Cyber

Security

Tanzania has various international

cooperation in different social-economic

aspects. This should be extended to Cyber

Security as well. This is particularly

important because cybercrimes can happen


or originate from anywhere in the world and

still Tanzania become a victim. It is

therefore imperative that Tanzania forge an

international cooperation in addressing and

responding cyber security issues. This will

facilitate enhancement of knowledge, skills,

and preparedness on cyber security.

Promote Research and Knowledge

Management in Cyber Security

Research and knowledge management are

key elements for sustainable cyber security.

In Tanzania limited information is available

regarding research and knowledge

management on cyber security. This

indicates that decisions regarding cyber

security are inadequately informed. It is

therefore imperative that research on and

knowledge management is given an utmost

emphasis. This is particularly so in higher

learning and research institutions. Otherwise

little will be achieved on creating a secure

cyber Tanzania.

INITIATIVES

The struggle to the fight against cybercrime

in Tanzania has started to take a new

picture. From Tanzania Police force through

its sub Unit under forensics bureau called

cybercrime unit, TCRA and other few

sectors have shown the progress on the fight

against cybercrime. This pepper will focus

on TPF and TCRA initiatives on cybercrime

in Tanzania.

Starting with TCRA, as the government

agency that is responsible to communication

regulatory it has played a significant role on


reducing several cybercrime through its

campaigns such as “FUTA DELETE

KABISA” meaning delete which is

intended to encourage citizen in Tanzania

not to spread hate speech through blogs,

social media and short massages (SMS).

As stated earlier, one of the growing

cybercrime in Tanzania is the use of social

Medias to spread hate speech that may result

to destabilize the equilibrium of the country.

It has seen in other countries how social

media and short massages that have been

spread through mobile contribute to the fight

in Libya, Tunisia and other places.

The theme “Futa Delete kabisa” highly

targeted those who receive any hate speech

or sees post on social media that may

destabilize the country’s equilibrium to

delete them and not forward them to others

or share them with others. The effectiveness

of this “futa delete kabisa” campaign may

not be seen taking effect now but, the

success of the campaign can be measured by

looking at the decreasing rate of those who

were doing the act without knowing the

impact.

Police force on this campaign plays a major

role, the warning to those who will disobey

what TCRA introduced intentionally by

announcing to take action by catching them

and punish accordingly has also extend the

impact of reducing the crime in Tanzania

although, there are those who are still

performing the act so far.

Another TCRA initiative to reduce

cybercrime in Tanzania is an introduction of

mobile registration which was never before.

This campaign target to reduce cybercrimes

committed using mobile phones.

One of the fast growing cybercrime in

Tanzania is money theft through mobile

phone. In section 3 discussion of how these

crimes are committed is well explained. In

brief, money transfer through mobiles

phones as the service provided with both

banks and Telecommunication Company in

Tanzania is mostly easiest way where by

almost all those who possess mobile phones

are using this service. Again the threat of

losing money has rapidly growing.

Initially it was difficult to track the criminals

but with the initiative from TCRA to ask all

telecommunication companies in Tanzania

to make sure each mobile phone user is

registered with the valid ID has helped the

capture of the criminals and enhance the

reduction of those who perform the crime.

Again police force played again the major

role to this by making sure the rules are


followed. The crosschecking of the activities

done by telecommunication companies if

they actually do the registration effectively

as they supposed to do and close down the

vulnerabilities that was initially seen

growing wings where by the registration was

performed without attention of the validity

of the user registering the mobile number.

BOT, in regarding to the fight against

cybercrime has initiated the move to reduce

ATM crimes. In section 3, detailed

information on how ATM crime in Tanzania

has been discussed. It one of the other fast

growing crime in Tanzania which affects

dozens of people every day.

In 2013, local Tanzanian newspaper named

Mwananchi reported “BOT has asked all

banks in a country to insert electronic chip

to all ATM cards so that to reduce money

theft through ATMs” – Prof. Benno Ndullu

(Governor, BOT), 2013. This was the result

of multiple reports regarding the highly

growing of the crime in a country.

TPF is another area that contributes on the

fight against cybercrimes in Tanzania. IGP

Mwema through a police reform has

extended the use of ICT within the force and

extend wing to the formation of the sub unit

named Cybercrime unit under forensics

bureau through its sub unit named

Cybercrime Unit.

Cybercrime unit responsible to ensure rules

and regulations related to cyber issues in

Tanzania are well observed. Forensics

investigation of cybercrime cases is also a

key responsibility of the Unit. In regard to

the fight against cybercrime, the unit has a

significant role to play and to mobilize the

society to understand the need to remain

safe when it comes to cybercrimes.

To do these tasks a good number of

initiatives have taken places. These

initiatives includes training the cybercrime

personnel, conducting cyber events, building

up forensics LAB that provides a best

environment to perform cybercrime

investigations and to teach/provide

knowledge to the societies in Tanzania.

Documents

The Fight Against Cybercrime in Tanzania - Report