APPROACH TO HACKING IN CAMEROON: OVERVIEW AND MITIGATION TECHNIQUES_

Wilfred Che Niba, ICT UNIVERSITY YAOUNDE, CAMEROON email:wilfredche.niba@ictuniversity.org

Abstract

This research aims to explore how hacking influences in Cameroon and possibilities of it being mitigated.
Data has been collected from different sources ranging from digital sources, Newspapers, interviews to help
elucidate this topic that is catching more and more attention and merits to be given the treatment that it needs and
even the media attention it requires.
Hacking is just like cancer that has very dangerous effects on society. Today in this modern world, where measures
have been taken to improve the security level in the distributed systems hackers have found a way to crack into
systems and take away information.
In this paper, I will explain a few aspects of hacking and a few techniques through which we can mitigate this.
This paper also gives you insight into how important information security is and how to prevent hackers from
stealing away very confidential information. Measures are to be taken to remove these possibilities.
We will be getting through the entire journal the definition of hacking, types of hackers, the procedures used, how
to mitigate hacking.
The data collected shows the challenges of hacking and how these challenges can be mitigated.
. The results also show how hacking can cause damages and how the Cameroonian Government is trying to fight
it.
Hackers look for ways to get into government confidential files, personal banking details, steal away their money
from the banks, and implant a Trojan or virus into different computers to make them vulnerable to work. In this
paper, I have thrown some light on hackers, skills, their perspective, their targets and mitigation techniques.

LITERATURE REVIEW

Hacking according to oxford dictionary means to “gain unauthorized access (to data in a computer)”.
Hacking is not limited to accessing data or information but also includes an attack on the privacy of all people
Almost all different opinions agree on the illegality of hacking.

It is clear from the definitions mentioned above that there is a controversy that encounters the judgment and
definition of hacking, controversy aroused because it’s hard to decide exactly what the aim is behind hacking or
how to know the mentality of the hacker. That’s why the ethics and motivation of hackers should be paid attention
and discussed, then understanding and combating the hacker will be much easier.

OVERVIEW OF HACKING
The challenging part of the hacker’s personality is the biggest motivation; this means that the hacker feels the joy
and excitement when hacking systems that are provided with the almost perfect security tools. One of the main
reasons for hacking is the excitement hackers have in breaking the law, to find easy access to earn money by
hacking crucial information of the customers.

What is Hacking?
Hacking is identifying weaknesses in computer systems or networks and then exploiting these weaknesses to gain
access.
Computers have become mandatory to run a successful business. It is not enough to have isolated computers
systems; they need to be networked to facilitate communication with external businesses. This exposes them to
the outside world and hacking.
Types of hacking
Password Hacking: where Hackers find a way to illegally hack into the passwords of users of a computer system
to gain access.

Network intrusions: Malicious Trojan, worms and viruses can be used to gain access into the information systems.

Viruses: Viruses, Trojan horses and worm cause the computers to become more vulnerable and susceptible to
hardware damage.

IP address spoofing: Disguising the IP address and using that to gain illegal access into countries most
confidential files.

Phishing: This implies replicating an original website so that the unsuspecting user enters the information like
account password, credit card details, which the hacker seizes and misuses. The banking websites are the frequent
target for this.

DNS spoofing: This uses the cache data of a website or domain that the user might have forgotten about. It then
directs the data to another malicious website

Keylogger: A keylogger is a simple software that records the key sequence and strokes of your keyboard into a
log file on your machine. These log files might even contain your email IDs and passwords and can be transferred
to the hacker who will later use it for hacking your system.

Denial of Service (DoS\DDoS): A Denial of Service attack is a hacking technique of taking down a site or server
by flooding that site or server with a huge amount of traffic so that the server is unable to process all the requests
in real-time and finally crashes down.

Fake WAP: A hacker use software to fake a wireless access point. This WAP connects to the official public place
WAP. Once you get connected to the fake WAP, a hacker can access your data,

Cookie Theft: The cookies in our browser store personal data such as browsing history, username, and passwords
for different sites we access. Once the hacker gets the access to your cookie, he can even authenticate himself as
you on a browser.

Bait and Switch: an attacker buy’s advertising space on a website. Later, when a user clicks on the advert, he
might get directed to a page that’s infected with malware. This way, they can further install malware or adware on
your computer.

Ethical Hacking
Ethical Hacking is identifying weaknesses in computer systems and/or computer networks and coming with
countermeasures that correct the weaknesses. Ethical hackers must abide by the following rules. Get written
permission from the owner of the computer system and/or computer network before hacking. Protect the privacy
of the organization being hacked. Transparently report all the identified weaknesses in the computer system to the
organization. Inform hardware and software vendors of the identified weaknesses. Ethical Hacking is legal if the
hacker abides by the rules stipulated by the definition of ethical hacking.
To operate effectively, the ethical hacker must be informed of the assets that should be protected, potential threat
sources, and the extent to which the organization will support the ethical hacker’s efforts
TYPES OF HACKERS

1. White Hat Hacker

white hat hackers or ethical hackers are the people who test existing information system infrastructures to research
loopholes in the system. They create algorithms and perform multiple methodologies to break into systems, with
the sole aim of strengthening them.

2. Black Hat Hacker

These guys break into systems purely with negative intentions. From stealing credit card information to altering
public databases, a black hat hacker looks to gain fame or monetary benefits from exploiting the loopholes in
computer systems.

3. Grey Hat Hacker

A grey hat hacker usually has mixed intentions. As the colour code implies, this hacker type does not have the
good intentions of a white hat hacker, nor does he have the ill intentions of a black hacker. A grey hat would break
into systems but never for his benefit. Famous grey hat hackers have exploited systems only to make the
information public, and to bring to limelight vast datasets of information that contains wrongdoings.

4. Script Kiddie
The kids of the hacking realm, this hacker type isn’t responsible for a lot of damage, particularly because of the
little skill or effort they put into their hacking. They will Download hacking software or pre-written scripts, and
run a website against this software and disrupt it’s working.

5. Suicide Hacker
Similarly, a suicide hacker would know that his identity would be revealed, or he would be caught but proceeds to
carry out a hacking attempt nonetheless. This could be either for money, for fame or even forceful, just like a
suicide bomber.

6. A Hacktivist
Just like a group of protesters in the real world stir up attention by marching on the streets, the hacktivist type of
hacker would break into systems and infrastructures to ask for attention towards social causes. Hacktivism includes
defacing websites and uploading promotional material so that the viewers would receive info based on hackers’
intention.

7. Red Hat Hacker

The red hat hacker acts ruthlessly towards Black Hat Hackers. Their sole objective is to destroy the effort of every
black hacker type and to bring their entire infrastructure down. A red hat hacker would be on the lookout for a
black hat hack, intercept it and hack into the black hat hacker’s system. Not only would this halt the attack, but
also push the black hat hacker out of business!

8. Blue Hat Hacker

A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system before
its launch. They look for loopholes that can be exploited and try to close these gaps. Microsoft highly uses them.

9. Green Hat Hacker

This type of hacker is the one who learns in the world of hacking. A green hat hacker is usually responsible for no
real activity but is easily recognizable for his intent to learn and understand how it all works. Green Hat Hackers
are often part of large learning communities online, where they watch videos and tutorials on how to make it big.
10. Social Media Hacker.
As its name implies they focus on hacking social media accounts by using various techniques. This hacker type
is similar to black hat hacker for their criminal intentions, data theft.
11 State/Nation Sponsored Hackers: State or Nation sponsored hackers are those who are appointed by the
government to provide them cybersecurity and to gain confidential information from other countries to stay at the
top or to avoid any kind of danger to the country. They are highly paid government workers.

HACKING IN THE CAMEROON CONTEXT

Skimming, hacking, “SIM box” fraud, defacement amongst others are the different tactics through which the
phenomenon is manifested with banks, telecom companies and other State institutions mostly hit in Cameroon.
Cameroon is using the digital economy as the new gold-mine to trigger economic growth and job creation but the
growing rate of cyber criminality is a veritable menace to the digital economy drive.
Cameroon is ranked third after Nigeria and Ghana in terms of countries worst hit by cyber criminality.
last year local banks lost at least FCFA3.5 billion through acts of skimming.

Skimming consists of criminals hacking magnetic cards with special devices inserted in automated teller machines.
Apart from skimming, “SIM box” fraud appears to be a more dangerous method as it targets telecom companies.

A SIM box is a device that enables people abroad to place calls at local tariffs, causing huge financial losses to
companies as well as the State treasury. The illicit activity cost local telephone companies FCFA38 billion and the
State FCFA4billion between 2011 and 2015.
The Chief Executive of MTN Cameroon said fraudsters diverted “close to 60 million minutes” of international call
traffic through SIM box fraud during the period.

Hacking in Cameroon also manifests itself through “web defacement”, whereby criminals change the interface of
a website, fake profiles on social networks, and hack into e-mails of enterprises and individuals. ANTIC reveals
that 17-web defacement were detected in websites of ministries in the last five years with 3000 vulnerabilities
discovered during security audits.

Statistics from the regulatory agency also show that some 62 identification requests related to cybercrimes
originating from Cameroon and targeting foreigners were referred to ANTIC specialised services by International
Police (Interpol).

The Cameroonian regulation is still incomplete as far as cyber criminality is concerned. Indeed, ANTIC still has
no authority to sanction though it is in charge of regulating the sector. There is also no legal data protection
framework.
At least 20 government establishments, including the National Assembly and the Cameroon Radio Television, had
fallen prey to "web defacement" fraud.

ANTIC even reminds that over 90% of software and operating systems used in Cameroon are hacked.
Moreover, it is common for email addresses and social media accounts to be hacked, even those belonging to
government members. Telephone calls fraud is also rampant in Cameroon.

Combating Hacking (cybercrime) in Cameroon

The government of Cameroon in its campaign to combat computer crimes & security threats promulgated the law
on cybersecurity and cyber criminality in 2010.
Internet extortion in Cameroon takes the form of; phishing (theft of identity), theft of bank cards, cyber
pornography, scams, software piercing, sales frauds & forgery data & airtime, charity fund, hacking and theft of
network service.
It has been identified that cyber terrorism, internet fraud, spying, defrauding, intrusion, phishing, spamming,
viruses, malware, piracy etc. as some of the menaces inherent to the cyberspace in Cameroon.
 Cameroon is currently experiencing rapid growth of e-services (e-Government and e-Commerce related services)
development, Internet usage increase and high penetration of mobile services.

Analysis of the Impact of hacking in Cameroon

1. FCFA 3 billion lost by banks in 2015 due to skimming (ANTIC: 2015). Skimming is the act of hacking
magnetic cards with special devices inserted in automatic bank teller machines.
2. Increase in simboxes: A device, which enables people abroad to place calls at local tariffs, causing huge
financial losses to companies as well as the Treasury. Four telecom operators lost over CFA 18 billion and
the state lost CFA 4 billion, due to the simbox fraud in 2015(ANTIC:2015)
3. Close to 90% of the software and operating systems used in Cameroon are hacked.
4. Government prioritizing capacity building in other to empower people to master the tools and solutions
available to combat cybercrimes
5. Industries and government are progressively providing lots of services online, and the need to address
security issues is important.
6. The survival of Cameroon's digital economy depends on good cybersecurity
7. Certification: Cameroon does not have any officially approved national (and sector-specific) cybersecurity
frameworks for the certification and accreditation of national agencies and public sector professionals.
(data source: United Nations Statistics Division, December 2012) Agency Certification:
8. Cameroon does not have any certified government and public sector agencies certified under
internationally recognized standards in cybersecurity.
9. Foreign Aid: In 2011, Antic became a member of the ITU-IMPACT, an international multilateral
partnership against cyber threats that offers high-level training programs to help partner countries
(Cameroon inclusive) to fight and prevent the scourge.

Cameroon, which is among the countries worst affected by cybercrime in Africa, is facing a dilemma as it adopts
measures to address the crisis.
The country plans to upskill professionals and youth with technology expertise to thwart cybercriminals but there
are fears they could backfire as the beneficiaries could use the skills attained to commit similar acts, hence worsen
the problem.
Owing to the prevalence of these crimes that involve the use of computer networks or devices to commit fraud and
identity theft, there is this vision of training a new generation of policemen who would be able to monitor the
Cameroon cyberspace and keep the criminals at bay.

. Last year, a Centre for Digital Forensic and Cyber Security was set up under the University of Buea in partnership
with the Cameroon Ministry of Posts and Telecommunications and the University of Bloomsburg in the US.

Experts from multiple cyber-security firms pointed out that the reasons banks are targeted in these regions are
because there's a high chance that not all invested in their IT infrastructure and cyber-security measures.
A poorly designed and unsupervised network makes attacks easier to carry out and hacks easier to hide for long
periods, compared to an attack aimed at banks located in Western Europe or North America.

Cameroon is one among many Central African states that are experiencing an upsurge in Cyber criminality.

Cybercriminals generally use fake identities to commit heinous crimes such as hacking and scamming, which are
very rampant in towns like Buea, Bamenda, Douala, Yaounde and other major metropolitan towns in Cameroon.

Cameroon has adopted over the last few years several specific laws focused on cybercrime. Besides, Cameroon
has established a national Computer Emergency Response Team (www.cirt.antic.
cm) to handle incidents related to cyber threats. Cameroon has a state agency known as the ANTIC
National Agency of Information and Communication Technologies, which coordinates with Information
Communication Technology (ICT) security. One of ANTIC’s primary functions is to help raise cyber
Threat awareness and strengthen the overall technical capacity to deter cybercrime and enhance cybersecurity.

There are several challenges that the Government of Cameroon is facing, including enhancing international,
national, and intra-agency cooperation as well as public-private partnerships.

Cameroon maintains a division, which is specially tasked to investigate cybercrimes within the Ministry of Posts
and Telecommunications. Authorities have established mechanisms, procedures, and
Policies for responding to cyber incidents and the government assigns their CERT with national-level
responsibilities.

Cameroon is still developing a national cyber strategy to help guide and coordinate cybersecurity efforts. The main
pillars of the national strategy will be cybersecurity awareness, security auditing, and the maintaining of electronic
certificates. The national strategy will also be very helpful in improving cyber resilience and help drive awareness
initiatives.
While Cameroon does not currently have personal data protection laws on the books, they are currently considering
legislation.

Some of the main challenges that the Government of Cameroon has faced in the process of implementing their
cybersecurity strategy are budgetary constraints and the coordination of multinational
actors (including experts, civil society, and the private sector).

Cameroon has a national cybersecurity awareness campaign and it is referred to as the National Target Awareness
Seminar. This campaign is aimed at the public to help raise overall cybersecurity awareness.
Today, the Government of Cameroon works with civil society organizations and NGOs to educate the population
and raise awareness to mitigate cyber risks.

Universities and academic institutions in Cameroon maintain several cybersecurity degree programs that the
government has established. A good example of such a university where information systems security programs
have been introduced and are effective is the ICT University of Yaoundé.

The current implementation of Domain Name System Security Extensions (DNSSEC) will allow, among other
things, the strengthening of the security of “.cm”, by guaranteeing the authenticity and integrity of the transactions
related to the resolution of domain names in “.cm” and prevent spoofing of domain names in “.cm”.

The development of a repository containing good safety practices to be followed for the implementation and
deployment of a secure website, monitoring of websites “.cm” which aims to detect websites engaged in illegal
activity and block. There has been a drop in illicit cyber activities since the new policies have been implemented.

The Government of Cameroon works with several private sector partners on cybersecurity-related issues and has
been able to establish fruitful working relationships with other countries when managing and responding to cyber
threats. This has been the case particularly with the Czech Republic, INTERPOL, and Nigeria in the context of
digital investigations.

Today Cameroon authorities promote confidence-building measures (CBM) and international cooperation
agreements in cyberspace by exchanging information on cyber incidents and best practices for cybersecurity.
CONSEQUENCES OF HACKING

Loss of Information
Hacking often results in a loss of data due to files being deleted or changed. Customer information and order
information can be stolen and deleted, or a leak of top-secret information could cause real-world security issues.
Decreased Privacy
When hackers gain access to your computer, they can see everything. Since much of the personal, professional
and financial parts of our lives have moved online, we risk losing much more than money or information. Because
of the Internet, privacy is limited, usually by choice.

Damaged Reputation
Companies that get hacked have a bigger problem than just paying for the initial damage costs and lawsuits.
Reputation damage can be devastating to a company's fortunes. If a bank has been compromised multiple times,
customers are less likely to give them their personal information or even accord them credibility.
The need for ethical hackers is one that is under-appreciated but is essential for technological advancements.

HACKING MITIGATION TECHNIQUES ON A GLOBAL SCOPE

There is no way to make your personal computer completely impenetrable to a cyberattack. Even a corporate
enterprise system with a full-time computer security team cannot guarantee this. Luckily, the harder you make it
for hackers to break into your system, the less likely they are to devote the time and effort to try. The list below is
composed of steps you can take and should keep your system safe from almost all security threats:

Ø Install or Update Antivirus Software. If it has capabilities to let you surf the web safely or protect your identity
online, turn these options on.

Ø Secure Your Home Network. Make sure it is password-protected and be certain to set up a firewall to keep out
intruders. Many routers come with pre-installed firewalls.

Ø Update Your Software. This fixes known security holes. Your operating system and web browser should be
updated as often as possible.

Ø Download Only From Trusted Sources. Even if the site administrator is trustworthy, without proper security
measures in place the site might be compromised.

Ø Be Vigilant With Email Attachments. These are a favourite with hackers. Be careful what you click on, even
if the email says it’s from the government or your bank.

Ø Never Visit Questionable Sites. If you’re not sure whether a website is secure, verify it first with online site
checking services such as Norton Safe Web.

Ø Maintain Your Passwords. Create passwords that are difficult to guess, change them regularly, and never use
the same one for multiple sites.

Ø Try Not to Use Free WiFi. When using a WiFi connection at your local café, always assume someone is
eavesdropping on your connection and take the appropriate measures.

Ø Turn Off Your Computer. When not in use for long periods, turn off your computer. This is a surefire way to
protect your system against any intrusion.
Ø Create complex passwords. Your passwords to access your accounts on apps or websites should consist of a
combination of numbers, upper- and lower-case letters, and special characters that are difficult to guess.

Ø Use a password manager. Password managers store and auto-fill your credentials for different sites, allowing
you to create a complex and unique password for each site without having to worry about entering the password
itself more than once. While you should keep track of your passwords on your own as well, a password manager
will help make your device much more secure.

Ø Don't give out your password. This obvious piece of advice, but one bears revisiting.
Except for some school services, you should not ever have to provide a site administrator with your password for
them to access your account.

Ø Change your passwords often. In addition to keeping your password a secret, you should change the passwords
on your various accounts and devices at least once every six months.

Ø Use two-factor authentication. Two-factor authentication requires you to enter a code sent to you in a text
message or another service to access your account after you enter your user name and password. This makes it
more difficult for a hacker to access your information, even if they can crack your password.

Ø Read privacy policies carefully. Any company that has information from you must have a privacy policy that
details how they use that information and the extent to which they share it with others

Ø Log out of accounts when you are done with them. Simply closing the browser window is not always enough,
so make sure you click (or tap) on your account name and select Log Out (or Sign Out in some cases) to manually
sign out of your account and remove your login credentials from the site.

Ø Charge your phone on reliable USB ports. These include the ports on your computer and in your car (if
applicable). Public USB ports, like the ones you may see in a coffee shop, can compromise your information.

Ø Encrypt your hard drive. If your hard drive is encrypted, a hacker will be unable to read the data stored there,
even if they manage to gain access to your hard drive. While you've taken steps to prevent access, encryption is
another method of protecting your information.

Ø Back up your data frequently. Despite even the strictest security, it is still possible that your data will become
compromised. This may be the result of hacking, or simply computer failure. Backing up your data ensures you
do not lose anything.

Ø Avoid clicking suspicious links or responding to unknown emails. If you get an unsolicited email or an email
from a sender that you cannot verify, treat it as a hacking attempt.

Ø Use secured wireless networks. Secured networks require you to enter a password before you can connect to
them. In some locations (such as airports or coffee shops), you can request the password after purchasing an item.

Ø Keep personal information off social media. You may think you are just sharing with friends but revealing
too much about yourself and your life on social media can make you vulnerable to hackers. Share personal
information directly with people who need to know rather than openly posting on social media.

Ø Virtual Private Networks secure your online activity by routing your traffic through their servers. This both
hides your identity, as the VPN accesses websites on your behalf, and secures your connection, as VPNs encrypt
the data between you and their servers.
CONCLUSION AND RECOMMENDATIONS

From all that has been said above, the information security landscape in Cameroon is not exempt from attacks and
so information security must be put at the heart of every IT infrastructure
The government, corporations and individuals will have to give the attention the information security domain
deserves.

Those having IT infrastructure will have to invest more in cybersecurity to mitigate these dangers that are posed
today by these hackers who will stop at nothing to illegally steal information that is poorly protected.
Hacking techniques are becoming more sophisticated as the days go by and so to be able to contain these hackers
and their malicious acts.it will be important that the ETHICAL HACKERS be trained so that they can be opposed
to the spread of this act from these people of the Digital underworld.
Security awareness becomes mandatory if we have to be able to contain these cyber terrorists.

REFERENCES

ETHICAL HACKING: PROCEDURES, INTRUSION AND PENETRATION by WILFRED CHE NIBA

http://nkbbless-com.over-blog.com/2015/12/atm-card-hackers-in-douala-police-dragnet.html
https://www.whitehatsec.com/trending/content/how-beat-hackers-their-own-game-think-hacker
https://www.kinsmenadvocates.services/combatig-cybercrimes-in-cameroon/
www.antic.cm
https://www.cameroonbusinesstoday.cm/articles/1285/fr/cyber-criminality-a-growing-threat-to-digital-economy
https://gbhackers.com/8-common-hacking-techniques/
https://www.rapid7.com/fundamentals/types-of-attacks/
https://www.digitalbusiness.africa/cameroun-premiere-cible-des-hackers-en-afrique-francophone/
https://www.npr.org/sections/alltechconsidered/2012/08/10/158505688/simple-ways-to-avoid-being-hacked
https://www.guru99.com/what-is-hacking-an-introduction.html
https://www.geeksforgeeks.org/types-of-hackers/
https://www.webroot.com/gb/en/resources/tips-articles/computer-security-threats-hackers
https://www.malwarebytes.com/hacker/
https://antivirus.comodo.com/blog/comodo-news/what-is-computer-hacking-and-its-prevention/
https://hackernoon.com/what-is-hacking-common-objectives-types-and-how-to-guard-against-it-ab99897ff00b
https://www.scientificamerican.com/article/how-do-computer-hackers-g/
https://www.echosec.net/blog/what-is-hacking-how-does-it-work
https://fossbytes.com/hacking-techniques/
https://www.bridewellconsulting.com/different-types-of-hackers-and-what-they-mean-for-your-business
https://cobweb-security.com/security_lessons/8-common-website-hacking-techniques-know/
https://blog.eccouncil.org
https://www.malcare.com/blog/website-hacking-techniques/
https://www.moneycrashers.com/computer-hacking-methods-examples-cyber-criminals/
https://blog.finjan.com/9-common-hacking-techniques-and-how-to-deal-with-them/
https://cameroonpostline.com/ub-govt-strategise-to-preempt-cyber-crimes/
https://erjjiostudios.com/security/5-easy-solutions-prevent-website-hacking-attacks/
https://www.thehaguesecuritydelta.com/media/com_hsd/report/135/document/Cyber-security-trends-report-
Africa-en.pdf
https://www.ukessays.com/essays/computer-science/the-problems-and-solution-of-hacking-computer-science-
essay.php
https://www.wikihow.com/Prevent-Hacking
https://www.nytimes.com/2017/08/02/technology/a-solution-to-hackers-more-hackers.html
https://www.savethestudent.org/extra-guides/32-ways-avoid-cyber-hacked.html
https://www.complex.com/life/2018/11/how-to-avoid-getting-hacked/encryption-software
https://www.inc.com/jon-levy/6-expert-tips-to-avoid-getting-hacked.html