Cashgate: Wake-up call on cybercrime

The term “cybercrime” is used to refer to the convergence between crime and modern information and communication technology (ICT).

There are two broad types of cybercrimes: firstly, emerging crimes involving attack against ICT, for instance, hacking; and, secondly, ordinary crimes that are committed through ICT, for instance, a theft committed through an electronic transfer of money.

In short, ICT has resulted in both new crimes, as well as new ways of committing old crimes.

The infamous Cashgate scandal represents the latter. A salient feature of Cashgate is that it involves a manipulation of an online government payment system–the Integrated Financial Management and Information System–to commit theft at the grandest scale. Cashgate represents a perfect marriage between crime and ICT.

But, almost a year after the scandal exploded, what lessons can be learned? From a criminal law perspective, there are a number of important lessons to be drawn from Cashgate and the subsequent criminal justice processes to detect, prosecute and punish those responsible. Limitations of space can only allow an overview of a few of these.

Firstly, the scandal has confirmed that cybercrime—i.e. the use of ICT to commit ordinary crimes like theft—is no longer the exclusive problem for developed and technologically-dependent countries. Even developing countries such as Malawi, with their limited technology use, are also at greater risk.

This confirmation should be worrisome to everyone, particularly as the country adopts such technological innovations as Internet banking and mobile banking. We must all be alive to the reality that there is always a dark underside of technology, one of which is that criminals may exploit weaknesses in these technologies to commit crimes.

The second lesson relates to the weaknesses and unpreparedness of our criminal laws and criminal justice system to handle crimes committed with the aid of ICTs Almost a year after the scandal broke out, the country has managed to complete only one case, and where the convict actually pleaded guilty. The rest of the ongoing prosecutions are bogged down in complex technicalities and legalities. Except for those cases where the suspect will plead guilty, most of these prosecutions will drag on for years to come.

One of the reasons for this is the lack of capacity of our criminal laws, criminal justice system and institutions to handle the complex legal and technical issues that cybercrime presents. It is high time the country did a stocktaking of its criminal laws and criminal justice system, focusing on its preparedness to handle the complexities of cybercrime.

Thirdly, there is the overarching issue of cyber security in the country. A country cannot effectively fight cybercrime without addressing the broader issue of cybersecurity. Cybercrime and cybersecurity are two sides of the same coin.

Hence, efforts to fight cybercrime must be linked to the broader national strategy on cybersecurity. This requires bringing together different stakeholders—both public and private—and facilitating broader cooperation between these stakeholders. We should be developing a cybersecurity strategy by now.

The fourth lesson is about awareness. Security in general, and fighting crime in particular, requires public awareness. The same is the case with cybersecurity and cybercrime. The country needs to raise awareness on issues of cybersecurity as well as the dangers of cybercrime. Education and training are indispensable here. The need for such awareness does not only apply to formal public and private sectors but extends to the public of computer users.

The last lesson is the need for greater public and private cooperation. Cashgate represents a monumental failure on the part of both the public sector as well as the private sector, particularly the banks that were used as conduits of the stolen money. Some of the transactions were palpably suspicious and it is a shame that the banks failed to raise the alarm.

The need for such cooperation extends to the investigation and prosecution of cybercrime cases. Much of the Internet infrastructure is owned and managed by the private sector, particularly telecommunication companies and Internet service providers. You cannot effectively prosecute a cybercrime without their cooperation.

All in all, Cashgate should be a wake-up call to everyone about the dangers of cybercrime.

The author is a law lecturer at Chancellor College.