Censorship chief escapes lynching for soliciting sex from minor

The director general of the Kano State Film and Censorship Board, Abubakar Rabo Abdulkarim, was nearly lynched over the weekend when a mob attacked him for soliciting sex from an under-aged girl.

Mr. Abdulkarim, the former Hisbah commander was trying to escape from a patrol team which had accosted him when they saw his car parked in a secluded environment - with a young girl inside - when he ran into a motorcyclist. Other members of the Okada union quickly surrounded him and he was only saved a lynching by the police who had been in pursuit of his car.

The censorship board, under his leadership, has waged a scorched earth campaign against actors, musicians and producers in the state for allegedly promoting immorality. As a result, many artistes fled the state and now ply their trade elsewhere..

Mr Abdulkarim, who insisted that the girl he was found with was his niece, said he was not having an affair with her. But when the former enforcer of Sharia law discovered he could not convince the contingent of policemen on night patrol on the propriety of having an under-aged girl in his car at such an odd hour, he panicked. The whole thing looked even more suspicious because for some curious reason he had parked behind a shopping complex along Maiduguri Road that night.

A police source said when the patrol team attempted to arrest Mr Abdulkarim he took flight in his car.

Double trouble

While trying to escape however, he knocked down an official of the Kano History and Culture Bureau who was riding on a motorcycle. This incurred the wrath of Okada riders, who thought that he had knocked down a member of their union and promptly proceeded to give him a thorough beating.

Ironically, it was the patrol team that he had been trying to avoid that finally came to his rescue, although by then the okada riders, who saw he had a girl with him, had damaged the car and were already on the verge of beating him to death.

He was later taken to the Hotoro police division where he was made to write down a statement.

Not a wayward one

When contacted, Mr Abdulkarim said members of the opposition Peoples Democratic Party, and film practitioners, were responsible for his ordeal.

The man, who has been having a running battle with film makers and writers in Kano in his attempt to force them to comply with the Sharia legal code, spoke to NEXT before he travelled to Saudi Arabia for the lesser hajj.

“The girl found in my car was my niece and not a wayward one as insinuated,” he insisted.

Spokesperson of the Kano State police command, Baba Mohammed, said he was not aware of the incident because he was in the hospital at the time. The police commissioner, Mohammed Gana also said he couldn’t speak on the matter because he just returned from Saudi Arabia. He however promised to find out the details from his men at the Hotoro Police Division.

The event was another opportunity for the crop of Globacom ambassadors to reaffirm their commitment to the company for endorsing them and for taking such a commendable step to
lift Nigeria’s entertainment industry to a higher pedestal. P-Square,
the newest addition to the list of Glo ambassadors, described the
endorsement as a welcome recognition of the group’s contribution to the
entertainment industry in Nigeria and indeed Africa, adding that this
would spur the duo to greater achievements in the music industry.

Stars whose contracts were renewed at the event included Rita Dominic, Ramsey Nouah, Desmond Elliot, Jim Iyke, Mike Ezuruonye, Nuhu Aliyu, Kate Henshaw-Nuttal and Ini Edo-Phillip Ehiagwina. Others were
Uche Jombo, Monalisa Chinda, Funke Akindele, Nonso Diobi, Sanni Denja and Mohammed Yakubu. Also on the bill were Pasuma Wonder, Original Stereoman (Ekwe), Ego Ogbaro, Sammie Okposo and ace comedian,Basketmouth.

A Federal High court sitting in Lagos set a N500 million bail on the former head of Intercontinental Bank who faces charges of mismanaging the lender in the run-up to last year's N620 billion sector-wide bailout.

The figure is five times the amount set for the heads of four other lenders rescued alongside Intercontinental.

Erastus Akingbola was sacked by the central bank a year ago along with the four other bank chiefs and charged with graft and money laundering in absentia after leaving for Britain, where he had remained until the start of this month.

The cases against the bank chiefs are seen as a litmus test of Nigeria's ability to prosecute influential figures accused of financial crimes. The country is regularly ranked one of the most corrupt in the world by transparency watchdogs.

Bail conditions included securing three guarantors who own properties in the commercial hub of Lagos with evidence of their tax clearance.

"I think the bail condition is fair having regards to the facts of the case," Rickey Tarfa, a lawyer for Akingbola told reporters outside the Federal High Court in Ikoyi.

The bail was set high because unlike other bank chiefs, Akingbola left the country after last year's bailout.

Tarfa said Akingbola would remain in the custody of the Economic and Financial Crimes Commission (EFCC) until the bail conditions were met.

The Federal Capital Territory Police Command on Saturday arrested two members of a gang that abducted Dr. Jhalil Tafawa-Balewa, son of the late prime minister of Nigeria, Abubakar Tafawa Balewa, who was kidnapped on Friday night at the business premises of his wife.

Tafawa-Balewa had gone to visit his wife in the Federal Capital Territory, when two men accosted him and took him away at gunpoint to a hideout in Mpampe area of the city.

He was taken to a hilly area where he managed to escape from his kidnappers. The gang was said to have demanded a N100m ransom from his family.

Photo:Late Father of the Victim

Tafawa-Balewa’s family and friends were already making arrangements to pay the sum to secure his release when he escaped from his kidnappers.

Briefing newsmen in Abuja on Sunday, the FCT Police Commissioner, John Haruna, explained that a suspected member of the gang, Adamu Adamu, who was arrested when he came to collect the ransom, led the police to their hideout where another suspect was apprehended.

He suffered gunshot wounds and was taken to the hospital for treatment. Two other suspects are being sought, he added.

Tafawa-Balewa stated that the gang took him away in a Honda car and seized his wallet and wristwatch. The car was recovered in Minna, Niger State where it was taken to after the operation.

Speaking with newsmen, Tafawa-Balewa said, “It was raining when they took me away, so I had no idea where they took me to. But I know that we ended up on a mountain. But when I got an opportunity to escape, I took it.

When I came out, I saw policemen searching everywhere, I didn’t know they were looking for me.”

The bot family, which has been dubbed "YoyoDDoS" after the hostname of one of its initial command-and-control (C&C)servers, was first detected in March. To date, Arbor Networks hasprocessed more than 70 variants from the family and identified at least34 C&C servers, all but three of which are located in China.

DDoS attacks use large numbers of compromised PCs to flood a targeted website withtraffic with the goal of knocking it offline. Out of the 180 YoyoDDoSattacks that have been identified, 126 of them targeted IP addresses inChina, while 32 targeted victims in the United States, nine in SouthKorea, and five in Germany.

Several different online merchants have been targeted, including sites selling auto parts and cosmetics,Edwards said. Several gaming and gambling sites also were attacked,along with a website-hosting provider, a music forum and a personalblog..

“It is not targeted at a specific industry,” said Edwards, a former FBI special agent assigned to the Detroit CybercrimeSquad. “Its more like a general tool, and if somebody wants to take asite down for a certain reason, a lot of time they use this YoyoDDos.”

The attacks typically last between a few hours to two days, he added.Several sites have been attacked continuously for 24 to 48 hours.

Researchers at Arbor Networks said they do not know how many computers have beeninfected with the bot malware, but they believe there are at least threeor four independent YoyoDDoS botnets being controlled by independentoperators.

If this is the case, the code to create the bot malware may be circulating in the cybercrminal underground, Edwards said.

The bot malware, which Edwards said is not especially sophisticated, couldmake its way onto a user's PC via malicious links or attachments inemails. After instillation, the bot connects to the C&C server andreports back details about the victim host, including the make, modeland speed of the processor and the operating system service pack level.Additionally, every time an infected computer is started, the malwaremakes contact with the C&C server.

The bot family uses four different types of DDoS attacks – HTTP, UDP, SYN and ICMP – all ofwhich flood a victim with different types of traffic, Edwards said. Ifan attack is launched with a certain type of traffic, and the victim hasa firewall or another security device that blocks it, another attackmode can be used.

“I do know that it is being actively used based on the number of attacks we are logging,” Edwards said. “We arestill logging attacks and finding [bot malware] specimens we haven'tseen.”

Geminoid F, the uncannily lifelike fembot we saw in April, is back in a new PR vid from Kokoro, a Tokyo-based entertainment company that collaborates with Osaka University'sHiroshi Ishiguro in the creation of androids both feminine and creepy.

Geminoid F was so named because it's a nearly exact replica of a human female model, seen here. In the new video, the robot calls itself "Actroid F," as it has joined the ranks of other Actroid robots produced by Kokoro.

The air servo-powered fembots can be rented for trade shows and other events. While Actroid F can move its eyes, mouth, head, and back, it can also act as a telepresence robot. Cameras and face-tracking software follow a remote operator so facial expressions and head movements are reproduced in the robot in a master-slave relationship via Internet link.

Actroid F has minimal servomotors to save on cost, and it can't walk. But Kokoro reportedly announced plans to sell 50 units to museums and hospitals for some $110,000 apiece, aiming for them to serve in roles such as receptionist, patient attendant, or guide. The company has said patients have reacted favorably in a hospital trial.

ATR Intelligent Robotics and Communication Laboratories, backed by the government, companies, and academia, also collaborated in Actroid F's development, one of many robot projects Japan has funded as it tries to develop next-generation machines to meet social needs..

How to make a crocodile smile: Swim in a pool full of deadly salties with just a perspex cage for protection

Tourists to this unusual theme park are sure to get some holiday snaps with a difference.

Inspired by the popularity of cage shark-diving, a tourist attraction has opened that allows adrenalin junkies the chance to swim with killer crocodiles.

And, as these incredible pictures show, participants can get up close and personal with one of the worlds deadliest creatures.

Definitely no running, ducking bombing or petting in this pool: Face to face with one of the 125 stone monsters

All that separates thrill-seekers from the huge saltwater crocodiles is a five-inch thick perspex box that has, we are assured, undergone 'extensive' safety testing.

Fearless participants climb into the clear container - nicknamed the Cage of Death - which is suspended on a monorail track that runs above four crocodile enclosures.

Two grated doors lock into position on the top of the 10ft tall box which is then lowered into the water and comes to rest 2ft beneath the surface.

To ensure that the paying customers get their money's worth, chunks of meat are tied to the bottom of the cage. The crocodiles instantly drawn to it when it enters the water.

The results vary from the crocs 'eye-balling' the swimmer, rubbing against the cage or going into a full on 'aggressive attack' against it.

Snappy snaps: Holiday photos from this resort will be just a little different

Customers pay about £100 to spend 20 minutes swimming alongside the crocs; the largest of the beasts measures a whopping 18ft and weighs over 125 stone,

One of the mighty reptiles at the Crocosaurus Cove park in Darwin, Australia, is named Burt. Film buffs might remember him from the first Crocodile Dundee movie - he's the one who nearly ate Linda Koslowski's character.

Sallie Gregory, spokeswoman for the park, said: 'Many people find the opportunity of getting to within a few inches from the jaws of these crocodiles exhilarating.'

'People often get activity ranging from an aggressive attack to a casual eye-balling and swim past where the crocs are so close that they rub against the cage.'

'Most of the women who take part say they are happy just to watch the crocodiles while guys tend to want the action and attack.'

Smile please: Two thrill-seeking tourists get up close and personal with one of the saltwater crocodiles at the Crocosaurus Cove park in Darwin, Australia

She added: 'One of our directors who has extensive experience with crocodiles wanted a concept that allowed people to get up close to these ultimate predators in a safe environment.'

'The cage runs on a overhead monorail system, suspended over the enclosures and is lowered into up to four separate enclosures as part of the 20 minute experience.'

'The perspex is about 135mm thick and extensive testing in both the manufacturing and the way the crocodiles would react to the cage were carried out prior to the testing team entering the cage.'

The 'Cage Of Death' has been extensively tested for safety. With one of these prehistoric killers just inches away, one might hope so..

'The top of the cage has two grated doors to stop anything entering the cage and a back up motor and separate chain operates to ensure that in the event of a malfunction, the cage can continue to operate.'

'The cage generally allows about two feet from the surface of the water though this can be adjusted if people are not strong swimmers and would prefer to keep their head above water.'

Among the crocodiles people can swim alongside are the mating pair of Houdini and Bess as well as Chopper, Denzel and of course movie star Burt.

But one of the most popular crocs is Wendell - he's the biggest and is named after muscular Australian rugby star Wendell Sailor.

Crocodile attacks in the wild are quite rare these days. However, during the Japanese army's retreat from Ramree Island in February 1945, saltwater crocodiles are thought to have been responsible for the deaths of 400 Japanese soldiers. .

British troops encircled the swampland through which the Japanese were retreating, resigning the Japanese to a night in a mangrove swamp which was home to thousands of saltwater crocodiles.

The Ramree crocodile attacks are listed as 'The Greatest Disaster Suffered from Animals' in The Guinness Book of Records

Saltwater crocodiles are the largest reptiles on the planet. Their main habitat is northern Australia and New Guinea, Indonesia and Borneo. They have been known to kill and eat horses, water buffalo, and even sharks as well as the occasional human.

To deal with a problem, the first thing we have to do is to understand the problem. This means that we have to be able to measure all meaningful aspects of the problem. If we consider the problem of online fraud, it is encouraging that there has been substantial progress in understanding phishing and how malware is used to steal credentials, documents and money. But, strikingly, almost nothing is known about Nigerian scams (also known as advance fee fraud and 419 scams - 419 is a section under the Nigerian Criminal Code Act that prohibits obtaining goods by false pretences). This makes it harder to defend against this increasingly common type of fraud, and almost impossible to predict the extent to which it may become worse onwards.

We designed and performed an experiment that allows us to take the pulse on Nigerian scammers. Are the scammers really from Nigeria, you may begin to ask? What do they want, and how do they get it? What are their strengths, what are their weaknesses? Are they at the peak of their success, or should we fear that they can become dramatically better at what they are doing? What can organizations do to secure themselves and their users?.

Here is the experiment in a nutshell. Imagine a camera that sells for $750 new, and I offer one for sale on Craigslist for $250. Only used for a few weeks, in perfect condition. Good deal, right? But what if I instead were to ask $750 (or more) for it used? Not so hot, you might say. It makes more sense for you to buy it in the store. You would not bother contacting me.

But fraudsters would.

They may contact me and ask to buy it - even at a premium. They will tell me where to ship it, and they will send me a payment. Or rather: something that looks like a payment to a would-be victim, who would not realize that it really was not a payment until after the camera was shipped.

We used the technique of offering too expensive merchandise to find fraudsters without bothering honest people. In fact, we used it to make the fraudsters find us, while avoiding everybody else. Then we acted as would-be victims, and paid attention to what happened.

Here are some of our findings:

Nigerian scams are aptly named. Indeed, almost all of the fraudsters we interacted with wanted us to ship our merchandise to an address in Nigeria. Knowing this may help a little in designing countermeasures, whether legal or technical.

Most Nigerian scammers "pay" using PayPal. Then they send an email that looks a lot like a PayPal payment notification. But, interestingly, they do not spoof emails. If they were, which would be very easy, they would no doubt increase their yield.

Some Nigerian scammers "pay" using Western Union. Then they send a confirmation code that lets the seller pick up the money - but with some digits starred out. "When you send me the tracking number, I will send you the missing part, and you can pick up the payment."

Some Nigerian scammers "pay" using Credit Cards. They request the victim's credit card details so that they can "transfer" the money to his or her account.

Nigerian scammers are bullies. As a would-be victim has agreed to sell, but then expresses second thoughts, the scammer becomes mean and threatening. He sends angry emails in all-caps; tells the would-be victim that he or she will be blacklisted or reported; he even sends a notification from a payment provider, stating that the would-be victim's account has been revoked. (This can only be undone by responding to the notification with your password.)

Nigerian scammers know what they want. They want fancy cameras, but do not care as much for laptops, and do not give a darn about refrigerators and other bulky electronic appliances. It makes sense: The merchandise needs to be shipped to them, and then be resold in Nigeria.

Knowing that the scammers remain in business, we can infer that they are reasonably successful. In fact, we see more and more Nigerian scams. So we can conclude that there are enough people who are not very careful, and that bullying them pays off. This is not about people lacking technological skills, it is about them not thinking critically. User awareness and education campaigns could change that.

Of course, Nigerian scams are not limited to Craigslist, nor to frauds in which they try to obtain people's cameras for free. Our experiment only gives us a glimpse at one particular type of scam at one particular point in time. But it gives us hope that it is possible to create a taxonomy of scams and scammers, and develop tools and campaigns that hurt their bottom line.

A distributed denial of service attack is every business’s worst nightmare. One minute, everything is ticking along as normal. The next, your infrastructure is hit by a tsunami of spurious traffic from across the Internet. Legitimate users find themselves locked out, your ability to do business online grinds to a halt, and there's not a great deal you can do about it – unless you prepare ahead of time.

Nowadays, it is frighteningly easy for attackers to execute a DDoS attack. Botnets comprised of thousands of compromised PCs can be rented cheaply, and software capable of automating attacks can be acquired readily on the underground market. Attacks peaking at tens of gigabits per second have been recorded, and the size of peak attacks grows each year.¹ A modest attack can be bought for less than a thousand dollars.² It’s also quite possible for your site to become collateral damage in an attack against a third party you know nothing about. Witness Twitter, one of the Internet's most highly trafficked sites, which found itself knocked offline for hours last August due to a politically motivated attack launched against a single user.³

While some evidence shows that massive brute force DDoS attacks are falling out of favor among financially motivated criminal enterprises, there are few signs of a decline in DDoS more generally.⁴ DDoS attacks are so hard to stop that it's not unheard of for some companies to surrender to extortion attempts, quietly handing their attackers tens or hundreds of thousands of dollars in protection money in order to make the problem go away.⁵

Short of paying out, it's extremely difficult to completely prevent a determined DDoS attack. But there are four general measures organizations can take, both during system design and live operation, to mitigate the risk of genuine users and customers suffering disruption during an attack. Successful defenses involve using all four techniques:

1. Over-provisioning

Many DDoS attacks are brute force in nature, and over-provisioning is a brute force defense. Your opponent simply needs to throw enough traffic at you to overwhelm your capacity. You can reduce his chances of success and limit the impact on your users by provisioning for far more traffic than you would expect to receive during normal operation. You do not necessarily need to provision for a 40Gbps attack – not all attackers have botnet arsenals that large – but you should aim to prepare for traffic many multiples of what you experience in normal operations..

Some people, when designing their networks, have a tendency to provision for their highest anticipated level of genuine traffic. An e-commerce site, for example, might provide enough capacity for a seasonal sales peak. This will rarely be sufficient to fend off a good-sized DDoS attack. If normal business means 60,000 visits per day, expect a DDoS attack to easily send that much traffic your way in ONE minute. That translates to 86 million “visits” in a single 24-hour attack. A site only provisioned for 60,000 visits will quickly fall to its knees.

A good rule of thumb when building out your hardware infrastructure is to provision for ten times normal peak traffic. Work out the most amount of traffic you've ever had, multiply it by ten, and deploy sufficient hardware to cope with at least that level of activity.

Similar rules apply to bandwidth, so you must ensure that your contract is flexible enough to permit traffic coming into your systems to “burst” to many times the normal volume. You don't want your connectivity provider to shut down all traffic to your site in order to prevent collateral damage to its other customers. Work out the largest amount of bandwidth your site has ever consumed under normal circumstances, then check that your contracts would allow a sustained burst of ten times that amount. Keep in mind that handling that much traffic will take a hefty bite out of your checkbook, too.

2. Remote/redundant monitoring

If up-time is important to you, chances are you already have systems in place to monitor the performance and availability of your site. But in-house monitoring systems can be of limited utility if they're under a DDoS attack as well. If a system designed to alert you when the network experiences problems sits behind the same bottleneck as the site it is monitoring, the alert probably won't make it to your phone or in-box in a timely fashion.

When you're under attack, it helps to know that you are under attack – and quickly. A more reliable alternative is to subscribe to a third-party service that monitors your site around the clock from dozens of other places on the Internet, evaluating its responsiveness from a genuine end-user perspective and providing alerts to your phone when problems are found.

3. Dump the logs

Your Web server logs can't tell the difference between a genuine visitor and a botnet node. Both visits will usually be recorded in the same way. Even if your server is provisioned correctly and is able to recover from a DDoS attack flood, if its logs stack up, you can often add insult to injury if your server fails because the logs became too large. While the log data could possibly be used for forensic purposes after the attack is over, its value is relatively limited. It's far more important that servers are able to respond to genuine users during the attack.

If you find log files growing large quite quickly, you're faced with the choice between keeping the data and losing the server, or losing the data and keeping the server. If your Web server is mission critical and large log files are preventing you from recovering, your choice should be clear: dump the logs.

4. Know the people at your providers

While it is technically possible to locally configure network hardware to drop some malicious packets, ideally you'll want the unwanted traffic throttled as close to the source as possible. This means that coordination with your upstream providers is a must.

Unfortunately, if your opponent has done his reconnaissance properly, he will launch his attack at the most inconvenient time possible. There's a good chance that the text message alerting you to an incoming DDoS will arrive at 1am on a Saturday morning, when both you and your regular ISP points of contact are off for the weekend.

The normal support numbers you know to call might go to voice-mail, the night-shift staff may not have the expertise or authority to help, and automated ticketing systems may not be as comprehensively attended as they are during business hours. If you can't find anyone in a position to help you, you're then faced with the prospect of two or three days of compromised performance or outright downtime.

In these circumstances it’s essential to have the direct telephone numbers of clued-in people at your ISP's network operations center. If you know how to contact the right person to help shut down the attack, regardless of the hour, you'll experience far fewer headaches when a DDoS strikes.

It's a truism that most security vulnerabilities are people problems. Fortunately, that sometimes also applies to the solutions.

DDoS attacks are here to stay – after all, they are cheap to setup and easy to implement. By appropriately deploying plans in these four areas (provisioning, monitoring, log management and escalation) you should be able to hold your own against all but the most determined and aggressive attackers.