Nigerian ‘Yahoo Boys’ exposed

 Brian Krebs in his recent blog article titled “Spy Service Exposes Nigerian ‘Yahoo Boys’published an interesting discovery of a hacked makeshift online keystroke logging (the act of covertly recording the keys typed on a keyboard) service known as BestRecovery, which charges customers $25 to $33 per month fee to use the service.  The online service provides customers with tools to create a custom Windows-based keylogger and then disguise it as a legitimate screensaver application that steals user data which can then be viewed remotely.

Nigerian ‘Yahoo Boys’ exposed,What particularly caught my attention however was the alleged discovery that majority of BestRecovery over 3,000 paying customers appear to be Nigerian 419 scammers (as most had email addresses with Nigerian sounding names ) using computers with Internet addresses in Nigeria.  According to Krebs, “the information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored”. The email addresses used by the customers of the BestRecovery keylogger service, are available here. Interestingly, many of these guys used the same email address for their Facebook accounts. Krebs in another publication titled “‘Yahoo Boys’ Have 419 Facebook Friendswent further to expose the two social network clusters between and among these individuals, their relationship, including a photo tableau he made of the Facebook profiles of most of the top guys in those clusters.

This is indeed a mesmerizing expose´and obviously a big blow to the underground network of Internet fraudsters that have dragged Nigeria’s reputation to the mud. The efforts and time put in by Brian Krebs in exposing these fraudsters are commendable. However, it is important to point out the fact that these “ethically challenged” individuals constitute only a tiny percentage of Nigerian youths and therefore care must be taken not to assume that most Nigerians are Internet fraudsters. Curiously, the article provided no information about the site owners, location or country in which the service is hosted but focused mostly on the Nigerian users of the service. Some readers in their comments questioned the author’s motive and fairness. For example, a reader that goes by the name Li Pan commented thus: “This article contain a lot of missing information that could change your point of view. For starters the service was created by a Pakistani student; this particular service paid all his bills through his university……Furthermore the service existed since 2005 and have been used for major damage and spy activities which was not mentioned in this article and those damages were done by Asians and Arabs and South Americans, using this particular service I didn’t see any mention of that in this article also”. Another reader with the name Adam had this to say: “I have the complete database and logs which contains not only Africans but also Americans, Malaysians, Arabs, Pakistan, Philippine, etc.”

Notwithstanding, the Nigerian government should do more to curb this menace and rid the country’s cyberspace of fraudsters. The activities of these fraudsters have made e-commerce transactions difficult for responsible Nigerians engaged in legitimate business transactions around the world. It is gradually becoming difficult for Nigeria to take full advantage of the opportunities that globalization and the Internet offer as many Nigerian IPs are continually being blocked, Nigerian debit cards are rejected by some foreign e-commerce sites, and Nigeria have been removed from the list of countries supported in some sites such as PayPal,, etc. As a matter of national urgency, efforts should be intensified to pass the Cyber Security bill into law to at least pave way for the prosecution of these Internet fraudsters.  

Categories: Cyber Crime

Tags: , , ,

2 replies »

  1. they are a huge disgrace….mtcheeewwww..

  2. can you imagine the embarrassment?….

Leave a Reply

%d bloggers like this: