Deputy
Commissioner of Police (DCP) Abba Kyari is an acclaimed “super cop” and the
head of the Inspector General of Police (IGP) Intelligence Response Unit (IRT).
As the “top dog” of the Nigeria Police Force intelligence unit, one would have
expected Kyari to be more circumspect or cybersecurity cautious while dealing
with Ramon Olorunwa Abbas aka Huspuppi who is now a self-confessed
cybercriminal. Kyari did not bother to ensure that his conversations with
Huspuppi were done via encrypted channels or platforms using Whatsapp or Signal
calls. A Whatsapp or Signal call to another user of Whatsapp or Signal is
end-to-end encrypted, meaning that the call cannot be accessed either by
Whatsapp, Signal or a third party. If Kyari and Huspuppi had communicated via
Whatsapp or Signal calls, the FBI would not have found the damning evidence
linking Kyari with Huspuppi’s scams, even after the arrest and search of
Huspuppi’s phones. At the best, call logs from either Whatsapp or Signal, would
have shown that the two communicated but the contents of the communication would
not have been known.
This lack of
basic cybersecurity practice or seemingly tech incompetence might be a pointer
to the fact the IRT is not so intelligent when it comes to the application of
ICT for the investigation of crimes. If this is not so, how then can one
explain this “slip” or “falling of hand” by the “top dog” of the IGP IRT? Or
could it be that Kyari thought that Hushpuppi would never be caught and his
devices accessed thus revealing his (Kyari’s) alleged criminal links with
Huspuppi?
To be fair to
Kyari, he is not the first top security official to exhibit a lack of basic
cybersecurity knowledge or to fall from the top, due to tech goofs. David Howell Petraeus is a retired US Army General and public official. He served as
Director of Central Intelligence Agency (CIA) from September 6, 2011, until his
resignation on November 9, 2012. Before he assumed the directorship of the CIA,
Petraeus served 37 years in the US Army.
The retired
four-star General was forced to resign as CIA Director when an extramarital
affair with his biographer; Broadwell, was revealed by their incriminating
Gmail exchanges.
According to
Bianca Bosker:
“The extramarital affair
between former CIA Director David Petraeus and his biographer, Paula Broadwell,
which was revealed by their incriminating Gmail exchanges, could easily have
gone undetected had Petraeus and his paramour followed two simple spy tricks
that date back millenia: Write in code and destroy the message after you read
it. It sounds simple, and it is. That's why it's disturbing and worth noting
that the man in charge of all covert intelligence operations for the United
States couldn't manage to keep a secret about his personal life.”
The Wall Street Journal, reported that Petraeus and Broadwell used pseudonyms to set up
separate Gmail accounts which they used to communicate in secret. Their trove
of "sexually explicit emails" was discovered only by accident after
Jill Kelley, an acquaintance of Petraeus, complained that she was receiving
threatening emails, which led FBI investigators to Broadwell's account and, in
turn, to her X-rated messages detailing the affair.
The Journal
explains:
“FBI agents and federal
prosecutors used the information as probable cause to seek a warrant to monitor
Ms Broadwell's email accounts. They learned that Ms Broadwell and Mr Petraeus
had set up private Gmail accounts to use for their communications, which
included explicit details of a sexual nature, according to U.S. officials. But
because Mr Petraeus used a pseudonym, agents doing the monitoring didn't
immediately uncover that he was the one communicating with Ms Broadwell.”
Creating separate accounts dedicated to illicit communication was a good move, noted Graham Cluley, a senior technology consultant at Sophos, a provider of security
software.
Petraeus and
Broadwell made the mistake of saving their emails, rather than erasing them right away. And Cluley said they also should have communicated in code using
freely available online encryption services.
As the head of
the CIA, Petraeus ought to have known better that the method of communication
with Broadwell was not secure. In this age of ICT, the head of an intelligence
agency must also be cybersecurity intelligent.
Also read: Here's How The FBI Nailed Paula Broadwell
For Harassing Jill Kelley In The Petraeus Sex Scandal
POSTSCRIPT: The FBI says that they are investigating
the Hushpuppi case as part of “Operation Top Dog.” Top dog means a "person who
is successful or dominant in their field." For example; “Hushpuppi was a top dog
in the cybercrime world.”
Below is an excerpt
from the Criminal Complaint filed in the United States District Court for the
Central District of California in the case of the United States of America v.
RAMON OLORUNWA ABBAS, ABBA KYARI & Ors which discloses the allegations against Abba
Kyari
AFTER CONSULTING
WITH JUMA, ABBAS ARRANGED TO HAVE ABBA KYARI IMPRISON CHIBUZO IN NIGERIA IN
RETALIATION FOR, AND TO PREVENT HIM FROM, TRYING TO CO-OPT THE VICTIM BUSINESSPERSON
129. As
discussed in paragraph 120, JUMA and ABBAS had a falling out with CHIBUZO after
CHIBUZO felt that he was being underpaid (or had not been paid) for work on the
fake Wells Fargo website, and then contacted the Victim Business person
directly. ABBAS then arranged to have KYARI arrest and imprison CHIBUZO in
Nigeria for attempting to redirect fraudulent proceeds intended for ABBAS and
JUMA to himself, to keep CHIBUZO from interfering with the scheme. This section
discusses those events and KYARI’s involvement in the conspiracy.
130. On January
l3, 2020, the Victim Businessperson contacted JUMA about a person who had
contacted the Victim Businessperson about the loan, stating “This number is
calling me but I didn’t answer.” The Victim Businessperson also provided JUMA a
screenshot of and forwarded additional conversations between the Victim
Businessperson and CHIBUZO, who was using the U.S. phone number 3054405586.
That phone number was the same phone number used by CHIBUZO to send ABBAS
information about the fake Wells Fargo website described earlier. In the
messages, CHIBUZO sent the Victim Businessperson’s passport, and claimed to be
“trying to help” the Victim Businessperson.
131. JUMA
forwarded these messages from the Victim Businessperson to
ABBAS, who
responded, “I will deal with him.” At approximately the same time, ABBAS asked
CHIBUZO for a phone number on which to call him. Two minutes later, ABBAS sent
the phone number on which he contacted CHIBUZO (which CHIBUZO had previously
also sent to ABBAS) to KYARI without providing any additional context. Just
before forwarding the phone number to KYARI, ABBAS placed a nearly five-minute
call to KYARI, using the phone number described in paragraph 136.
132. A short
time later, ABBAS told JUMA, “setting him up already [1]] He will learn.” JUMA
replied, “He almost messed it up bro,” to which ABBAS responded,
“They are working on it already.”
133.
Approximately an hour later, CHIBUZO responded to ABBAS’ message requesting his
phone number by providing another phone number. ABBAS also sent this number to
KYARI without providing any additional context in the message.
134. On January
l5, 2020, this time using WhatsApp, ABBAS sent an audio recording to KYARI,
stating, essentially, that he wanted to remind KYARI about what they discussed
earlier.
135. On January
16, 2020, ABBAS sent the following threats to CHIBUZO: I dey always tell people
to think well before they offend me and make them make sure they fit stand the
consequences when the time comes. I won’t say more than that but very soon,
very very soon, the wrath of my hands shall find you and when it does, it will
damage you forever At this point I no get discussion with you, u have committed
a crime that won’t be forgiven, that is punishable and you shall receive die
punishment in due time I swear with my life you will regret messing with me,
you will even wish you died before my hands will touch you.
136. Also on
January 16, 2020, ABBAS sent a message to KYARI on WhatsApp, and then placed
five calls to another phone number (+2348060733588) that was listed as “ABBA
KYARI.” Call records show that the last three of the calls were answered and
that one ofthe calls lasted more than two minutes. Shortly after that, ABBAS
received a message from KYARI, confirming “We would pick him today or tomorrow.”
ABBAS wrote, “I will take care of the team also after they pick him up.” KYARI
confirmed “Yes ooo.”
a. Based on the
conversation described in paragraphs 143 to 145, ABBAS planned to pay the
Nigeria Police Force officers who arrested CHIBUZO for that service.
b. This was not
the only time that ABBAS arranged payments with KYARI. On May 20, 2020, ABBAS
sent KYARI transaction receipts for two transactions from accounts at Nigerian
banks (GTBank and Zenith Bank) of a person ABBAS knew in the U.A.E.—a person
also arrested with ABBAS in ABBAS’ apartment in the U.A.E. by Dubai Police on June
9, 2020—to the Nigerian bank accounts of another person in Nigeria. The amounts
on the transaction receipts totalled 8 million Nigerian Naira, which was
approximately $20,600 based on publicly available exchange rate information.
137. Attempting
to reason with ABBAS, on January 18, 2020, CHIBUZO recounted for ABBAS all the
assistance he had provided in the scheme to victimize the Victim
Businessperson, including creating the “power of attorney” document (paragraphs
67-68), devising a story to tell the Victim Businessperson (paragraph 117), and
facilitating the creation of the “telephone banking” number (paragraphs
109-116) and fake Wells Fargo website (paragraph 117).
138. As
discussed in paragraph 32.b, on January 20, 2020, KYARI sent to ABBAS biographical,
identifying information for CHIBUZO, along with a photograph of him. In a
conversation immediately following, ABBAS confirmed “that is him sir.” KYARI
stated, “We have arrested the guy . . . He is in my Cell now [II] This is his
picture after we arrested him today.” (The below image is a cropped version of
the photograph that KYARI sent to ABBAS.)
139. KYARI sent
the biographical information about, and photograph of, CHIBUZO to ABBAS using
two different WhatsApp numbers—the second of which KYARI said was his “private
number.” From that point on, KYARI and ABBAS primarily discussed the arrest and
detention of KYARI through WhatsApp on this “private number.”
140. After
receiving the photograph of CHIBUZO, ABBAS stated, “I want him to go through
serious beating of his life.” KYARI responded,
“Hahahaha,” and ABBAS replied, “Seriously sir.” KYARI then asked for details
about what CHIBUZO did “on audio,” which KYARI said was “So that we will know
what to do.”
141. In response
to KYARI’s question about what CHIBUZO had done to ABBAS, ABBAS sent KYARI an
audio message, which is transcribed here, describing how CHIBUZO had tried to
steal away a fraud victim (i.e., “the job”) from him:
What he did is,
I have one job. The job want to pay me 500, umm, 75,000 dollars [i.e.,
$575,000]. He went to message the job behind me because I told him to help me
make one document for me to give the job. Then he went—he has a—I gave him the
details. Then he went to message the job behind my back and try to divert the
money and in this process he tell the job because of the documents he gave me
that I gave the job, he tell the job, “These document they sent to you before.
These people are fake. This money—is me who can help you to get it. Come to me
le—bring this money you want to pay these people to me. I’m the only one who
can help you,” and all these things to divert the job for himself.
142. After
listening to the message, KYARI wrote, “Ok I understand [1]]
But he has not
succeeded.” ABBAS claimed CHIBUZO had taken some money, and provided KYARI with
two screenshots, one of which contained the phone number 3054405586 (the phone
number CHIBUZO used to contact the Victim Businessperson). The screenshots
showed a person contacting the Victim Businessperson and stating that he was
providing information to try to “help[]” the Victim Businessperson. KYARI
responded, “Yeah I understand.” KYARI did not request other information or
evidence relating to CHIBUZO’s role in the scheme, ask questions about the
nature of the transaction, or ask about why CHIBUZO told the Victim
Businessperson that ABBAS was “fake.”
143. ABBAS then
told KYARI, “Now the [Victim Businessperson] was skeptic to pay me the money
cos he keep attacking the [Victim Businessperson] from his end. Now I can
handle the [Victim Businessperson] correctly.” ABBAS further told KYARI that he
wanted to pay money to send CHIBUZO to jail for a long time, stating “Please
sir I want to spend money to send this boy to jail, let him go for a very long
time.” KYARI responded, “Ok bro [1]] I understand [1]] I will discuss with my
team who arrested him . . . And handling the case [1]] We will do something
about it.”
144. ABBAS
responded, “Let me know how I can send money to the team sir[.] let them deal
with him like armed robber.” KYARI responded, “OK I will send their account
details to u.” ABBAS further wrote, “He betray me and try to take food out my
mouth, this is great punishable sin,” and KYARI responded, “Yeah bro.” ABBAS
then continued, “I want him to suffer for many years.” KYARI responded,
“Hahahaha [1]] Hahahaha.”
145.
Approximately six minutes later, KYARI provided the account information for a
bank account at a Nigerian bank, Zenith Bank, in the name of a person other
than KYARI himself. ABBAS responded “Ok sir, tomorrow by noon,” indicating that
he would make the payment to KYARI’s team by the next day.
146. On the same
day, ABBAS sent JUMA the photograph of CHIBUZO in custody, which KYARI had
sent.
147.
Approximately a month later, on February 19, 2020, KYARI sent a message to
ABBAS, saying, “Hello hush with [sic] need to talk about the subject under
detention with me.” ABBAS asked “Should I call u on this number sir?” to which
KYARI replied “Yes call me.”
148. The
following day, KYARI sent ABBAS multiple photographs of CHIBUZO to ABBAS,
including close-up photographs showing a rash or skin disease on CHIBUZO’s
torso and arms. ABBAS responded, “I don pity am, make them leave am from
Tuesday.” KYARI wrote, “Ok bro, they just brought him from hospital. The fever
and the rashes is giving him serious Wahala [1]] He got the disease from other
suspects in the cell.” ABBAS responded, “I see am, I no too pity am [1]] That’s
what people like him deserve but I go forgive am for God sake.” In other words,
based on my training and experience with Nigerian Pidgin, ABBAS was essentially
stating, in part, “I don’t pity him. That’s what people like him deserve, but I
will forgive him for God’s sake.”
a. Based on the
date of the messages and later discussion described in paragraph 150, ABBAS
was—on Thursday, February 20, 2020— requesting that KYARI not to release
CHIBUZO until Tuesday, February 25, 2020.
149. ABBAS then
told KYARI that CHIBUZO’s girlfriend messaged him, trying to raise one million
Naira to secure CHIBUZO’s release, and said ABBAS promised to contribute
100,000 Naira. KYARI stated “They were thinking it’s normal arrest that is why
they think money can remove him . . . No money can remove him here [1]]
Hahahaha.” ABBAS added, “But it’s better for them to think that way, I like it
like that,” and KYARI responded, “Yeah.”
150. ABBAS then
said, “No problem sir from Tuesday he can go,” apparently giving KYARI his
blessing to release CHIBUZO from custody. KYARI responded, “Ok bro [1]] We will
also keep his phone and other gadgets for some weeks.” ABBAS responded, “Yes
those ones they should not give him again, those ones are gone . . . Make he no
see those ones again for life,” instructing KYARI not to return CHIBUZO’s
electronic devices. KYARI responded, “Yes he will not see it [1]] Again,”
indicating that he would accede to ABBAS’ request.
