• Danger zone

    Cybercrime is fast becoming one of the biggest industries in the world – and Africa is particularly at risk.

    Danger zone

    For bad guys across the world, there’s a lucrative new game in town. It hits 378 million victims a year, costs the global economy about US$113 billion annually, and its third-highest number of targets are found in South Africa. Want to look up what kind of crime we’re talking about? We’ll wait while you google it…

    Trouble is, by going onto the internet you’re stepping right into the hornet’s nest.

    Cybercrime, according to the 2013 Norton Report, has affected about 50% of all online adults. Odds are, you’re one of them – and if you haven’t been duped, you’ve almost certainly been targeted. ‘Dear respected one, permit me to inform you of my desire of going into business relationship with you…’; ‘My dear friend, My name is Mr Johnson Emmanuel, I am a senior partner [Attorney] in the firm of Emmanuel Consults Inc Private Investigators…’; ‘Congratulations! Your mobile number has won you US$195 000…’ You know the drill. Of course you do. By now, everybody knows the risks.

    Except, everybody doesn’t. If anything, cybercrime is growing every year (the Norton Report estimates the cost per victim is US$298 – 50% up year-on-year), and surprisingly few people are aware of the risks, or take the necessary precautions.

    ‘It’s basically about a lack of awareness of cyber risks,’ says Basie von Solms, director of the Centre for Cyber Security at South Africa’s University of Johannesburg. ‘If you are aware of the risks, you will ensure that your antivirus packages are up to date, and you won’t fall for a phishing scam or for a suspect attachment.

    ‘I have no doubt about it: for South Africa – and for Africa in general – the core of the problem is that there’s a lack of awareness about the risks,’ he says.

    The Norton Report backs him up and finds that 39% of social media users don’t log out after each session. Think about it. When last did you log out of your Facebook account? Some 31% of social media users connect with people they don’t know (again, how many of your ‘friends’ are actually friends?), and only 33% of mobile users have at least a basic free antivirus solution on their device.

    Claims that cybercrime is now a bigger criminal industry than illegal drug trafficking may be exaggerated (again, we’ll let you google that – if you’re still brave enough to go online). However, it’s an indisputable truth that the rates are rising. As internet-connected mobile device penetration increases across Africa, the continent faces a cybercrime crisis.

    That’s the bad news. The good news, according to internet security firm Kaspersky Lab, is that African states are at least aware of the problem and are taking steps to deal with it.

    ‘We have seen encouraging signs that East Africa’s governments are serious about their digital strategies’

    Speaking at the company’s annual Security Analyst Summit in Hungary, Sergey Novikov, the company’s deputy director of global research and analysis, said that phishing and malware attacks are lower in Africa compared to other continents – probably because of the language. ‘Phishing attacks are mainly in English. Users in countries where the first language isn’t English are less likely to click on links if the mail is in English. But they are not immune – the local language is a different story, as new malware targeting like spear phishing has become more of a problem.

    ‘Cybercrime can be divided into layers. The majority of cybercrime is about stealing money and identity, while there will also be a significant growth in economic cybercrime. At the top of the pyramid is state vs state attacks. A good example of that is the Stuxnet threat – but that is only about 1%. The internet is still the number one source of threats, with more than 40% of Eastern Europe infected.’

    Novikov said that about 33% of computers in South Africa are currently affected with harmful viruses or malware, while across most of Africa the figure is between 42% and 55%.

    Kaspersky Lab’s figures show that Algeria took the top spot in Africa regarding security threats in the first quarter of 2014, followed by Egypt, South Africa and Kenya.

    Ironically, although placed fourth on the list, Kenya is one of the most proactive African countries when it comes to cybersecurity. Speaking to BiztechAfrica recently, Kaspersky Lab’s channel sales manager for East Africa Bethwel Opil said that the roll-out of fibre networks in the region had caused a spike in internet use – bringing with it a spike in cybercrime.

    ‘While private-sector players are standing by to mitigate the risk, appropriate legislation plays the most critical role in combating cybercrime,’ he said. ‘Over the past few years, we have seen encouraging signs that East Africa’s governments are serious about their digital strategies and about mitigating risk at the same time. Kenya’s draft laws to combat cybercrime are a good example of this.’

    In South Africa, Von Solms believes that the general lack of awareness about cyberthreats is an issue that should have been addressed by the government – but it hasn’t. He says: ‘We should have had a national cyber awareness programme years ago, like we’ve got a national HIV/Aids programme. [Now] you see the consequences. South Africa is third on the list internationally of cybercrimes and cyber victims. This has to be addressed at a national level.’

    The Economic Community of West African States (ECOWAS) is taking Von Solms up on his challenge. In April, Isaias da Rosa, ECOWAS commissioner for telecoms and information technologies, announced that the bloc is busy establishing ‘computer emergency response teams’ in each of its 15 member states to fight cybercrime in West Africa.

    This comes as cybercrime continues to seep into countries such as Benin, where a recent BiztechAfrica investigation found that internet cafés acted as ‘command centres’ for cyber scammers who ‘operate there freely without anyone, including cops and owners, lifting a finger’.

    The report quoted local ICT teacher Fidele Adjovi as saying: ‘[The] online scam is no longer the speciality of Nigerians. It has long been exported to other African countries by the people who learnt the ropes in Nigeria or from Nigerians living abroad.’

    Only two hours of road travel separate Nigeria’s most populous city, Lagos, and Benin’s commercial capital Cotonou. Adjovi’s barely disguised dig at Nigeria comes as the country attempts to shed its reputation as the world’s ‘419 scam’ capital, with President Goodluck Jonathan introducing a Cybercrime Bill in Nigeria’s National Assembly. The Bill was roundly condemned by telecoms operators who fear that it would force them to conduct surveillance on individual customers or release user data to authorities.

    That’s a big part of the challenge – privacy.

    The AU has been trying for months to establish a Convention on Cyber Security, which it hopes will establish ‘a credible framework for cybersecurity in Africa through the organisation of electronic transactions, protection of personal data, promotion of cybersecurity, e-governance and combating cybercrime’. The AU planned to vote on the convention at a summit in Ethiopia in January, but the process was stalled owing to technical issues and opposition to the plan.

    Late last year, the Centre for Intellectual Property and Information Technology Law at Kenya’s Strathmore University drew up a petition against the convention, claiming that, if adopted in its current form, it would infringe upon Africans’ rights to privacy. The convention’s adoption has since been pushed out to either July this year or January 2015.

    In the meanwhile, in the first three months of 2014 alone, Kaspersky Lab’s antivirus products detected and neutralised more than 49 million cyberattacks and malware infections on computers as well as mobile devices across the African continent.

    That sounds like a lot – and it is – but that’s just the number reported by Kaspersky Lab. Many more were detected by other services, such as Symantec-Norton, McAfee or AVG, and it’s almost impossible to tell how many more attacks have gone undetected on the millions of devices that don’t have any antivirus protection installed.

    ‘There’s a naiveté that says the internet is secure and anonymous, and there are no risks,’ says Von Solms. ‘The truth is, the internet is not safe. It’s the Wild West out there.’

    By Will Sinclair
    Image: Gallo/GettyImages