X

This is not a paywall.

Register for free to continue reading.

The news sucks. But your reading experience doesn't have to. Help us improve that for you by registering for free.



Please create a password or click to receive a login link.


Please enter your password or get a login link if you’ve forgotten


Open Sesame! Thanks for registering.

First Thing, Daily Maverick's flagship newsletter

Join the 230 000 South Africans who read First Thing newsletter.

We'd like our readers to start paying for Daily Maverick

More specifically, we'd like those who can afford to pay to start paying. What it comes down to is whether or not you value Daily Maverick. Think of us in terms of your daily cappuccino from your favourite coffee shop. It costs around R35. That’s R1,050 per month on frothy milk. Don’t get us wrong, we’re almost exclusively fuelled by coffee. BUT maybe R200 of that R1,050 could go to the journalism that’s fighting for the country?

We don’t dictate how much we’d like our readers to contribute. After all, how much you value our work is subjective (and frankly, every amount helps). At R200, you get it back in Uber Eats and ride vouchers every month, but that’s just a suggestion. A little less than a week’s worth of cappuccinos.

We can't survive on hope and our own determination. Our country is going to be considerably worse off if we don’t have a strong, sustainable news media. If you’re rejigging your budgets, and it comes to choosing between frothy milk and Daily Maverick, we hope you might reconsider that cappuccino.

We need your help. And we’re not ashamed to ask for it.

Our mission is to Defend Truth. Join Maverick Insider.

Support Daily Maverick→
Payment options

Is Africa cyber-crime-savvy?

Africa

ISS TODAY

Is Africa cyber-crime-savvy?

Cyber attacks can have a crippling effect on countries and organisations (Image: Hypnobay on Pixabay, public domain)
By ISS Today
26 Jun 2019 0

Cyber awareness must become part of every aspect of life from doing business to alleviating poverty and providing security. By Karen Allen 

First published by ISS Today

It started with loud music and the smell of marijuana. When South African police stormed a hotel room in the Western Cape they found six people huddled over 32 computers and mobile devices. This extortion syndicate was extracting millions of dollars from unwitting individuals.

A senior source at South Africa’s National Prosecuting Authority (NPA) says such “boiler rooms” of malicious cyber activity are rapidly expanding.

We have never had a major incursion or data breach referred to the NPA from the police … no seminal event” – such as when Ukraine’s power grid was taken down by hackers in 2016. But, says the source, it could just be “a matter of time”.

Africa needs to be better prepared for both cyber-dependent crimes, in which new computer-based technologies form the basis of new crimes, and cyber-enabled crimes, in which new technologies are used to commit old-style crimes, such as money laundering.

In more developed economies there’s been an increase in attacks from ‘hacktivists’ who use the dark arts of cyber to embarrass, advocate or protest. According to cyber analytics firm Kaspersky Lab, there are 13,842 cyber attacks daily in South Africa. That equates to more than 570 attacks every hour. Bank fraud, particularly the use of malware on mobile phones, has also increased dramatically, says the South African Banking Risk Information Centre.

Kenya is facing a similar problem. The Communications Authority has reported a dramatic rise with nine-million malware attacks in just three months from October to December 2018. With mobile phone subscriptions across sub-Saharan Africa expected to reach 930 million by the end of 2019 and the growth of e-commerce and e-banking continent-wide, the potential to inflict huge financial, reputational and political damage is clear.

South Africa, as a leading economy in Africa, is acquiring new tools in its armoury to fight the criminals. The Cyber-crimes and Cyber-security Bill (2018) broadens the scope of cyber offences as set out in earlier legislation, permits extradition and offers tougher sentences.

Yet at a continental level the political will of many other states to take decisive action has been lacking. It is perhaps ironic that the African Union (AU), which has sought to encourage a continent-wide approach through the Convention on Cyber-Security and Personal Data Protection (2014), was itself the focus of a major cyber attack, according to French newspaper Le Monde.

The alleged theft of data from the AU’s Addis Ababa headquarters over a five year period was blamed on China, which built and kitted out the AU’s Ethiopian hub. China’s foreign affairs ministry denied the allegations made by AU officials, but the incident exposed vulnerabilities and has led to a wholesale revamp of the AU’s computer, security and telecommunications systems.

The AU Convention, also known as the Malabo Convention, seeks to harmonise legislation, regulation and governance strategies across Africa and establish “institutions that share information on cyber threats and vulnerabilities such as the cyber emergency response teams”. Yet only a handful of countries including Ghana, Kenya and Mauritius have established such bodies.

Just four African states have ratified the convention, limiting its enforcement power. The same goes for the Budapest Convention, widely considered the global Gold Standard. Only Cabo Verde, Ghana, Mauritius, Morocco and Senegal have incorporated it into national law. Countries such as South Africa, which has not yet ratified, are preferring to go it alone.

At a recent conference on cyber-security hosted by the South African Police Service, plans for a 24-hour rapid response unit were enthusiastically debated. However until it becomes a fully funded reality, law enforcement agencies and the banking sector are relying on informal networks to try to prevent the country from becoming a safe haven for cyber criminals.

Data, which has become the “new gold”, has attracted crime syndicates to position themselves as service providers – hackers for hire. Advocate Wilma Gernandt, who trains prosecutors in South Africa on the perils of cyberspace, believes there are “at least 10 such criminal syndicates” operating in the country.

They compete by offering so-called offensive tools, explains Neil Walsh, head of cyber-security and fraud at the UN Office on Drugs and Crime. These are computer networks and mobile phones that are turned into listening devices. It opens opportunities to meddle in elections, steal data or seek ransom funds from targets that may include governments, utility providers, the military, manufacturing and commercial players.

To counter the threat, difficult trade-offs need to be considered by the public, according to Luca Viganò who leads cyber-security research at King’s College London. For instance, to build a firewall to protect individuals against data theft and fraud requires a delicate balancing act between personal privacy and security. For banks and governments to protect individuals, he explains, more personal data may need to be held, to make it harder for automated systems to steal data or mimic clients.

How cyber threats from states or non-state actors such as terrorist groups affect geopolitics in Africa also needs some consideration. Earlier this year Israel set a new precedent when it launched air strikes against a Hamas target which the Israeli defence force claims was a “digital warfare operative”. Imagine the same happening in Somalia, Yemen or Ethiopia? This use of military force in response to a cyber threat represents a shifting terrain.

With the rapid evolution of new technologies, and the dawn of 5G which will enable faster, real-time communication, the question of how to police this new space is a pertinent one. In particular, how to locate cyber awareness into virtually every aspect of life from conducting business to alleviating poverty, doing diplomacy and providing security.

African leaders cannot bury their heads in the sand and paint this as a developed country problem. Just as technology has the possibility to transform lives with the click of a mouse, it can also destroy them .DM

Karen Allen is a senior research adviser, Emerging Threats in Africa, ISS Pretoria.

Gallery

Please peer review 3 community comments before your comment can be posted