Africa's Cyber WMD

Think that Russia and China pose the biggest hacking threats of our time? The virus-plagued computers in Africa could take the entire world economy offline.

Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a "botnet" -- the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming -- straight out of Africa.

Cybercrime is growing at a faster rate in Africa than on any other continent in the world, according to statistics presented at a conference on the matter in Cote D'Ivoire in 2008. Cybersecurity experts estimate that 80 percent of PCs on the African continent are already infected with viruses and other malicious software. And while that may not have been too worrisome for the international economy a few years ago (just like the continuing war in the Democratic Republic of the Congo does not affect our daily lives), the arrival of broadband service to Africa means that is about to change. The new undersea broadband Internet cables being installed today will make Africa no further away from New York than, say, Boston, in the virtual world.

Broadband Internet access will allow Africa's virus and malware problems to go global. With more users able to access the Internet (and faster), larger amounts of data can be transferred both out and inward. More spam messages in your inbox from Africa's email fraudsters will be only the beginning.

Here's how the most alarming scheme could work. From a central hub, computers across the continent could be taken over, often without the knowledge of their owners, and set up to forward transmissions (including spam or viruses) to other computers online. These new zombie computers, or "bots" (as in robots), serve the wishes of some master spam or virus originator. "One botnet of one million hosts could conservatively generate enough traffic to take most Fortune 500 companies collectively offline," Jeffrey Carr writes in his book Inside Cyber Warfare. "A botnet of 10 million hosts could paralyze the network infrastructure of a major western nation." The African continent, home to almost 100 million computers, would be a top target for botnet herders, with devastating results.

Why Africa, of all places, when surely there are computers to hack elsewhere? In short, because the continent is home to the world's most vulnerable computers. About 80 percent of the African population lacks even rudimentary knowledge of information technologies, according to a recent World Bank survey. Though Internet cafes are widespread, providers often cannot afford proper antivirus software, making computers very easy targets for skilled botnet operators and hackers.

Moreover, most African countries (with some exceptions, such as Egypt and South Africa) lack the legal infrastructure they would need to prosecute, let alone stop, the rapid increase in cybercrime. Nor is there much coordination between countries on how to deal with cybersecurity, despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held in Tunis in 2009. Promises made to develop national cybersecurity strategies and better monitor the crime will likely fall flat on a lack of funding.

There are a few bright spots in this dismal picture. Some African countries really have made headway, at least on a national level. Tunisia, for example, drafted a national cybersecurity strategy and specific legislation for electronic identification, and has been able to create the first national security institute in Africa. Nigeria, home of the infamous "419" scam, so named for the code of law that prohibits it, has developed a national cybersecurity initiative mostly aimed at raising awareness and battling online fraud.

Unfortunately, in cyberspace, the whole is only as strong as its weakest link -- and the majority of African countries are downright frail. That fact won't be lost on skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo. The biggest botnet the world has ever known could be lurking there.



Should Pakistan Get a Nuke Deal?

Only if it finally abandons its support for terrorism.

On March 24, the United States and Pakistan will convene their newly launched strategic dialogue. Past engagement between the two countries has been neither strategic nor a dialogue. This time, Pakistan's delegation is likely to request a civilian nuclear agreement akin to the U.S.-India civilian nuclear deal that was initiated in 2005. Given Pakistan's history of proliferation, such a proposal would meet with howls of disapproval on Capitol Hill and in New Delhi, not to mention healthy skepticism among some in Barack Obama's administration. But Washington should not reject a deal outright: It could be a real opportunity to put the United States's troubled relationship with Pakistan on steadier footing.

To stabilize Afghanistan, the United States needs Pakistan. It is both the primary transit route to supply the Afghan war and the home to Islamist militants who are savaging Afghanistan, India, and Pakistan itself. Worse, these militant groups are linked to international terrorism -- as numerous terrorist plots and attacks across North America, Europe, and Australia attest.

Islamabad's pitch will likely be that Washington needs it more than the other way around. But the truth is that Pakistan needs the United States more than ever as it confronts a serious blowback of Islamist militants who are ravaging the country. Pakistan's military has limited counterinsurgency capabilities or assets due to its longstanding focus on conventional war with India. Pakistan needs U.S. help to improve its inadequate police forces and help rebuild the country's civilian institutions and rehabilitate the areas and populations devastated by army operations. Although Pakistanis point to their "all-weather friend" China, it is U.S. -- not Chinese -- assistance that will help Pakistan maintain conventional parity with its chief nemesis, India. The platforms that China is willing to sell are unlikely to be an effective counterweight to India's evolving capabilities.

Moreover, because Pakistan fears U.S. intentions regarding its nuclear arsenal, only the United States can address Pakistan's neuralgic insecurity by acknowledging the country as an accepted -- rather than merely tolerated -- nuclear power. The United States has formally conceded India as a de jure nuclear power and has long supported Israel's program actively and passively. Pakistan is the third country that went nuclear outside the Nuclear Non-Proliferation Treaty, and it wants the same explicit acceptance as the other two.

Any civilian nuclear deal for Pakistan would have to be conditions-based. It would not be equivalent to India's deal, which recognizes India's nonproliferation commitments and enables India to compete strategically with China globally. A civilian nuclear deal with Pakistan has a different logic: to reset bilateral relations that are bedeviled with layers of mistrust on both sides.

Pakistan disconcerts the world due to its nuclear proliferation record and because it supports myriad Islamist militants menacing the international community. This deal should therefore be conditioned upon access to nuclear scientist A.Q. Khan and direct information about his nuclear black markets, as well as verifiable evidence that Pakistan is reversing its support for militant groups and taking active steps to dismantle the architecture for terrorism.

At the same time, the deal should address Pakistan's chief concerns. Pakistan fears that the United States -- perhaps in consort with India and Israel -- seeks to dismantle its nuclear program. Such a deal would formally recognize Pakistan's nuclear status and reward it for the considerable progress it has made to enhance its arsenal's security since 2002.

Although the United States has professed a need for a "strategic relationship" with Pakistan and has offered lucrative financial allurements and conventional arms since the 1950s, a genuinely strategic relationship has been beguiled by the reality that both states have divergent strategic aims. Washington wants Islamabad to give up what it sees as the only tools in its arsenal to secure its interests at home and abroad: jihadi terrorism under the security of its nuclear umbrella.

But the United States is going to have to offer something in exchange: recognition and strategic support. Such a deal could create the conditions of trust whereby other initiatives, such as a limited security guarantee -- negotiated with India's explicit input -- would be welcomed.

Pakistan maintains that its dangerous policies are motivated by fears of India. A phased U.S. approach will either diminish this deep-seated insecurity or call Pakistan's bluff about the rationale for its behavior, motivating the United States to rethink its handling of Pakistan. Either outcome would be an enormous improvement over the stagnant status quo.

Washington must transform its relations with Islamabad (and Rawalpindi, where Pakistan's military is headquartered) with the same energy and creativity as it did with New Delhi because Washington needs both South Asian states as much as they need Washington. Such a conditions-based deal will take years to come to fruition even if dubious U.S entities and inveterate U.S. foes in Pakistan don't stand in the way. Putting it on the table now would only be a first step in a strategic gamble that may or may not pay off down the road.

The only other future option is far more unpalatable and difficult: trying desperately to keep containing the myriad and complex threats Pakistan poses to the world. And we already know how well that strategy works.