Africa's Cyber WMD

Think that Russia and China pose the biggest hacking threats of our time? The virus-plagued computers in Africa could take the entire world economy offline.

BY FRANZ-STEFAN GADY | MARCH 24, 2010

Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a "botnet" -- the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming -- straight out of Africa.

Cybercrime is growing at a faster rate in Africa than on any other continent in the world, according to statistics presented at a conference on the matter in Cote D'Ivoire in 2008. Cybersecurity experts estimate that 80 percent of PCs on the African continent are already infected with viruses and other malicious software. And while that may not have been too worrisome for the international economy a few years ago (just like the continuing war in the Democratic Republic of the Congo does not affect our daily lives), the arrival of broadband service to Africa means that is about to change. The new undersea broadband Internet cables being installed today will make Africa no further away from New York than, say, Boston, in the virtual world.

Broadband Internet access will allow Africa's virus and malware problems to go global. With more users able to access the Internet (and faster), larger amounts of data can be transferred both out and inward. More spam messages in your inbox from Africa's email fraudsters will be only the beginning.

Here's how the most alarming scheme could work. From a central hub, computers across the continent could be taken over, often without the knowledge of their owners, and set up to forward transmissions (including spam or viruses) to other computers online. These new zombie computers, or "bots" (as in robots), serve the wishes of some master spam or virus originator. "One botnet of one million hosts could conservatively generate enough traffic to take most Fortune 500 companies collectively offline," Jeffrey Carr writes in his book Inside Cyber Warfare. "A botnet of 10 million hosts could paralyze the network infrastructure of a major western nation." The African continent, home to almost 100 million computers, would be a top target for botnet herders, with devastating results.

Why Africa, of all places, when surely there are computers to hack elsewhere? In short, because the continent is home to the world's most vulnerable computers. About 80 percent of the African population lacks even rudimentary knowledge of information technologies, according to a recent World Bank survey. Though Internet cafes are widespread, providers often cannot afford proper antivirus software, making computers very easy targets for skilled botnet operators and hackers.

Moreover, most African countries (with some exceptions, such as Egypt and South Africa) lack the legal infrastructure they would need to prosecute, let alone stop, the rapid increase in cybercrime. Nor is there much coordination between countries on how to deal with cybersecurity, despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held in Tunis in 2009. Promises made to develop national cybersecurity strategies and better monitor the crime will likely fall flat on a lack of funding.

There are a few bright spots in this dismal picture. Some African countries really have made headway, at least on a national level. Tunisia, for example, drafted a national cybersecurity strategy and specific legislation for electronic identification, and has been able to create the first national security institute in Africa. Nigeria, home of the infamous "419" scam, so named for the code of law that prohibits it, has developed a national cybersecurity initiative mostly aimed at raising awareness and battling online fraud.

Unfortunately, in cyberspace, the whole is only as strong as its weakest link -- and the majority of African countries are downright frail. That fact won't be lost on skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo. The biggest botnet the world has ever known could be lurking there.

TONY KARUMBA/AFP/Getty Images

 

Franz-Stefan Gady is an analyst at the East West Institute, which will host the First World Wide Cybersecurity Summit in Dallas, Texas, in May 2010.

GIGGLINGBOB

7:54 AM ET

March 26, 2010

Cyber Xenophobia

First and foremost I feel the writers arguments for a potential "african WMD" are extremely weak and based on generalizations and rather poor statistics. Possibly just a bit of xenophobia as well.

It also seemed rather condescending towards Africa in general. The basis of this article seems to say that Africans are too stupid to protect themselves and the rest of the world, but that they are smart enough to run sophisticated hacking attacks across the globe. Seems contradictory.

Everything I would say in response to this article has already been said:

Blurring Borders » Blog Archive » Are Computers in Africa Really Weapons of Mass Destruction? http://bit.ly/9nN73H

Subsaharska - African Cyber WMD? Really? http://bit.ly/9Ud7DR

I would suggest the author give them a read.

 

GRANT

9:51 PM ET

March 26, 2010

It is entirely possible but I

It is entirely possible but I personally think it unlikely. I'll admit I could be entirely wrong, but I have some faith that technologies for internet use will follow general trends and advance sufficiently.

On another note Gigglingbob those are genuine concerns with some justification. What was said was that much of Africa is not educated in how to securely use the internet. My experience and conversations with people who worked to help set up businesses there agreed with that. They were fully capable of searching for data and the like, but they also might click on those "shoot the duck" or "sexy women waiting for you" ads. Furthermore, it does not take many people (or even more than one) to set up a botnet.

 

JOHNBRAGG

9:51 AM ET

March 28, 2010

What is missing is motivation

The Internet as a system or network is pretty good at repairing damage. If the botnets are just run by vandals, then they will amount to Internet "bad weather" and cybersecurity will keep pace or catch up.

If the botnets are run by people with a purpose, then you have to consider how taking down the Internet would make a Russian-Bolivian-Salvadoran hacker running a mostly-African botnet through a fake Denver IP address would profit from the scam.