ADF STAFF
A team of international cybersecurity investigators recently identified more than 20,600 suspicious websites tied to an estimated $40 million in financial losses across Africa.
Africa Cyber Surge II was a four-month joint operation by Interpol and Afripol that involved 25 countries across the continent. It began in April and by August resulted in the arrests of 14 people running online scams in countries including Cameroon, Mauritius, and Nigeria.
The operation followed the first Africa Cyber Surge conducted in 2022. Both operations were a reminder that the rapid spread of the internet and smartphone technology across Africa has happened, in many cases, without the necessary protections to guard against online scammers and other malicious actors, according to experts.
While that situation is changing, it requires cooperation and trust among African countries and the involvement of private stakeholders to succeed on a large scale, Nigerian cybersecurity expert Abdul-Hakeem Ajijola told ADF in an email. Ajijola leads the Strategic Road Map Action Plan Committee of the Nigeria Data Protection Bureau.
“We must change the misperceptions of African government and institutional leaders that cybersecurity is not an African problem to solve,” Ajijola wrote. “Compounded by the misunderstanding that increasing internet access, without trust based on cybersecurity, will not result in greater utilization.”
Among those attacks are phishing, a cyberattack that tricks people into opening emails and text messages that unleash malicious code into their computer systems and smartphones, and ransomware, in which hackers inject code that locks down a computer system until the owner pays to have the system restored.
Africa Cyber Surge II invoked the kind of cross-border cooperation Ajijola and other cybersecurity experts see as needed. Among those arrested were three people in Cameroon involved in the fraudulent sale of artworks worth $850,000. They were captured thanks to the cooperation of authorities in Côte d’Ivoire.
In addition to those arrests, the program also:
- Took down 185 internet addresses connected to malicious activities in Gambia.
- Led Cameroonian authorities to shut down two darknet sites.
- Led authorities in Kenya to shut down 615 websites that hosted malware — software typically tied to online scams such as phishing and ransomware.
“The Africa Cyber Surge II operation has led to the strengthening of cybercrime departments in member countries as well as the solidification of partnerships with crucial stakeholders, such as computer emergency response teams and Internet Service Providers,” Interpol Secretary-General Jürgen Stock said in a statement announcing the results of the investigation. “This will further contribute to reducing the global impact of cybercrime and protecting communities in the region.”
The rapid growth of the internet across African nations in recent years, often with few safeguards to prevent criminal activity, has helped make certain African countries hubs for internet scams, malware and fraud. Much of that malicious online activity has been based in Kenya, Nigeria and South Africa, which have some of the highest levels of internet use on the continent.
A report this year by the Cyber Security Experts Association of Nigeria (CSEAN) found that Nigeria’s digital environment is plagued by a weak response to existing threats, outdated technological resources and a lack of transparency about cyberattacks when they happen.
More than 600 million Africans are now online and about 90% of them do not follow the proper cybersecurity precautions, according to Interpol. Those African internet users face 700 million cybersecurity threats a year.
To guard against cyberattacks, internet users from individuals to financial institutions to government agencies need to learn to be savvier about the risks that cybercriminals pose to them, the CSEAN said in its report.
“All stakeholders must work together to ensure a concerted effort to protect the cyber sovereignty of the country,” CSEAN’s analysts wrote. “Cybersecurity is a collective responsibility.”
At this point, 12 African countries have created national systems to address cybersecurity issues and to respond to attacks. Fewer than that have ratified treaties designed to address the international aspects of cybercrime.
Investigators involved with Africa Cyber Surge II said the rapidly expanding online environment demands that countries across the continent do more to protect their citizens, both through their own actions and by cooperating across borders.
“As digital systems, information communication technologies and artificial intelligence grow in prominence, it is urgent that public and private actors work hand in hand to prevent these technologies from being exploited by cybercriminals,” AFRIPOL’s Acting Executive Director Jalel Chelba said in a statement.
“Coordinated operations such as Cyber Surge are necessary to disrupt criminal networks and build individual, organizational and society-wide levels of protection,” Chelba said.