Cyber Crime in East Africa
April 13, 2020
April 13, 2020
On the African continent, East Africa has the fastest-growing economies in the region, as well as one of the fastest in the rest of the world. This has increased the digital infrastructure in the region, with the integration of fibre-optic cable, stronger satellite connections and faster broadband. The ICT sector has boomed as well as the number of people using the internet. This has unintentionally paved the way for cyber-crime to prey on the opportunities presented. These developments are analysed in this Grey Dynamics African Intelligence Article.
It is estimated that by 2022, 1 billion people in Africa will have internet access
It is estimated that by 2021, $6 Trillion will be lost annually to cybercrime globally
Cybercrime analysts suggest 10-15% internet penetration threshold is required for significant hacking operations; many African economies have surpassed this
World Economic Forum’s Cyber Risk Report 2020; after environmental risks, cyber attacks pose the next largest global threat by impact and likelihood
Africa lost $2 billion to cybercrime in 2016, and $3.5 billion in 2017. There has been a steady increase with limited success in prevention
Vulnerabilities in East African cybercrime legal framework and lack of protection have made many enterprises a target for cybercrime syndicates. Despite measures to limit the impact, stronger measures will be needed to limit the impact of this phenomenon in the region.
An African Unions Convention on Cyber Security and Personal Data Protection 2014 has been signed by Rwanda. Member states such as Uganda and Kenya have begun adopting measures set by this convention. In 2014, Kenya National Cyber Security Strategy amended information and communication laws, setting up a coordination centre and a framework which results in quick responses to hacking.
Rwanda’s National Computer Security and Response Centre, established in 2015, detects, prevents, and responds to cybercrime threats. Uganda has established a similar framework but also integrated a National Information and Technology Authority that provides technical support and training to avoid cyber threats. The Global Cybersecurity Index in 2017 stated that African governments need to adopt politics that support strategies for cybersecurity. Despite these positive steps, it is not enough.
Africa lacked fibre-optic cables and had slower satellite links and broadband compared to other regions. In June 2009, East Africa witnessed its first fibre optic submarine cable. In July 2009, Kenya experienced 800 bot attacks per day. A lack of awareness and investment is enabling cybercrime syndicates to target susceptible targets. Interpol Secretary-General for East Africa, Jean-Francois Gadeceu stated that having one of the fastest-growing economies makes East Africa a magnet for organised crime.
For example, a cybercrime gang attempted to siphon cash from M-Pesa accounts which Kenya foiled, but Safaricom had already lost $200,000 to the group. Tourism, movement of workers and the advancement in technological development, combined with cross border enterprises in the region has facilitated a growth in cybercrime. Syndicates can operate in one country while targeting another.
According to Check Point Software Research, African enterprises are targeted by malicious hackers more than the rest of the world. OnNet stated that the cybercrime group Silentcards had gotten away with 2 billion Shilling from 2018 to mid-2019. Namibia is the most targeted African nation, due much in part due to their weak cybersecurity framework. A Cybersecurity Bill in 2017 has yet to become enacted into law.
Kenya has established cross-border banks across the region. Equity Bank relies heavily on digital technology which creates opportunities for hacking. Between April and June 2019, Kenya experienced 26.6 million cyber threats. In June 2019, 18 government websites were temporarily taken down. By 2020, there will be an estimated 100,000 cybersecurity professional shortage. This shortage, considering the increase of cybercrime activities will surely be detrimental to the economic development in East Africa.
In November, Rwandan authorities arrested a cybercrime syndicate with 8 Kenyans, 3 Rwandans, and 1 Ugandan after an attempt on the Equity Bank System. This indicates a transnational element. In the US, Fairfax received accounts payable email from what it thought was from the company Dell. In reality, a Kenyan based cybercrime syndicate had been rerouting money. This led to an FBI seizure of $3.7 million and an approximated recovery of $118 million in wire transfers. The US government has now established a special unit with the main objective of monitoring cybercrime from Kenyan IP addresses.
Not only is the growth of cybercrime detrimental to East Africa’s economic and infrastructure development, but the transnational element provides opportunities for organised crime and terror groups to increase their operational capacity. A lack of detection and lack of reporting on the issue in the region makes an assessment limited. It should be clear however that a framework to limit the damage of these groups is necessary. The World Economic Forum’s 2020 study of global risks makes it clear that the threat of global-scale hacking, the rise of AI and the potential disintegration of the internet have not gone away.
Eren Ersozoglu is an analyst / contributor intern at Grey Dynamics. A former history graduate from Coventry University with a focus on links between terrorism and organised crime studying an MA in intelligence and security studies at Brunel University.