In Box

Switch Hitters

When a massive blackout struck Nigeria’s largest city this February, officials suspected any number of causes, from simple negligence to sectarian rebels. But some analysts have since come to believe that Lagos was the victim of a sophisticated cyberattack. Indeed, developing countries are increasingly being shaken down by highly organized, well-financed criminal gangs operating in ...

When a massive blackout struck Nigeria’s largest city this February, officials suspected any number of causes, from simple negligence to sectarian rebels. But some analysts have since come to believe that Lagos was the victim of a sophisticated cyberattack.

Indeed, developing countries are increasingly being shaken down by highly organized, well-financed criminal gangs operating in cyberspace. In just the past year, intensifying attacks have been lodged against banks, government agencies, and utility companies in India, Nigeria, Vietnam, and across the Middle East. Hackers have turned out the lights in at least three known attacks on utility sectors outside the United States, says Alan Paller, research director at the Maryland-based SANS Institute, which oversees an early warning system for the Internet. For security reasons, he declined to name the countries, but noted that two of those attacks occurred in developing countries. In all three cases, the aim was to extort money. So far, no country has publicly admitted to paying up.

The cybercriminals’ weapon of choice is "distributed denial of service," or DDoS, attacks. DDoS attacks occur when computers operating together in giant "botnets" (short for robot networks) are weaponized by criminals who remotely control hundreds of thousands of computers unknowingly infected with malicious code. Connected globally by high-speed broadband, these botnets yield the power of a supercomputer. The danger of DDoS attacks was revealed in 2007, when a massive botnet of up to 1 million computers targeted Estonia, shutting down the country’s government ministries, parliament, and largest bank. Criminals like such attacks because they are nearly impossible to trace; they appear to come from thousands of separate IP addresses scattered across the globe. "DDoS has emerged as an incredibly powerful tool for organized crime," Paller says.

Freelancing cybercriminals are beginning to lease their massive botnets to the highest bidder, often larger criminal groups. In turn, these groups carry out attacks in the hope of wringing money from their victims. Early targets for cyberextortion included online gambling sites and other businesses that were dependent on the Web. Now, utility companies appear to be Target No.1, especially those in poor countries. They make easy prey because their software often relies on commercially available Web applications that lack robust security features. "Developing-world countries are so far behind in terms of Web security that it’s frightening," says Mandeep Khera of the cybersecurity firm Cenzic. If they don’t catch up soon, it could be lights out.

A decade of Global Thinkers

A decade of Global Thinkers

The past year's 100 most influential thinkers and doers Read Now

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola