Africa’s Cyber WMD
Think that Russia and China pose the biggest hacking threats of our time? The virus-plagued computers in Africa could take the entire world economy offline.
Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a "botnet" -- the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming -- straight out of Africa.
Imagine a network of virus-driven computers so infectious that it could bring down the world’s top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a "botnet" — the cybersecurity world’s version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That’s because no one sees it coming — straight out of Africa.
Cybercrime is growing at a faster rate in Africa than on any other continent in the world, according to statistics presented at a conference on the matter in Cote D’Ivoire in 2008. Cybersecurity experts estimate that 80 percent of PCs on the African continent are already infected with viruses and other malicious software. And while that may not have been too worrisome for the international economy a few years ago (just like the continuing war in the Democratic Republic of the Congo does not affect our daily lives), the arrival of broadband service to Africa means that is about to change. The new undersea broadband Internet cables being installed today will make Africa no further away from New York than, say, Boston, in the virtual world.
Broadband Internet access will allow Africa’s virus and malware problems to go global. With more users able to access the Internet (and faster), larger amounts of data can be transferred both out and inward. More spam messages in your inbox from Africa’s email fraudsters will be only the beginning.
Here’s how the most alarming scheme could work. From a central hub, computers across the continent could be taken over, often without the knowledge of their owners, and set up to forward transmissions (including spam or viruses) to other computers online. These new zombie computers, or "bots" (as in robots), serve the wishes of some master spam or virus originator. "One botnet of one million hosts could conservatively generate enough traffic to take most Fortune 500 companies collectively offline," Jeffrey Carr writes in his book Inside Cyber Warfare. "A botnet of 10 million hosts could paralyze the network infrastructure of a major western nation." The African continent, home to almost 100 million computers, would be a top target for botnet herders, with devastating results.
Why Africa, of all places, when surely there are computers to hack elsewhere? In short, because the continent is home to the world’s most vulnerable computers. About 80 percent of the African population lacks even rudimentary knowledge of information technologies, according to a recent World Bank survey. Though Internet cafes are widespread, providers often cannot afford proper antivirus software, making computers very easy targets for skilled botnet operators and hackers.
Moreover, most African countries (with some exceptions, such as Egypt and South Africa) lack the legal infrastructure they would need to prosecute, let alone stop, the rapid increase in cybercrime. Nor is there much coordination between countries on how to deal with cybersecurity, despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held in Tunis in 2009. Promises made to develop national cybersecurity strategies and better monitor the crime will likely fall flat on a lack of funding.
There are a few bright spots in this dismal picture. Some African countries really have made headway, at least on a national level. Tunisia, for example, drafted a national cybersecurity strategy and specific legislation for electronic identification, and has been able to create the first national security institute in Africa. Nigeria, home of the infamous "419" scam, so named for the code of law that prohibits it, has developed a national cybersecurity initiative mostly aimed at raising awareness and battling online fraud.
Unfortunately, in cyberspace, the whole is only as strong as its weakest link — and the majority of African countries are downright frail. That fact won’t be lost on skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo. The biggest botnet the world has ever known could be lurking there.
Franz-Stefan Gady is a consulting senior fellow for cyber power and future conflict at the International Institute for Strategic Studies and an adjunct senior fellow for defense at the Center for a New American Security. Twitter: @hoanssolo
More from Foreign Policy
Chinese Hospitals Are Housing Another Deadly Outbreak
Authorities are covering up the spread of antibiotic-resistant pneumonia.
Henry Kissinger, Colossus on the World Stage
The late statesman was a master of realpolitik—whom some regarded as a war criminal.
The West’s False Choice in Ukraine
The crossroads is not between war and compromise, but between victory and defeat.
Washington wants to get tough on China, and the leaders of the House China Committee are in the driver’s seat.