Africa suffers digital pariah status

Given the risks associated with increased Internet connectivity, the continent should start cleaning up before it gets walled off from the digital world, as it already has a bad reputation.

This is according to Barry Irwin, from Rhodes University's department of computer science, speaking at the ITWeb Security Summit in Sandton, yesterday.

He said over the next 24 months, there will be an increase in connectivity across Africa, with massive cable capacity growth (mostly IP connectivity).

On the positive side, he said this will influence the lowering of broadband costs and increase broadband penetration. “There will be a decrease in network restrictions.” He added the penetration of computers into homes is likely to increase, as computers are becoming cheap.

This development may finally help African nations to start bridging the 'digital divide', said Irwin. “It will bring the continent one step closer to e-services such as health, governance, education, and BPO.”

However, he pointed out that this new digital resource also leaves society vulnerable, with machines that can be compromised and monetised into forex via botnet rentals, compromised sites, phishing, spam, open relays and open proxies.

According to Irwin, Africa is becoming a popular destination for 419 scams, which originated in Nigeria. This involves an e-mail scam sent to Internet users promising a percentage of the cash if they help move money out of the country. “It is clear that 419 scams are becoming our best-known Internet product,” he added.

“We are also seeing a rise in compromised hosts, which are used to send out spam in the continent,” he said. We know that Africa has dysfunctional or ignorant service providers, which put the continent in danger, he pointed out. “The telcos, mobile and ISPs in Africa have no strict measures in place, and there are low levels of technical competency and awareness in the continent.”

Irwin noted that software piracy is another factor which gives Africa a bad reputation, and doesn't only affect the software companies.” It affects every computer user in the continent because software piracy generally means no updates, which leads to security flaws staying open and vulnerable,” he explained. “With the continent being vulnerable and the low-level technical skills, it leads to a compromised digital environment.”

He cited a recent Business Software Alliance/IDC global software piracy study, showing the average rate for illegal software use in African countries surpassed 70%. In Zimbabwe, 90% of the software used is illegal.

“Together with Vietnam, Zimbabwe has the highest software piracy rate in the world.” Irwin added that the majority of the African countries for which specific data is available have a piracy rate above 80%. These include Cameroon (84%); Algeria and Zambia (83%); Botswana, Ivory Coast, Nigeria, and Senegal (82%); and Tunisia and Kenya (81%).

The study estimates the remaining countries in Africa, included under the entry 'Other Africa', have an average piracy rate of 84%. “On a positive note,” said Irwin, “SA stands at 36%, while the global average is 35%”. He said this shows potentially 70% of computers in Africa are unpatched.

Irwin added there are positive developments as well. “We are seeing more countries like Tunisia and SA implementing the national Computer Security Incident Response Team (CSIRT), a service organisation that is responsible for receiving, reviewing, and responding to computer security incident reports and activity.”

He also pointed out there are now anti-phishing efforts being rolled out in Africa. “We know it's hardly a secret that phishing is one of the biggest problems facing computer users these days. Phishing attacks are becoming more sophisticated. However, many African countries are now aiming to change that by educating citizens.”

Research has found user education can help prevent people from falling for phishing attacks, he said. “However, it is hard to get users to read security tutorials, but the continent is showing effort in this regard.”

Irwin stressed that grassroots education of consumers should be put in place. “All we need is to start small and grow. By doing this, we will lock down botnets and effectively deal with phishing and spam.” Multiple players including government, the Internet industry, and public-private partnerships need to be called to action to help clean up digital Africa, he suggested.

As a continent, we need to have self-regulating bodies in place, he advised. “We also need legislative support with updated legislation, improved prosecution and investigation. Above all, we need cross-border co-operation.” By doing so, Irwin argued Africa can easily 'name and shame' those who are tarnishing the name of the continent. This will help it avoid becoming a digital pariah.

“If the continent does not clean up we will soon be seeing a replay of the African land grab which happened in the 1800s,” he warned. “There are many networks of cyber criminals who are eyeing Africa at the moment.”