15 West African countries are planning to join the International Convention on Cybercrime (Budapest Convention) to focus on the training of the officials against cyber attacks.
The training is held in Dakar and Senegal and is expected to be completed by the weekend. The course is inspired by the recurrence of cyber-criminality offenses in West African jurisdictions these days. Indeed, “the connection is increasingly developed in Africa and at the same time, there are vulnerabilities that arise, cases of digital identity theft, fraud, online scams, and this is frequent,” a judge in the case said.
Unfortunately, when cybercriminals are brought to justice in the countries targeted by the training, magistrates are not trained well enough to efficiently convict the suspects.
West African countries are facing a new danger in the form of cybercrime. According to a Trend Micro research, internet crime more than doubled in the continent. The new report, conducted by the cybersecurity company Trend Micro in collaboration with Interpol, showed that West African cybercriminals have gained serious expertise in committing crimes against both individuals and businesses, including “very clever social engineering tactics”. According to the study, the volume of cybercrime-related complaints in West Africa increased from 940 to 2,182 incidents from 2013 to 2015.
“Although best known for simple types of fraud at present, West African cyber criminals are clearly shifting to more elaborate crimes, complex operations, and business models,” the report said. “West African cyber criminals will eventually start creating online communities, not just small groups of close friends with whom they share technical skills and know-how. Some may start selling products and services that work for their crimes, leading to the formation of a West African underground market.”
Despite the increasing crime, according to the Interpol, 30 percent of the incidents reported to the agency resulted in arrests. However, this percentage is quite low compared to the number of cybercrimes conducted by hackers in West Africa. The Interpol reported that they faced roadblocks in several cases, including difficulties in obtaining information from overseas and identifying cybercriminals and their physical locations. Possible reasons for these challenges include lack of logistical resources and cybercrime training for local law enforcement authorities as well as the lack of cybercrime legislations in the country or region concerned.
Trend Micro differentiated two groups of cybercriminals in West Africa. The first group is called “Yahoo boys”, dubbed for their excessive use of Yahoo apps for communication via email and instant messaging. These lower level criminals excel in committing simple types of fraud (advance fee, stranded-traveler and romance scams and fraud) under the supervision of ringleaders or masterminds.
The second type of hackers in the continent are next-level cybercriminals. These persons are more experienced in the “industry” and prefer to pull off “long cons” (business email compromise [BEC] and tax scams and fraud) or crimes that require more time, resources, and effort. They have access to the advanced tools cybercriminals use, and they conduct their attacks on the victims using specific kinds of malware (keyloggers, remote access tools/Trojans [RATs], etc.) and other crime-enabling software (email-automation and phishing tools, crypters, etc.) that are easily obtainable from underground markets.
According to the Trend Micro study, researchers found out that in some West African regions the culture is encouraging cybercrime. In these parts of the continent, hackers mostly target foreigners with cyber attacks.
“This cultural mindset is reportedly most evident in Ghana where sakawa—a ritualized practice of online fraud—is practiced. In sakawa, a supreme being is believed to bless criminals with protection and good fortune. This encourages West African cyber criminals to defraud foreign victims (typically Westerners) online as a means to escape poverty,” the report goes by.
In August 2016, the Interpol, with the help of Trend Micro researchers, arrested the head of an international criminal network suspected of stealing more than $60 million through business email compromise (BEC) scams and CEO fraud. The arrest was the result of a joint operation between the Interpol and the Nigerian Economic and Financial Crime Commission utilizing Trend Micro research to identify and arrest the suspect.
The Trend Micro research possibly contributed to the cooperation of the 15 West African countries in cybercrime training. In the training session, official documents reported that technical skills had been gained that allow a better understanding of the cases for officials. Trainees were also given a better way to collect evidence on the internet.