Traditionally associated with affluent, hi-tech countries, cybercrime remains low on the priority list for donors and development agencies. But some organized crime policy experts believe this is a ‘head in the sand’ approach, given the rapid spread of Internet connectivity in the developing world and the increasingly global workings of organized crime.
“Development actors should be looking more seriously at cybercrime and its impact on development goals. It’s a difficult act to sell though because donors don't see it as having a direct impact on the poor,” says researcher Camino Kavanagh, from New York University’s Center on International Cooperation, who has conducted research on cybercrime in Ghana.
Most projected Internet growth is expected to occur in Latin America, Africa and Asia over the next decade and it is tech-savvy young people – those in the burgeoning ‘youth bulge’ demographic - who will be harnessing it. Currently, 2.7 billion people around the world are online (two thirds of whom are under the age of 35) and with 4G or wireless connectivity rolling out at a rapid pace in developing countries, that number will swell to 4.5 billion in five years time. Current users are already vulnerable to cybercrime but the bulk of newcomers, uneducated on the need for cybersecurity, will be even more vulnerable.
Furthermore many of them will be unemployed young people, for whom cybercrime offers a tantalizingly quick, easy and low-risk way to make money. Already, cybercrime in developed countries is relatively low risk, given that it occurs in virtual space with no physical link between the criminal and crime. But in those countries where legal frameworks are not yet in place, and where there is no capacity to enforce them, the possibilility of detection is even lower.
A wide-ranging report on organized crime in developing countries, co-authored by Kavanagh, shows that there is already a high prevalence of cybercrime and sakawa – Internet-based fraud combined with traditional Ghanaian practices – in Ghana, Nigeria and Cameroon. According to the report, young Ghanaians from Accra suburbs, including Nima, Maamobi and Kotobaabi, are earning quick, easy money from Internet scams involving identity fraud, electronic and credit card fraud and other schemes. The trend is spreading quickly through Ghana and Nigeria: “In recent years popular media, radio, TV series and cinema both in Ghana and Nigeria have often glorified these forms of criminal activity, attracting a huge body of unemployed youth,” reads the report.
But research shows that cybercrime is not simply confined to youths acting more or less alone. Cybercrime 'dons' who control regional and country-specific teams operating across the West African region are more organized than initially thought and can “far outpace state operatives in terms of tech-saviness and capacity to adapt to, and adopt, new technology, software and malware to further their interests” reads the report. More recently, 419 scams in West Africa “have spread from national-level operations to regional syndicated interfaces, with foreign nationals relocating their activities to neighboring countries”.
Ghana, along with many other developing countries, has passed legislation to outlaw cybercrime and granted police the powers to act against it, but in the face of greater Internet and smartphone use, limited policing resources and a “corruptible bureaucracy”, the challenges will most likely mount. “In a sub-region as volatile as West Africa, where several countries are emerging from or immersed in conflict, and where organized crime, trafficking, money-laundering and terrorism increasing nurture each other, a lax approach to the prevalence of cybercrime vis a vis other forms of illicit activity may turn into a bigger problem in the years to come,” concludes the report.
There is a misplaced perception that the cybercriminal is a 'geeky' computer wizard gone crooked. At a recent conference of the Global Initiative against Transnational Organized Crime, McAfee vice president Raj Samani described how easy it is to commit online crimes with little or no technical expertise, given the vast array of dubious services for hire at relatively low cost. Cybercrime firms that supply stolen identification, hacking and code-breaking software and encryption devices brazenly advertise their services and, like legitimate online retailers, provide hotlines and live chat support. Tutorials on YouTube on how to commit basic fraud are freely available and criminal gangs are offering webinars on how to evade arrest, said Samani. Even assassins can be found on Facebook. “We talk about sharing ideas but they are already doing it,” he said.
Other services for hire, often relatively inexpensive, include language translation services, spamming, hacking, malware, password cracking services and DDOS attacks (distributed denial-of-service attacks) which involve shutting down sites by overwhelming them with information. There are also 'bulletproof' hosting services that cybercriminals can hide behind.
In the last decade the number of Internet users has increased 10 times in Latin America and 15 times in Central America, according to a report on cybercrime in the region by The SecDev Foundation and Igarape Institute. “Latin America’s cybercrime problem is a direct consequence of the exponential growth of cyberspace across the region. Indeed, the Internet and related social media tools have not just empowered citizens to exercise their rights, but also enabled and extended the reach of gangs, cartels and organized criminals,” reads the report.
Commented one of its authors, Robert Muggah: “When crime goes online it can generate serious challenges for poorer populations, many of whom are increasingly online. When fraud and identify theft occurs, banks inexorably transfer the costs on to customers, including those with modest-sized accounts. Meanwhile, cartels and gangs are using digital means to extend their control over poorer communities, many of whom are avid producers and consumers of social media. They can intimidate and recruit new members more easily.”
There have been horrific cases of people being targeted and killed in Mexico by the Zetas narco gang because of their online criticism. Gangsters are also using social media to track down, threaten and murder their opponents. And they are using the Internet to market and sell drugs. Silk Road, an online “eBay” for buying and selling drugs whose mastermind Ross Ulbricht was arrested in San Francisco and has now been accused of six murders-for-hire and denied bail, is another such site that has facilitated anonymous drug deals using bitcoins, a virtual currency.
Then Interpol president Khoo Bon Hui said in May last year that most cybercrime is perpetuated by organized international gangs and that its estimated cost is greater than that of the combined proceeds of drug trafficking. Some bandy the figure of $1 trillion about but most experts acknowledge that it is impossible to put a price tag on a vast array of hard-to-define crimes that occur in virtual space.
While the middle and upper income countries currently bear the brunt of cybercrime, this is true for developing countries in this category too – Argentina, Brazil, Chile, Columbia, Costa Rica, Dominican Republic and Mexico in Latin America, for example; or Nigeria and Ghana in West Africa. Brazil is considered the hub of cybercrime in the region and cybercriminals are now using the same modus operandi as their counterparts in Eastern European. And the victims of cybercrime tend to be individuals and small and middle-sized companies, not the banks and large corporations that have the capacity to invest large resources on securing their online systems.
In countries where detection and controls are lax or non-existent, cybercriminals are finding havens to operate with impunity. They are “landing in wonderland, with no-one to challenge them”, says Troels Oerting, head of Europol’s European Cybercrime Center. While the benefits of large-scale rollouts in developing countries are huge, so too are the risks, he says. “Many more people will be coming onto the Internet at a time when criminality online has matured.”
The European Union has set aside $60-million for training programs, much of which will be used to build developing countries’ capacity to resist cybercrime. His unit is witnessing a steep rise in various forms of cybercrime, including online pornography that often targets the most vulnerable – women and children. While the general public tends to be blasé about the risks of using unsecured devices, they are more inclined to mobilize around crimes like child pornography, Oerting told the Global Initiative against Transnational Organized Crime conference last month.
In his view, the need for co-operation on a global level is paramount. “We are good at talking on an international level but not so good at acting,” he says. Political sensitivities between developed and developing countries aside, there are many other issues that thwart co-operation, not least the vexed question of whether cybercrime includes all the traditional crimes that have migrated online as well as an ever-growing list of new crimes conducted in virtual space. According to the report on Latin America, “The absence of a comprehensive and consensus-based framework for legislating on cybercrime has resulted in a global patchwork of responses and loopholes open to exploitation.”
The Budapest Convention, which attempts to harmonize national laws against cybercrime, find ways to investigate and clamp down on it and promote international co-operation, has been ratified by 40 countries and signed by a further 11. But the process to get everyone on board has been slow since it formed in 2001. So far, both Russia and China have stayed away and although South Africa has signed it, no African country has yet ratified it.