Cybercrime in West Africa is still too often associated with basic Internet scams. However, the sophistication and diversification of criminal acts (fraudulent e-mails, hacking of electronic wallets, etc.) reveal the rise of new, more complex cybercriminal organisations in a rapidly expanding ecosystem. In this troubled region, non-state groups—sometimes terrorist—have multiplied and have used the Internet as a weapon against local states. In addition, foreign interventions in the area have accentuated existing crises, leading to a veritable information warfare. Some states in the region have become aware of all these threats and are organising themselves to try to gain control of their digital space.

West Africa is a geopolitical entity covering the western part of Africa. It includes the coastal countries north of the Gulf of Guinea up to the Senegal River, the countries covered by the Niger River basin, and the Sahel hinterland. Internet access—mainly via mobile phones—is increasing. In 2015, only 15% of the population was covered by the 4G network, against 63% in 2020. However, this growth is not uniform across all states. « Between 2000 and 2021, Togo had the highest increase, with a growth rate of 912%, »[1] while Cape Verde, over the same period, recorded only 4.3%. And while Nigeria is one of the leading countries in Africa—with more than half of its population connected—Niger and Chad are far behind with 2.2% and 2.7% respectively (2016 data) and are among the states with the least connected population.

In these countries, it is mainly young people who are going online. According to the latest UN report on world demographic prospects, West Africa has a population of approximately 391 million, of which more than 60% are under 24 years of age and many are suffering from massive unemployment (31.2% unemployment for 15-24 year olds and 11.9% on average for the region). Faced with this, many petty criminals have turned to cybercrime and the advantageous financial prospects it offers (a phenomenon that has been accentuated by the Covid-19 crisis).

Therefore, in some cases, cybercrime has literally ‘taken people off the streets.’ In Ghana, people have even come to give hackers a privileged social status and full integration into society under the name of « Sakawa boys. »

A plurality of threats

In 2021, INTERPOL published a report on cybercrime on the African continent and presented an overview of criminal threats on the Internet. Not surprisingly, West Africa was affected by all of them:

Online scams – For African countries, online scams are the most frequently reported and pressing threat in the region. These scams target and exploit victims’ fears, insecurities, and vulnerabilities through phishing, mass emailing and social engineering. Member countries have reported a sharp increase in the number of online banking scams, including bank and credit card fraud.

Digital extortion – Digital extortion targets individuals either by alleging possession of sexually compromising images or through direct blackmail campaigns. While these threats are far from new, the digital transformation of society—particularly within the African region—has created new attack vectors for criminals to both blur their identity and target new victims.

Business email compromise – Alongside online scams, business email compromise scams have been identified as a major concern and threat in the region. In Africa, businesses and organisations that rely heavily on money transfer transactions are vulnerable to this threat.

Ransomware – In 2020 alone, more than 61% of businesses in the region are estimated to have suffered ransomware attacks. In some African countries, these attacks have targeted critical infrastructure, particularly in the health and maritime sectors.

Botnets – Botnets are networks of infected machines used to automate large-scale campaigns such as distributed denial of service (DDoS) attacks, phishing campaigns, malware propagation, etc. Nearly 50,000 botnet victim detections have been recorded in Africa, with a monthly average of 3,900 detections.

The main targets are French-speaking Western countries and the United States. However, there is an increase in the number of attacks on locals. In 2016, Côte d’Ivoire lost around €2.5 million to these attacks, and in 2017, Nigeria suffered over $600 million in losses.

For a plurality of stakeholders

In West African cyberspace, petty cybercrime shares the stage with non-state groups, which can be armed opposition factions and/or jihadists. The Western intervention in Libya has had the effect of greatly destabilising the region and encouraging the emergence of such politico-military organisations and consequently their presence on the Internet. Multiple competing groups operate in West Africa, including Al-Qaeda in the Islamic Maghreb (AQIM), the Islamic State in the Greater Sahara (IS-GS), and Boko-Haram. These groups have grasped the importance of the Web in their religious struggle. They use it not only to communicate, but also to recruit and conduct propaganda and influence operations.

Their technical skills have also evolved, and some criminal groups have moved from simple online videos to full-scale productions and communication strategies to support their actions. They can also launch cyberattacks to raise funds for their movement or to shut down computer systems in enemy countries.

France, which intervenes militarily in the region to oppose these groups, is bearing the consequences of its actions. These organisations and enemy states—such as Russia—are using fake news and/or biased information to fuel anti-French sentiment in the region, while criticising the governments that are France’s allies. Faced with the scale and multiplicity of threats in cyberspace, some states in the region have decided to organise themselves.

Towards a collective response?

West African states have become aware of the threats, of their vulnerability, and of the need to acquire the necessary capabilities to control their digital space. The climate, lack of funding, and poor infrastructure development limit their actions, but some countries are organising themselves collectively. « The 2014 adoption by the African Union of the Convention on Cyber Security and Personal Data Protection—known as the Malabo Convention—and the recent legislative and operational developments in Côte d’Ivoire, Senegal, or even Burkina Faso, were the first signs of this. » A growing interest in the subject is demonstrated by the inauguration, in November 2018, of the regionally-oriented national school for cyber security in Dakar, and by the focus on this theme at the last two editions of the Dakar International Forum on Peace and Security in Africa. In March of this year, Togo organised an international conference on cybersecurity where some 30 countries were present. On the occasion of this gathering, the Togolese head of state, Faure Gnassingbé, declared that « Cybersecurity is one of the major challenges of our time, » which requires the « establishment of national operational structures in the field of cybersecurity, paving the way for active cooperation with African countries and with all actors in the digital ecosystem.«

There are many issues at stake. West African states must cooperate and equip themselves with the means, legal frameworks, and infrastructures necessary to impose their sovereignty in their respective digital spaces. Because in addition to cybercriminals, they also have to face the expansion of China and the Gafa in the region. States are therefore trying—through international institutions such as the African Union and the Economic Community of West African States (ECOWAS), and with international aid—to build their digital sovereignty.

[1] Internet growth in West African countries 2021 | Statista

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.