you're reading...
politics, technology

Fuzzy Thinking on African Botnets

I call “bull.” African botnets are not WMD, and the solution to African botnets is not to prosecute the lucky few who have computers there. Franz-Stefan Gady is completely out of touch with the realities of IT in Africa. The last thing African governments need is shunt scarce resources into prosecuting cyber criminals, particularly within their own borders. Please do something more useful with whatever resources you have: support export industries, build infrastructure, build a call center or an export processing zone, make jobs, and provide education and health care.

Honestly. Beefed up law enforcement? Where does Gady think most infections in Africa originate? Why would he presume that the botnets are home-grown?

Governments should find ways to make legitimate software available at prices users can afford. That means not taxing software imports, encouraging the use of free and open source software, and ensuring broadband access. Yes, greater bandwidth, and not less bandwidth, is crucial to safer computing. Bandwidth will give end users access to security updates and current virus databases that are prohibitively difficult to download when connections are slow.

Improved cyber security will come from responsible use of computers, not prosecution of abusers. The problem for African governments is to protect their users from cyber crime. They cannot and should not expect to administer people’s computers for them. Who among us would trust the government to install our anti-virus software for us? Not I, thank you very much. The key is to create market conditions where everyone can afford safe software.

In many countries, cracked versions of name brand, expensive software are the norm. When you need a new copy of MS Office, or Adobe Illustrator, or SPSS, or FinalCutPro, you simply walk down to the local CD shop and pick up warez for pennies on the dollar. No one who has travelled widely will dispute that this is the reality–particularly in the segment of the market where infections are highest. Nobody knows what has been packaged with these cracked warez, and no one can be sure that security patches will be available to these users.

Moreover, most African countries (with some exceptions, such as Egypt and South Africa) lack the legal infrastructure they would need to prosecute, let alone stop, the rapid increase in cybercrime. Nor is there much coordination between countries on how to deal with cybersecurity, despite commitments made at a Regional Cybersecurity Forum for Africa and Arab states held in Tunis in 2009. Promises made to develop national cybersecurity strategies and better monitor the crime will likely fall flat on a lack of funding.

There are a few bright spots in this dismal picture. Some African countries really have made headway, at least on a national level. Tunisia, for example, drafted a national cybersecurity strategy and specific legislation for electronic identification, and has been able to create the first national security institute in Africa. Nigeria, home of the infamous “419” scam, so named for the code of law that prohibits it, has developed a national cybersecurity initiative mostly aimed at raising awareness and battling online fraud.

Unfortunately, in cyberspace, the whole is only as strong as its weakest link — and the majority of African countries are downright frail. That fact won’t be lost on skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo. The biggest botnet the world has ever known could be lurking there.

I’m always happy to see cybersecurity in the news. Franz-Stephan Gady’s piece in Foreign Policy makes an important point: the distance between countries is lower online than it is offline. When broadband access comes to Africa, we will face greater exposure to a great number of botnets. But there’s no reason to pick on African botnets, especially given that at present, the connectivity of infected hosts in Africa is so much lower than those in Europe, the Americas, and Asia.

About Ben Mazzotta

Ben Mazzotta is a postdoc at the Center for Emerging Market Enterprises (CEME). His study of the Cost of Cash is part of CEME's research into inclusive growth.


2 thoughts on “Fuzzy Thinking on African Botnets

    • Absolutely agree with the premise: the software in use is insecure. With millions of computers out there, the only viable solution is to give users access to safe software and incentives to use it.

      Since security is a process and not a feature, that means millions of users need durable and regular access to security patches for the OS of their choice. If pirated Windows doesn’t provide security updates, then those users will have to find affordable access to legitimate software (Windows, Mac, Android, or Linux).

      Does MS really not offer security patches for pirated software? I’ve seen executives claim specifically that they do. It could be that patching is prohibitively expensive because of bandwidth costs and bottlenecks.

      Thanks Josh!

      Posted by Ben Mazzotta | March 26, 2010, 8:25 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


CC License

Bookmark and Share
March 2010
« Feb   Jun »


People mentioned in this blog are hereby invited to post a reply, on this blog, to any remarks, disparaging or otherwise, that I make here.

For that matter, if you're an interested reader and you'd like to share your thoughts, I would welcome proposals for cross-posting at your blog, guest blogging, and other creative ideas you may have.
%d bloggers like this: