West Africa may be on the verge of developing its own fully realized underground cybercrime market, buoyed by a combination of traditional 419 advance-fee fraudsters and more sophisticated actors that prefer business email compromise and tax scams, Trend Micro and Interpol warned in new joint report.
"Although best known for simple types of fraud at present, West African cybercriminals are clearly shifting to more elaborate crimes, complex operations, and business models..." the report asserted. "We believe they will continue down this track and soon become as sophisticated and innovative as cybercriminals in other countries or regions. West African cybercriminals will eventually start creating online communities, not just small groups of close friends with whom they share technical skills and know-how. Some may start selling products and services that work for their crimes, leading to the formation of a West African underground market."
Citing Interpol survey data gathered from 11 multiple West African nations, the research document reported that cybercrime-related complaints received by law enforcement agencies in West Africa jumped from nearly 1,300 incidents in 2014, to almost 2,300 incidents in 2015. During this same time period, authorities made an arrest in 30 percent of incidents. But that success rate could be improved if certain investigative roadblocks were removed.
For instance, 100 percent of Interpol survey respondents said that they frequently experienced difficulties obtaining case information from overseas sources, and 75 percent said that they struggle to pinpoint cybercriminals' physical locations. "Possible reasons for these challenges include lack of logistical resources and cybercrime training for local law enforcement agents as well as the lack of cybercrime laws in the country or region concerned," the report theorizes.
West African cybercriminals stole an average of $2.7 million from businesses and $422,000 from individuals each year between 2013 and 2015, the report also noted, suggesting that the disproportionately higher profits stemming from business fraud is likely behind a recent rise in West African-based BEC scams.
An inordinate number of these BEC campaigns have focused on the manufacturing industry, with West African criminals targeting this sector in 46 percent of reported 2016 incidents. "This is possibly due to the fact that manufacturing companies typically supply resources to smaller companies and so engage in a lot of email conversations and transactions that may contain invoice details," the report explained. The food and beverage was a very distant second, targeted in approximately five percent of incidents in 2016.
Geographically, U.S. targets saw the greatest share of West African-based BEC scams (just over 11 percent), followed by China (approximately 10.6 percent) and India (just over five percent).
The report breaks West African cybercriminals down into two basic groups: Yahoo boys and "next-level" cybercriminals. The former tend to be in their 20s and stick to basic 419 advance-fee cons like romance scams and Nigerian Prince schemes. The latter are generally in their 30s and older, and typically partake in BEC schemes, tax scams and targeted phishing campaigns that require technical savvy and hacking tools such as keyloggers and remote access trojans. "They also have ties, financial accounts, and networks in the countries their targets reside in. This helps them more smoothly carry out operations..." the report states.
The document also pointed out several unique cultural and anthropological idiosyncrasies that help shape the West African cybercriminal mindset. For instance, some cybercriminals in Ghana partake in sakawa, a ritualized practice of online fraud that centers around a "supreme being" who blesses criminals with protection. "This encourages West African cybercriminals to defraud foreign victims (typically Westerners) online as a means to escape poverty. It even serves as a means to justify ends, taking out the unethical element in victimizing the unwitting," the report explains, citing additional sources.
A lack of legitimate career opportunities appears to be another key societal factor influencing cybercriminal behavior in the region. According to the survey, approximately half of the cybercriminals identified in West Africa by local law enforcement are recognized as unemployed.
"What's unique about Africa is the fact that there are, besides socioeconomic [factors]... religious and cultural influences within these criminal undergrounds" as well, said Ed Cabrera, chief cybersecurity officer at Trend Micro, in an interview with SC Media.
The report also noted that cybercriminals in Western African generally exhibit a willingness to pass on their technical knowledge and share best practices with their fellow colleagues, frequently collaborating in groups via email and social media. "This is actually how 'newbie' cybercriminals learn to defraud potential victims and eventually differentiate themselves from others. They talk about which kind of people will most likely fall for particular types of fraud and what types of fraud actually work and pay off," the report explains. "In essence, the West African cybercriminal ecosystem can be considered as a self-learning portal and a self-sustaining system, improving through trial and error and the sharing of best practices."
Cabrera told SC Media that he expects West Africa's emerging underground cybercrime to truly take hold asthe continent's technological infrastructure evolves. "As Africa as a whole becomes more connected to the Internet and you have more mobile user,s I think then that will create that next level," he said.