More capacity also brings problems

On the back of the increasing availability of Internet bandwidth due to the expanding infrastructure of new telecommunications players such as Neotel and the new undersea Seacom cable between South Africa and Europe at the end of last year, Internet use in the country is on the up. But so are the opportunities for cybercriminals who prey on inexperienced entrants into the world of cyberspace.

While telecommunications networks are expanding at a healthy rate in the rest of Africa, it does not come without risks. Many countries are ill equipped at this stage to deal with potential threats such as cyberattacks on essential services.

The excitement about the eminent 2010 Fifa Soccer World Cup in not too many weeks in South Africa, and the commercial activities associated with it have helped to drive an increase in Internet traffic to and from the country.

The South African Internet market, as a developing market and because of the more readily available broadband access, has a relatively high percentage of novice users.

The combination of all these factors has left the country’s 10 million Internet users markedly more vulnerable to attacks from cybercriminals.

Experts warn that historical data shows that newsworthy events and an increase in bandwidth tend to attract these criminals. In fact, there already have been examples of Internet users who have fallen prey to scams and malicious attacks over the last few months.

Some of these cybercriminals are highly sophisticated and are making use of the ranking criteria of popular search engines to lure unsuspecting Internet users into their nets. Banking on the tendency by Internet users to click first on the links appearing at the top of search lists, these cybercriminals ensure that they appear high on these lists.

By being clicked on regularly during newsworthy events, these criminals increase the chances of spreading their malicious pages that are infected with malware or designed to try and sell Internet users misleading applications such as rogue security software.

In much less subtle scams, prospective visitors to South Africa from abroad already have lost money in advance-deposit fraud connected to non-existent accommodation for the World Cup tournament.

In a recent release, the Southern African Fraud Prevention Service (SAFPS) reported that it is receiving increasing numbers of complaints from individuals overseas who have booked accommodation on open websites in South Africa for the World Cup, only to find that after deposits have been paid, the “lessors” have disappeared from view – with their money.

Pat Cunningham, executive director of SAFPS, said that although the accommodation advance-fee fraud is fairly common, there has been a marked increase in complaints and reports from individuals overseas who have used public websites offering accommodation, only to find that their deposits have vanished along with the fraudster.

Local technology company Symantec, which monitors nefarious Internet activity, has launched a website to give free advice to Internet users concerned about scams linked to the World Cup.

During the Beijing Olympics in 2008, phishing attacks increased by 66% worldwide. Traditionally, other newsworthy events such as the death of Michael Jackson, Barack Obama’s election and special dates on the calendar such as Valentine’s Day also get much attention from these malicious operators.

Increased bandwidth also makes it easier for cybercriminals to launch online attacks. Falling Internet prices bring new, inexperienced users onto the net and consumers and small businesses who are upgrading from the slower, more restricted dial-up connections, are more vulnerable and face increased risks.

Rest of Africa

During discussions about how to boost telecoms networks in Africa at the recent annual African Union summit in Addis Ababa, it was revealed that the continent’s telecoms sector – one of its fastest growing – will have private investments of more that $70 billion by 2012. It will well surpass the $55bn over five years promised by investors at a United Nations-sponsored meeting held in Rwanda in 2007.

Hamadoun Touré, secretary-general of the UN’s telecoms agency, the International Telecommunications Union (ITU), said that the first two years after the Rwanda meeting have seen $21bn being invested, which makes him “believe by the end of the five years, we will surpass very easily $70bn."

Mobile penetration in Africa stands at 42%,while only 8% of the close to one billion people living on the continent have access to Internet connections.

At the Rwanda meeting, African countries pledged to construct national fibre-optic networks with the goal of linking all cities and major towns by 2012. All regions, with the exception of Central Africa, had made progress in fibre-optic networking, and governments with proper regulations and information and communication technology (ICT) policies were guaranteed private sector capital because the business was growing rapidly, said Touré.

“What the private sector is looking for is a predictable regulatory environment where the rules of the game are clear and are not changing during the game.

“There are over 454 countries with a good regulatory authority at present. The challenge is to bring them together to work together on issues that are intercontinental,” he added.

Touré, however, also warned that as Africa was ramping up its cybercredentials, it needed to be aware of the risks of cyberconflicts, which could be more devastating than a tsunami. Sabotage of ICT systems could interfere with aviation navigational systems, could shut down electricity grids and could lead to loss of lives if medical system were attacked.

States need to set in place policies that will criminalise misdemeanors in cyberspace, and they should establish response teams that have the technical capacity to deal with such attacks. The cost of setting up systems to protect telecoms systems was not all that high, but the fact that many countries did not yet appreciate the risk, was a hurdle.

There is not sufficient awareness about the possibility of cyberattacks, and therefore they are not seen as a threat. Much needs to be done on this front, said Touré.

Individual protection

There are a number of things that individuals and/or small businesses can do to make themselves less vulnerable. Among the steps that Internet users can take to help protect themselves against scam and spam attacks are:

·    Acquire security software, and always from reputable and trusted sources;

·    Only download applications from vendors from whom these were bought, and always keep legitimate security software updated;

·    Avoid security software offered in pop-up screens;

·    Caution should be applied when browsing, since malicious attacks can result in the hijacking of open sessions – and in the world of permanent connectivity, be sure to log out of websites;

·    Ignore open error displays from within a Web browser, which often invite you to download and install fake software; and

·    Raise your awareness level and scrutinise all search results properly.