Operation across Africa identifies cyber-criminals and at-risk online infrastructure

25 November 2022
INTERPOL and AFRIPOL collaborate in joint action against cybercrime

Law enforcement officials from 27 INTERPOL countries joined forces in the Africa Cyber Surge Operation to counter cybercrime across the continent.

Against the backdrop of the huge financial losses suffered by companies, businesses and individuals, the four-month operation (July to November 2022) saw officers detect, investigate and disrupt cybercrime through coordinated law enforcement activities utilizing INTERPOL platforms, tools and channels, in close cooperation with AFRIPOL.

The Africa Cyber Surge Operation was coordinated from an INTERPOL Command Centre in Kigali, Rwanda.

Operational results

Coordinated from an INTERPOL Command Centre in Kigali, Rwanda, the operation focused on removing the enablers of cybercrime.

Among the operational highlights:

  • 11 individuals were arrested, with one suspect linked to the abuse of children, and 10 others linked to scam and fraud activities worth USD 800,000 which had an impact on victims globally.
  • Authorities in Eritrea took down a Darknet Market that was selling hacking tools and cybercrime-as-a-service components.
  • Multiple cryptocurrency scam cases were resolved in Cameroon, including one with an estimated financial impact upon the victim of more than CFA 8 million.
  • Tanzania recovered more than USD 150,000 of victims’ money from data infringement and copyright cases.
  • Action was taken against more than 200,000 pieces of malicious cyber infrastructure which facilitate cybercrime across the African Region. This included the takedown and clean-up of malicious infrastructure linked to botnet activity, and the dissemination of mass phishing, spam and online extortion activities (e.g. romance scams, banking scams and theft of data) to potential victims.

Participating countries were able to improve their own national cyber security by patching network vulnerabilities and cleaning-up defaced government websites and securing vulnerable critical infrastructure, thereby reducing the risk of potentially catastrophic attacks.

Actionable intelligence

Investigations were shaped by intelligence provided by INTERPOL’s private sector partners including British Telecom, Cyber Defense Institute, Fortinet’s FortiGuard Labs, Group-IB, Kaspersky, Unit 42-Palo Alto Networks, Shadowserver and Trend Micro.

The information also contributed to the development of 28 INTERPOL Cyber Activity Reports that highlighted the various threats and types of criminal activity and outlined the recommended actions to be taken by national authorities.

Participating investigators worked in their home countries in collaboration with National Cyber Emergency Response Teams, Internet Service Providers and Hosting Providers who were notified of the potential vulnerability in their network infrastructure within their jurisdictions.

This collaboration proved very successful with 80% of identified ISPs engaging with law enforcement to mitigate the risks, identify weaknesses in their infrastructure and notify customers.

Of the participating countries, 18 have recognized Cyber Emergency Response Teams (CERTs), all of whom are actively working with law enforcement agencies and ISPs. Agreements have been set up between these organizations to formalize future responses.

INTERPOL platforms

Participating countries used INTERPOL’s secure Cybercrime Collaborative Platform for Operations to update each other on progress, share intelligence and receive support.

An INTERPOL coordination team on the ground in Kigali offered real-time support, while investigators from participating countries made use of INTERPOL’s secure Cybercrime Collaborative Platform for Operations to update each other on progress, share intelligence and receive support.

The Cyber Surge operation not only brought together many African member countries for the first time in a unified cybercrime operation but also helped build trust and establish valuable working relationships between them and with other partners.

Developing capacity

The Operation was preceded by a two-week training event in Kigali, Rwanda, which covered both cybercrime and cryptocurrency investigations. Delivered to 23 law enforcement agencies from 22 African countries, the course equipped participants with the knowledge and skills necessary for the Operation itself and will enable them to take proactive and sustainable action in the future.

A debrief meeting held in Mauritius at the end of November allowed member countries to share successes, discuss challenges and identify areas for improvement.

The Cyber Surge activities have also led to newly introduced legislative protocols and the establishment of a series of Cybercrime departments in member countries, which will further contribute to reducing the impact of cybercrime and protecting communities in the region.

The Operation was preceded by a two-week training event in Kigali, Rwanda, which covered both cybercrime and cryptocurrency investigations.

Acknowledgments

The Africa Cyber Surge Operation was coordinated by INTERPOL’s Cybercrime Directorate and INTERPOL Support Programme for the African Union (ISPA) in collaboration with AFRIPOL.

The Operation and related events were funded by the UK Foreign Commonwealth and Development Office and the German Federal Foreign Office as part of their ongoing support to INTERPOL and AFRIPOL.