Remember the Love Bug? “ILOVEYOU” was the subject line of an email that filled 45 million inboxes in 2000, as the computer virus it carried manically mailed itself around the planet.
The Love Bug deleted pictures and music and slowed computers to a crawl as it sent copies of itself to everyone in the victim’s contacts file. While the attack lives long in the memory of those affected by it, the fate of the perpetrator does not – and for a very good reason: he got away with it.
Despite an admission of guilt by Filipino hacker Onel de Guzman and a major Interpol investigation, de Guzman walked away from the first great cyber-caper of the 21st century because the Philippines had no laws against computer misuse. With egg on its face, the government quickly passed laws to plug the gap. But the Philippines is in the minority. Most other developing nations have not done so.
Advertisement
In 2001, the first international treaty on the problem, the Convention on Cybercrime, was drafted by the Council of Europe. Only 21 other states – including the US, Canada, Japan and South Africa – have ratified the treaty. “Very few countries have thought enough about cyber security,” says Seymour Goodman of the Georgia Institute of Technology in Atlanta. Most of the ratifying countries are in the developed world. For the rest it’s a virtual Wild West. Computer security experts worry that this legal vacuum means developing countries will become the next battleground for cybercrime, as they are increasingly vulnerable to attacks by malicious hackers.
Help is at hand, however. The International Telecommunications Union (ITU) based in Geneva, Switzerland, is launching a global initiative designed to bring many of the security measures employed in the industrialised world to the developing world. But it faces an uphill struggle.
While the same security problems afflict both developed and developing nations – spam, viruses and botnets – poorer countries are far more vulnerable because they tend to lack the funds for countermeasures and the technical training to protect themselves effectively. One reason for this is that the connection to the internet costs so much more than it does in industrialised nations, leaving little cash for security measures.
“The developing world is more vulnerable to cybercrime as it lacks the cash to combat it”
In much of Africa, for example, connections to the internet’s backbone (the ultra-high-bandwidth “fat pipes” that traverse the US, Europe and Asia) often has to be made by satellite links to internet service providers (ISPs) nearer the backbone. The World Bank estimates that the cost of such connections in Africa can be 40 times as much as in the US. In Ghana, for instance, the monthly rental cost is $2750 per gigabit per second of data-transfer capacity, against $600 in the US. And Ghana is one of Africa’s least expensive countries. In Cameroon, according to Eric Osiakwan of the Association of African Internet Service Providers, the monthly cost is $34,000 per gigabit per second.
As a result, internet connectivity is very limited in much of Africa. The ITU says only 4.7 per cent of Africans use the internet. But those computers that are connected to the internet are more vulnerable than their counterparts in richer parts of the world. Most PCs shipped to the developing world are slow compared with those in industrialised countries. Moreover, they usually run older, sometimes pirated versions of Microsoft Windows that lack the latest security patches. Dismally, attempts to download patches are often thwarted by the limited bandwidth.
“All in all, you have a perfect recipe for botnet attacks in the developing world,” says Ethan Zuckerman of the Berkman Center for Internet and Society in Harvard, Massachusetts. Botnets are an increasingly common form of cyber-attack in which a hacker plants thousands of viruses – called bots – on a population of computers. The bots, controlled remotely over internet relay chat channels, allow the attacker to make the infected PC undertake all kinds of skulduggery on their behalf. Compromised PCs have been used to store child pornography, launch spam campaigns, spread viruses and take part in crippling denial-of-service attacks against unfortunate websites.
So far, though, hackers have not bothered to use African networks. The low level of connectivity is an unreliable environment for staging attacks that use hundreds or even thousands of “zombie” computers acting in concert. “If I were a top Russian hacker, I’d be much more likely to go after American computers, which are always online and all have broadband cable connections,” Zuckerman says. However, as efforts to expand internet access in Africa gain momentum, cybercrime could proliferate, he says, as it has in other former internet backwaters such as Russia, China and Bulgaria. “The trend seems to be that once you have 10 to 15 per cent internet penetration in a country, you start generating big groups of hackers.”
One way that could happen in Africa is through programmes designed to supply cheap, cut-down computers. The best known of these schemes is the One Laptop Per Child (OLPC) programme, pioneered by the Massachusetts Institute of Technology, which aims to reduce the cost of computer and internet access by providing laptops that run on the free, open-source Linux operating system. The OLPC’s architects have chosen a security system called BitFrost, which Zuckerman considers reasonably robust against viruses. At the same time, Intel is planning to sell its low-cost Classmate computer in developing nations, running a cheaper, cut-down version of Windows – the operating system most viruses and botnets attack.
If thousands of Classmates are distributed without adequate security, or if a previously unknown flaw in BitFrost emerges, the new generation of cheap PCs will lead to problems. “These PCs could create a market that’s worth attacking,” Zuckerman says.
The ITU is assuming that attacks of this kind are a foregone conclusion and is organising a global effort to help developing countries fortify themselves against them. Suresh Ramasubramanian, a consultant at the ITU, is working with local authorities in Malaysia on a pilot project designed to work out how best to avert botnet attacks in developing countries. The ITU is taking its lead from Australia, the country it says is among the best prepared to fight cybercrime.
Since 2005, the Australian Communications and Media Authority has run the Australian Internet Security Initiative (AISI), which since May has monitored the nation’s internet activity. When it detects telltale signs of botnet behaviour, it reports the IP address of the suspect computer to the hosting ISP, which can then help users neutralise the bot software on their machines.
This kind of international cooperation is vital if developing countries are going to shore up their defences against cyber-attacks, says Marco Gercke of the University of Cologne in Germany. He notes that one of the provisions of the Convention on Cybercrime calls for each ratifying nation to provide on-call IT administrators who must be available in case of a cyber-attack. This person, Gercke says, is tasked with alerting the appropriate ISPs so they can preserve information about the attack for subsequent forensic analysis. This is crucial for tracing the origins of computer-based attacks.
More important still, says Goodman, is the setting up of national computer emergency response teams, or CERTs, which would be far smarter “first responders” in a cyber-attack. They would analyse the type of attack and the countermeasures needed as well as alerting ISPs. Industrialised countries have CERTs, but there are only two in Africa: in Tunisia and Algeria. The ITU wants to provide the training and expertise needed to build CERTs in all the developing countries.
Ramasubramanian is reminded of the Chinese proverb: “Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.”
“With our programme,” he says, “we’re giving a whole lot of people fishing rods and teaching them how to cast.”

Computer Viruses – Learn more about the threats to your PC in our comprehensive .