Will Lagos's loss be our gain?

Filed Under: Law & order, Malware, Spam

"Damage to an undersea cable has caused severe problems for internet users in Western Africa. But has it also hindered cybercriminals? Guest blogger Paul Ducklin, Sophos's Asia-Pacific head of technology, gives us his perspective.."

Paul Ducklin
Earlier today I was contacted by an Australian journalist who had heard about Lagos - along with many other parts of West Africa - getting cut off from the internet. He wanted to know how he could check whether the undersea cable break had caused spam volumes to fall.

Whilst this would be a silver lining to what must be a serious blow to legitimate West African businesses, I'd be pleasantly surprised - and surprised indeed - if this caused any statistically significant change to spam volumes.

Nigeria has never been a significant contributor to the actual delivery of spam. During July 2009, for example, Nigeria relayed just one-tenth of the spam that Australia did. Nigeria was in just 93rd place (producing a mere 0.04% of the world's spam) to Australia's 40th place (with 0.43%).

So if even all spam originating from Nigerian PCs is killed off by this cable break, 99.96% of the world's spam will remain.

Route of undersea cable

Spam comes from zombies; most zombies are in countries that are populous, well-connected and internet-crazy. Nigeria is populous but not yet well-connected, nor net-crazy (two characteristics which generally go together and feed each other), with or without the broken cable.

Also, Nigerian-style cybercriminals, more usefully called Advance Fee Fraudsters (AFFsters), don't just operate out of Nigeria. And even the Nigerian-based AFFsters have criminal cells in major cities all over the world.

Perhaps the West African cable break will end up helping law enforcement by forcing some of the expatriate AFF 'employees' to stick their heads up further above the parapet in their 'overseas offices' in places such as the US, the EU and South Africa.

But that is probably wildly optimistic. After all, Nigeria still seems to have some 30% of its telecommunications connectivity, so AFFsters at 'head office' in Lagos can still issue instructions to their 'subsidiaries' around the globe.

You need a lot of bandwidth to send spam in high volumes. This can be acquired from all over the world via botnets - which effectively form distributed, redundant, resilient networks. You don't need a lot of bandwidth to instruct your zombies what to do next.

So if you haven't scanned your PC with an up-to-date anti-virus for a while, or checked to see whether your patching has been working correctly, perhaps you should consider doing so right now.

Don't sit around hoping that other people's internet loss will be your gain!

, ,

You might like

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog