South Africa: Cyber deal with France hints at crackdown on computer criminals

Fuelling the cybercrime protocol deal signed by South African Justice Minister Ronald Lamola and French Foreign Minister Catherine Colonna is Pretoria’s desire to shed its embarrassing February 2023 inclusion on the so-called grey list of the Financial Action Task Force (FATF), the Paris-based global money laundering and terrorist financing watchdog. The country made the list because of its alleged deficiencies in fighting money laundering and terrorism financing.

At the core of the agreement with France is a focus on developing skills and expertise.

South Africa’s prosecutors, the Special Investigating Unit, will gain French training in combating cybercrime. The deal also calls for setting up an anti-cybercrime academy to train police personnel from South Africa and nearby African countries.  

“This will boost confidence in the investment climate in our country that our cyberspace is safe,” Lamola says. If anything happens, he added, “we will have the capabilities to investigate.” 

Bad rap 

From the legendary Cajee Brothers cryptocurrency heist to the shadowy ransomware group known as Death Kitty, South Africa has emerged as both a host and victim of massive cybercrime operations. The country ranks fifth on the global cybercrime density list compiled by virtual private network (VPN) provider Surfshark, based on open-source FBI information and research algorithms.  

“Cybercriminals are believed to favour South Africa because they believe that South African organisations have weaker defenses when compared to first-world countries like Germany,” concludes a recent policy paper from Telesa Comms, a leading South African software firm.  

Tendani Chimboza, a lecturer at the Cybersecurity Capacity Centre for Southern Africa at the University of Cape Town, bemoans the lack of domestic cyber forensics. The constant cyber attacks on the country’s critical infrastructure, she says, lay bare both a scarcity of skills and capacity as well as a reactive strategy for addressing cybersecurity vulnerabilities.

“Although there is a big hype from academic institutions and private sector, South Africa has not been able to build cybersecurity capacity to proactively tackle the attacks,” Chimboza tells The Africa Report.

“In our 2021 SADC Cybersecurity Maturity Report,” she adds, “we listed smaller cybersecurity budgets, poor cybersecurity strategies [and] unsecured online activities by many citizens as some of the factors that make South Africa attractive for cybercriminals.”

The Cajee Brothers are arguably the most infamous South African cybercrime team. Brothers Raees Cajee and Ameer Cajee promised global investors that they could make lucrative fortunes if they paid into their Bitcoin platform, Africrypt. In 2021, the brothers allegedly committed the world’s largest crypto-currency crime when they vanished with $3.6bn of investors’ funds. They claim that their blockchain was hacked by criminals.

That July, Death Kitty left South Africa reeling when it hacked and disabled the electronic control levers of the port of Durban, demanding that the government visit a dark web portal to negotiate ransom payment. The attack forced Transnet SOC Ltd., South Africa’s state-owned ports and freight-rail company, to declare force majeure at the country’s key container terminals. 

And in September 2021, the South African Justice ministry itself struggled to contain a massive breach of its IT systems. The attackers knocked down all emails, websites, court databases and citizen IDs.

The following March, a hacker claiming to be from Brazil swept through the electronic systems of Transunion, the South African credit bureau, seizing the personal data of some 54 million people. And in June 2022, ransomware attackers penetrated Shoprite, the biggest supermarket chain in South Africa and the country’s largest employer, threatening to sell internal data to the highest bidder. 

South Africa is on the verge of becoming the “cybercrime capital of Africa,” Kari-Anne Liebling, an online fraud researcher at Scam Survivors, mused on Twitter last weekend.  

Stepping up 

South Africa has long been criticised for being lax on crime, and last week’s deal with France might be a blip on the radar.  

In 2021, the FATF found that South Africa had failed in 20 out of 40 standards and had shortcomings in all 11 steps needed to combat money laundering. 

Recently however the country has been stepping up to show the world it is serious about combating cybercrime. In 2021, South African detectives arrested ringleaders of the infamous Black Axe, a sophisticated gang of transnational crime suspects who operated online romance scams, fleecing vulnerable US residents out of millions of dollars.

Twenty months on, the suspects are challenging their pending extradition to the US in court. 

Then this May, South African detectives took into custody a group of people who were allegedly operating on its soil, hacking into US companies, intercepting internal emails and diverting nearly R100m ($5.3m). Apparently impressed, the US Secret Service went on to honour Robin Lewis, the South African prosecutor who successfully blocked bail for the Black Axe suspects.  

Being placed on the FATF grey list appears to have further nudged South Africa to step up its crackdown on cyber criminals.

2025 countdown 

The next clear chance for South Africa to get off the list will be at the FATF plenary in October 2025. For that to be a realistic target, issues would need to be addressed by the start of that year, Stuart Theobald, chairman of Intellidex, told The Africa Report last year.  

That means that international technical assistance, like the cybercrime deal with France, will be essential for South Africa to achieve timely results, Theobald said.