Analysis of cyber incidents in Senegal from 2005 to 2023
DOI:
https://doi.org/10.23962/ajic.i34.17851Keywords:
cybersecurity, cyber incidents, cyberattacks, cybercrimes, compromised websites, data exposure, denial-of-service (DoS), ransomware, SenegalAbstract
This article presents findings from a review of cyber incidents that occurred in Senegal between 2005 and 2023. Twenty-six incidents were identified, and they were analysed in terms of their frequency, incident type, perpetrator type, and victim type. The study found that cyber incidents are increasing in frequency in the country; that the most common incident types are cybercrimes and compromised websites; that the most frequent perpetrators are cybercriminals and hackers; that state/political organisations are slightly more likely than non-state/political entities to be attacked; that the most common incident type experienced by state/political entities is a compromised website; that the most frequent incident type for non-state/political organisations is cybercrime; and that insider attacks are much less common than external attacks, but still occur at a level that is a cause for concern. Based on the findings, the author recommends, inter alia, improved Senegalese government monitoring and reporting of cyber threats, with an emphasis on cooperation between the state’s Computer Security Incident Response Team (CSIRT-Senegal, or SNCSIRT) and the CSIRT-Universitaire established by tertiary institutions in the country.
References
Africa Cybersecurity Magazine. (2020, September 25). Cybersécurité au Sénégal: Le Sénégal victime d’une attaque cybercriminelle venue du Cameroun. https://cybersecuritymag.africa/cybersecurite-au-senegal-le-senegal-victime-dune-attaque-cybercriminelle-venue-du-cameroun
Africa Cybersecurity Magazine. (2022a, September 22). Attaques Lockbit 3: La récupération des données possibles [et] envisables. https://cybersecuritymag.africa/attaques-lockbit-3-recuperation-des-donnees-possibles-envisageables
Africa Cybersecurity Magazine. (2022b, October 12). L'ARTP Sénégal touchée par le groupe de ransomwares Karakurt. https://cybersecuritymag.africa/artp-senegal-touchee-par-groupe-ransomwares-karakurt
Africa Cybersecurity Magazine. (2022c, October 17). Les cybercriminels du groupe Karakurt divulguent les données de la cyberattaque de l'ARTP Sénégal. https://cybersecuritymag.africa/cybercriminels-groupe-karakurt-divulguent-donnees-cyberattaque-artp-senegal
African Union (AU). (2014). African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention). https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection
AU. (2024, July 8). List of countries which have signed, ratified/acceded to the African Union Convention on Cyber Security and Personal Data Protection. https://au.int/sites/default/files/treaties/29560-sl-AFRICAN_UNION_CONVENTION_ON_CYBER_SECURITY_AND_PERSONAL_DATA_PROTECTION.pdf
Agence de l'Informatique de l'Etat (ADIE). (2015, January 18). Communique de l'ADIE suite à l'attaque de son site web. Seneweb. https://www.seneweb.com/news/Technologie/communique-de-l-adie-suite-a-l-attaque- d_n_145419.html
Agence de Presse Sénégalaise (APS). (2012, April 17). L’ingénieur financier risque trois ans de prison ferme pour escroquerie. https://www.osiris.sn/L-ingenieur-financier-risque-trois.html
Agence Nationale de la Statistique et de la Démographie (ANSD). (2021). Enquête harmonisée sur les conditions de vie des ménages (EHCVM) au Sénégal: Rapport final. https://www.ansd.sn/sites/default/files/2022-11/Rapport-final-EHCVM-vf-Senegal.pdf
Allen, N. (2021, January 19). Africa’s evolving cyber threats. Africa Center for Strategic Studies. https://africacenter.org/spotlight/africa-evolving-cyber-threats
Ba, D. (2018, August 30). Cyber-attaque: Le site Campusen ciblé par des pirates. Seneweb. https://www.osiris.sn/Cyber-attaque-Le-site-Campusen.html
Computer Security Incident Response Team (CSIRT-Universitaire). (n.d.). Fonctions. https://csirt-universitaire.org/fonctions
Cybersecurity and Infrastructure Security Agency (CISA). (2018, June 7). Indicators associated with WannaCry ransomware. https://www.cisa.gov/news-events/alerts/2017/05/12/indicators-associated-wannacry-ransomware
CISA. (2020). Insider threat mitigation guide. https://www.cisa.gov/sites/default/files/2022-11/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf
CISA, with FBI, MS-ISAC, ACSC, NCSC-UK, CCCS, ANSSI, BSI, CERT NZ, NCSC-NZ. (2023). Understanding ransomware threat actors: LockBit. https://www.cisa.gov/sites/default/files/2023-06/aa23-165a_understanding_TA_LockBit_0.pdf
Council of Europe. (2001). The Convention on Cybercrime (Budapest Convention, ETS No. 185) and its Protocols. https://www.coe.int/en/web/cybercrime/the-budapest-convention
Dakaractu. (2014, July 20). Le site web du MEF tout comme quatre autres sites officiels ont été piratés. https://www.dakaractu.com/Le-site-Web-du-MEF-tout-comme-quatre-autres-sites-officiels-ont-ete-pirates_a71100.html
Dakaractu. (2019, August 7). Le site de l'École supérieure multinationale des télécommunications piraté: la rançon dérisoire exigée par le hacker « El Profesor ». https://www.dakaractu.com/Le-site-de-l-Ecole-superieure-multinationale-des-telecommunications-pirate-la-rancon-derisoire-exigee-par-le-hacker-El_a174670.html
Diallo, C. (2022, May 9). Prendre des fichiers en otage: un acte cybercriminel à l’aide de ransomware ou rançongiciel. CSIRT-Universitaire Bulletin Mensuel de Sécurité, n°2022-01. https://csirt-universitaire.org/media/BulletinMensuel/PDF/BMS1_Bulletin_mensuel_de_securite_no1__v1_2POwnQ4.pdf
Diouf, A. (2021, February 23). Tentative de piratage du site PressAfrik: Appel condamne et tire la sonnette d’alarme. PressAfrik. https://www.pressafrik.com/Tentative-de-piratage-du-site-PressAfrik-Appel-condamne-et-tire-la-sonnette-d-alarme_a228311.htmlv
Direction Générale du Chiffre et de la Sécurité des Systèmes d'Information (DCSSI). (n.d.-a). Présentation. http://stcc-ssi.sn/presentation
DCSSI. (n.d.-b). Bulletins d’alerte. http://stcc-ssi.sn/bulletins-dalerte
DCSSI. (2023). Attaques de type DDoS par le groupe « Mysterious Team ». https://www.stcc-ssi.sn/2023/06/07/bulletin-dalerte
EU Cyber Direct. (2018). École nationale de cybersécurité à vocation régionale. https://eucyberdirect.eu/good-cyber-story/ecole-nationale-de-cybersecurite-a-vocation-regionale
Fama, A. (2015, January 20). Anonymous a piraté le site de l’Adie en représailles à l’interdiction de Charlie Hebdo. https://senego.com/anonymous-a-pirate-le-site-de-ladie-en-represailles-a-linterdiction-de-charlie-hebdo_211716.html
Federal Bureau of Investigation (FBI), CISA, Treasury & FinCEN. (2022). Karakurt data extortion group. https://www.cisa.gov/sites/default/files/2023-12/aa22-152a-karakurt-data-extortion-group.pdf
Global Cyber Security Capacity Centre. (2016). Cybersecurity capacity review of the Republic of Senegal. University of Oxford. https://gcscc.web.ox.ac.uk/files/senegal-report-v4pdf
Gueye, P. (2005a, May 4). Coup de filet de la S.U.: La bande de cyber-escrocs avait engrangé plus de 300 millions. Le Soleil. https://osiris.sn/Coup-de-filet-de-la-S-U-la-bande.html
Gueye, P. (2005b, August 17). HLM Grand-Médine: Une bande de cyber-escrocs démantelée. Le Soleil. http://osiris.sn/HLM-Grand-Medine-Une-bande-de.html
Guissé, C. M. (2008, January 26). Sabotage et destruction du site Nettali.com: Le parquet aux trousses d’un « cheval de Troie ». L’As. https://www.osiris.sn/sabotage-et-destruction-du-site-nettali-com-le-parquet-aux-trousses-d-un-cheval.html
Houeto, C. (2023, November 24). Cyberattaque contre l'Ageroute au Sénégal: Environ 18 gigaoctets de données sensibles publiées. Africa Cybersecurity Magazine. https://cybersecuritymag.africa/cyberattaque-contre-lageroute-au-senegal
Hutchins, M. (2017, May 16). Note on WannaCrypt infection count accuracy. MalwareTech. https://www.malwaretech.com/tag/wannacry
ITmag. (2014, February 22). Sénégal: 13 Nigérians arrêtés pour avoir piraté le compte mail d’un haut responsable de la Présidence. http://www.itmag.sn/news/senegal-13-nigerians-arretes-pour-avoir-pirate-le-compte-mail-dun-haut-responsable-de-la-presidence
Jones, C. & Chebla, J. (2023). African cyberthreat assessment report 2023. Interpol. https://www.interpol.int/content/download/19174/file/2023_03%20CYBER_African%20Cyberthreat%20Assessment%20Report%202022_EN.pdf
Kaspersky. (2023, September 21). Africa among regions with highest number of industrial systems under attack in the first half of 2023. https://kaspersky.africa-newsroom.com/press/africa-among-regions-with-highest-number-of-industrial-systems-under-attack-in-the-first-half-of-2023?lang=en
Koné, M. (2022, September 20). Sécurité aérienne: le site de l'ASECNA piraté par le groupe de hackers Lockbit. Le360 Afrique. https://afrique.le360.ma/autres- pays/societe/2022/09/20/39358-securite-aerienne-le-site-de-lasecna-pirate-par-le-groupe-de-hackers-lockbit-39358
KPMG. (2022). Africa cyber security outlook. https://assets.kpmg.com/content/dam/kpmg/ke/pdf/thought-leaderships/2022/KPMG%20Africa%20Cyber%20Security%20Outlook%202022.pdf
Kshetri, N. (2013). Cybercrime and cybersecurity in the Global South. Palgrave Macmillan.
Kshetri, N. (2019). Cybercrime and cybersecurity in Africa. Journal of Global Information Technology Management, 22(2), 77–81. https://doi.org/10.1080/1097198X.2019.1603527
Leral.net. (2016, October 17). Piraterie: La Poste délestée de plus de 400 millions. https://www.leral.net/Piraterie-La-Poste-delestee-de-plus-de-400-millions_a182765.html
Mbengue, A. R. (2008, January 26). Un cheval de troie fait des ravages sur Nettali: L’administration du site porte plainte contre X.
Ministry of Communications, Telecommunications, Post and the Digital Economy. (2017). Senegalese National Cybersecurity Strategy (SNC2022). https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/SNC2022-Senegal-NCS-Jan-2018_eng.pdf
Ndiaye, T. (2023, May 27). Cyberattaque au Sénégal: Après la présidence de la République et le gouvernement, Air Sénégal touché. Seneweb. https://www.seneweb.com/news/Societe/cyberattaque-au-senegal-apres-la- preside_n_410935.html
Ndoye, K. (2023, May 26). Plusieurs sites internet du Gouvernement, dont celui de la Présidence, attaqués. Seneweb. https://www.seneweb.com/news/Societe/plusieurs-sites- internet-du-gouvernement_n_410896.html
Ngom, M. (2023, May 29). Sénégal: une « Mysterious Team » derrière les cyberattaques contre l’Etat. Le Monde Afrique. https://www.lemonde.fr/afrique/article/2023/05/29/senegal-une-mysterious-team-derriere-les-cyberattaques-contre-l-etat_6175339_3212.html
Niasse, F. (2023, September 7). Victime d’attaques de groupe de hackers Anonymous, le Prodac porte plainte à la Division de la Cybersécurité. Le Grand Panel Citoyen. https://www.grandpanel.sn/victime-dattaques-de-groupe-de-hackers-anonymous-le-prodac-porte-plainte-a-la-division-de-la-cybersecurite
Observatoire sur les systèmes d’information, les réseaux et les inforoutes au Sénégal (OSIRIS). (2020, January 23). Accès frauduleux dans le système de la Banque de Dakar (Bdk): Des cyber délinquants nigérians et sénégalais risquent 4 ans de prison. http://www.osiris.sn/Acces-frauduleux-dans-le-systeme.html
Pieterse, H. (2021). The cyber threat landscape in South Africa: A 10-year review. The African Journal of Information and Communication, 28, 1–21. https://doi.org/10.23962/10539/32213
Republic of Senegal. (2008). Law No. 2008-11 (25 January 2008) on Cybercrime.
Rukanga, B. (2024, June 12). Senegal starts producing oil as president promises benefits. BBC. https://www.bbc.com/news/articles/c722n9g5w22o
PressAfrik. (2020, December 17). Après avoir attaqué les systèmes de la police et de la gendarmerie: le jeune hacker Souleymane accusé d’avoir bloqué le système de Transpay. https://www.pressafrik.com/Apres-avoir-attaque-les-systemes-de-la-police-et-de-la-gendarmerie-le-jeune-hacker-Souleymane-accuse-d-avoir-bloque-le_a225211.html
Senenews. (2014, November 27). 6 sites du gouvernement sénégalais en gouv.sn hackés par Yunus Incredibl. https://www.senenews.com/actualites/6-sites-du- gouvernement-senegalais-hackes-par-yunus-incredibl_76736.html
Seneweb. (2011, March 30). Banque: Le site web de la Sgbs piraté. https://www.seneweb.com/news/News/medinatoul-salam-les-partisans-de-sokhna_n_43167.html
Seneweb. (2021, November 3). 60 plaintes et 13 arrestations: 150 millions détournés via Wave et Orange Money, la DSC sur la brèche. https://www.seneweb.com/news/Societe/60-plaintes-et-13-arrestations-150-milli_n_362921.html
Souaibou, M. (2023, August 7). ANACIM: la cyberattaque n’a pas atteint les données (responsables). Agence de Presse Sénégalaise (APS). https://baobab7.com/actualites/anacim-la-cyberattaque-na-pas-atteint-les-donnees-responsables
Statista. (2024). Share of internet users in Africa as of January 2024, by country. https://www.statista.com/statistics/1124283/internet-penetration-in-africa-by-country
Symantec. (2016). Cyber crime and cyber security trends in Africa. https://securitydelta.nl/media/com_hsd/report/135/document/Cyber-security-trends-report-Africa-en.pdf
Van Niekerk, B. (2017). An analysis of cyber-incidents in South Africa. The African Journal of Information and Communication, 20, 113–132. https://doi.org/10.23962/10539/23573
Ventureburn. (2023, June 20). Senegal tops African countries in cybersecurity – Indusface. https://ventureburn.com/2023/06/senegal-tops-african-countries-in-cybersecurity-indusface
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Ciré Sall
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
- Abstract 120
- PDF 52