A cyber-crime policy is being prepared by SAPS as part of SA’s Cyber-crime Policy Framework. SAPS is presently discussing its proposals with stakeholders, such as the banks, however, it is not expected that SAPs will complete its proposals before the end of the year. A major issue, EFA has learnt, is lack of serious funding to support anti-cyber-crime work. EFA is working with SABRIC and PASA on a specific campaign designed to help e-merchants identify and avoid online fraud, as we reported last month. A second meeting is planned in Sept. Other news is that the Cyber-Crime and Security Bill which failed to be adopted in the parliamentary session before the May Elections, will have to be reintroduced to Parliament. This leaves the Cyber-crime Hub (see previous Monthly Newsletters) without any real powers to pursue cyber-criminals. Although the NPA has been boasting of its excellent (over 90%) record in bring successful prosecutions against cyber-criminals, some commentators point out that there are very few such cases, and that cross border cases have not resulted in the fining/imprisonment of the perpetrators.
The SA Reserve Bank (SARB) has also entered into the cyber-security debate with a 3-pronged policy based on prevention, detection and respond/recovery. This follows increasing awareness in SA of the dangers of cyber-crimes – the City of Johannesburg was hit by a ransom-ware attack earlier this year and other institutions may well have also fallen victim to similar attacks . The revision of the NPA Act proposes that the risk of fraud will be acceptable. Previously proof of fraud had to be provided.
Even Apple iPhone users are being targeted globally. Google’s Project Zero has just discovered a number of hacked websites that were being used to infiltrate iPhones for at least the past 2 years. The hacks spanned iOS 10 through to iOS 12, in a “sustained effort” to hack iPhones. The virus is able to steal messages, photos, and GPS location data in real time. See Google’s deep-dive technical blog post for more details.
Mozambique, one of the least developed countries in Africa (only 30% of the population have mobile phones) has revised its penal code to criminalise digital snooping. Anyone who gains access to phones, computers or other gadgets belonging to someone else without the owner’s permission will face up to 2 years in prison. Those who illegally produce, sell or distribute “non-public information” obtained from such devices without permission, can be jailed for up to 5 years. The law also stipulates that offenders will also be fined at least the equivalent of one year’s minimum salary (about 12,000R).