Ghana’s disinformation foray

also ft how does a cyber fraud refund like this even begin to work?

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

Hi there, Olatunji Alameen here.

Now and then we stumble on radical and encompassing highlights, and I think this is one of them. Each highlight explores something important and enlightening.

Excited for you to read today’s issue and remember to reply if you have questions or feedback!

HIGHLIGHTS

Ghana’s disinformation foray

If you’re about this life, you probably know a bit about disinformation. You also would know about the fascinating, slightly chaotic world of online truth, or lack thereof. Disinformation and information is broadly policed through cybercrime laws, which are laws guiding broader use of the internet, setting definitions of internet-enabled crime, and are laws we’ve talked about in the newsletter in the past, especially in the context of how they enable censorship.

ICYMI: Mis/Disinformation in Nigeria’s Financial Institutions

Ghana, it appears, has decided that the current equilibrium in its information market isn't working. The Ghanaian government is passing a bill aimed specifically at combating misinformation and disinformation. This puts Ghana in a rather interesting position on the continent. While many African nations are grappling with how to manage the digital space – often with a keen eye on control – Ghana is apparently aiming to be among the firsts with a dedicated law specifically targeting this particular brand of digital pollution.

The Minister for Communications, Samuel Nartey George, declared the bill would arrive in the "next parliamentary session" with a goal to provide a "comprehensive legal framework" to enforce accountability and "safeguard the holding sphere.”

Certain details of this proposed law are "yet to be clear." And the devil, as always, lives comfortably in the details. What exactly constitutes "misinformation" or "disinformation" under this law? Who makes that determination? A government body? The courts? Will there be a speedy process, or will it get bogged down?

More importantly, how does a law designed to clamp down on digital spreaders square with guaranteed rights like freedom of expression, opinion, information, privacy, and assembly? Ghana is a signatory to the International Covenant on Civil and Political Rights (ICCPR), which is quite particular about things like free speech. Any law needs to align with these international commitments, which means it can't just be a tool to silence dissent or inconvenient truths under the guise of stopping "disinformation." The line between critical opinion and malicious falsehood can be distressingly thin, especially when viewed through a political lens.

Ultimately, this bill arrives at a time when Ghana's information ecosystem is incredibly dynamic, driven by a young, internet-savvy population living much of their lives on Facebook, WhatsApp, and Twitter. These platforms are both vectors for the problem and crucial spaces for genuine public discourse and mobilization. A law targeting disinformation will inevitably touch these spaces and the people who inhabit them.

Ghana is proposing to take a big step – potentially becoming the first on the continent with this specific kind of legislative muscle. The need to address malicious information is real, particularly with AI now making sophisticated fakes easier than ever. But the path is fraught with peril. How do you build a framework to protect truth without accidentally creating a tool to suppress legitimate speech? How do you "clamp down" on digital lies without chilling online expression altogether? The "holding sphere" needs safeguarding, sure, but it also needs to be a place where ideas, even challenging ones, can freely circulate. Ghana's proposed law is a fascinating case study in the global, digital tightrope walk between control and freedom, and everyone should be watching to see where they land.

How to get your money back

It’s been a while since news broke in Nigeria that an unnamed old generation (definitely not Union) bank lost an undisclosed lump sum to a fraud attack, but now the bank seems to be wrangling back some of that This case, where the Federal High Court in Lagos ordered 54 banks to return N9.3bn, illustrates how the system is designed to fight back, even if imperfectly.

So, how does a cyber fraud refund like this even begin to work?

Think of it less like hitting "undo" on a bad transfer and more like a coordinated emergency response to a rapidly spreading financial contagion.

1. Discovery and Immediate Alarm: The first step, obviously, is detecting the fraud. Banks have systems in place to spot unusual activity, though sophisticated attacks can sometimes bypass initial layers. Once the bank discovered the massive unauthorized debits, the alarm bells ring. Time is critical – the faster they react, the higher the chance of recovery.

2. Tracing the Flow: This is where the digital detective work begins. The compromised bank needs to follow the money trail. In modern banking, every transaction leaves a digital footprint. They can see where the money went immediately after leaving the victim accounts. The case highlights this: the hackers sent funds to "primary accounts" in various banks and then rapidly "rerouted" it to "secondary and tertiary beneficiaries" across those 54 institutions. This layering is a classic money-laundering technique designed to obscure the source and make tracing harder. However, the digital breadcrumbs are still there.

3. Inter-Bank Communication and Cooperation: This is absolutely vital and is enabled by underlying policies and practices. Banks aren't isolated islands. They are interconnected by networks and agreements. There are established protocols, often mandated by the Central Bank or banking associations, for reporting fraud and requesting assistance from other banks when stolen funds land in their customers' accounts. The fact that the funds were "traceable" across 54 institutions points to these established channels being active. The requesting bank (the victim) provides details of the fraudulent transactions, and the receiving banks are obligated to investigate.

4. Legal Intervention: The Hammer: While inter-bank cooperation is key, banks cannot, on their own authority, simply reverse a completed transaction or seize funds from a customer's account, even if suspected of receiving fraud proceeds. This is where the legal system comes in. To legally freeze accounts and compel the return of funds, the victim bank must get a court order. In this Nigerian case, the bank filed an "ex parte motion" (meaning the other parties weren't initially present) to get an urgent order. Justice Dipeolu's order was the crucial legal "hammer" that enabled the subsequent steps.

5. Freezing Assets: The "Post No Debit" Order: The court order specifically directed the 54 banks to place a "Post No Debit" (PND) restriction on all accounts that received the stolen funds. This is a critical step. A PND means no money can be withdrawn or transferred out of that account. It immediately stops the hackers (or anyone who received the money) from moving the funds further, effectively freezing the stolen assets wherever they currently sit within the banking system.

6. Information Disclosure: Lifting the Veil: The court also ordered the recipient banks to share comprehensive details: account balances, amounts received, amounts already transferred out, and crucial customer data (names, destination accounts). This is essential for two reasons:

   • It allows the victim bank (and potentially law enforcement) to continue tracing the money if it moved beyond the initial recipient accounts.

   • It provides the necessary evidence and identity information for potential criminal prosecution or civil recovery lawsuits against the individuals who received the funds.

7. Recovery and Return: The Goal: With accounts frozen and information shared, the court ordered the immediate return of all available funds to the original bank. "Available funds" is the key phrase here. If the money was received and immediately spent, or moved outside the traceable banking system (e.g., converted to crypto and sent to an offshore wallet, or simply withdrawn as cash), that portion might be much harder, or even impossible, to recover through this process. But whatever is left in the frozen accounts must be sent back. The court also stipulated the restrictions remain until full recovery, limited to the amount each specific account received, ensuring the freeze is proportionate.

What policies and practices enable this?

This process doesn't happen by chance. It's built upon layers of policy, regulation, and technology:

• Regulatory Frameworks: Central Banks (like the CBN in Nigeria) establish regulations for fraud reporting, cybersecurity standards for banks, and often mandate cooperation protocols between financial institutions.

• Inter-Bank Protocols and Agreements: Banks have standing agreements on how to handle inter-bank transfers, disputes, and fraud investigations. These include standardized procedures for requesting information and placing holds on funds suspected to be fraudulent.

• Legal System Cooperation: The judiciary plays a critical role. Laws must exist that allow courts to issue orders like PNDs, compel banks to disclose customer information in fraud cases (balancing privacy with crime fighting), and order the restitution of stolen funds. The swiftness of the court's action (order just over three weeks after the attack) in this case was crucial.

• Technology and Cybersecurity Investments: Banks invest heavily in transaction monitoring systems, fraud detection AI, and cybersecurity to detect attacks early. They also need forensic capabilities to trace funds across complex networks.

KYC and AML Regulations: While seemingly bypassed by the hackers initially, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations mean that the accounts receiving the funds should theoretically have real identity information attached, aiding in tracing and identifying the beneficiaries, even the secondary and tertiary ones.

FEATURES

• Q1 2025 Global Cyber Attack Report from Check Point Software: Africa most targeted region in an ... - BusinessGhana.

HEADLINES

• Hopes fade for Kenyans seeking refunds from hacked crypto trading platform

• EFCC sues Afriq Arbitrage System, CEO Jesam Michael over alleged $854,416.36 and N590 million investment fraud

• National ICT Policy: Kenya records 2.5 billion cyber threats in q1, 2025

• Arrests made for online distribution of harmful content

• Gabon to build data centre in boost for IT, digital economy

• Federal Lawmaker Chinedu Ogah Uses Cybercrime Act To Hold 66-Year-Old Activist In Secret Jail Over Facebook Posts

• Nigerian organisations recorded 4388 attacks per week in Q1

• Union Bank Customers Lose N9.3 Billion to Cyber Attack

ACROSS THE WORLD

• Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

• Suspected 4chan Hack Could Expose Longtime, Anonymous Admins

• Japan FSA Says Hacked Online Trading Reaches $700 Million

OPPORTUNITIES

• Fully funded cybersecurity training for youth in West and Central Africa. Apply here

• Leadership Cyber Security Training in Nashville, TN. Apply here

Comments

[Quadri Yahya]

Thank you