How to shut down the internet

also ft Cybersecurity-as-a-service

September 27, 2025

HIGHLIGHTS

How to shut down the internet

When a public company gets tired of the world, it can “go private.” It finds a private equity firm, or uses its own cash, to buy back all its shares from the public market. It’s an expensive, complicated hassle, but it has one beautiful upside: you get to stop caring. No more activist investors writing angry letters, no more quarterly earnings calls, no more nosy analysts. You can just run your business in the dark, and you only have to answer to yourself.

As you’ve probably heard already. African governments have been doing just that. According to the African Digital Rights Network, internet shutdowns are on an upward trajectory among African countries, with the recorded cases growing from 14 in 2016 to 28 as of 2024. Africa has lost roughly 1.2 billion due to the internet shutdown in 2024. The Middle East and North Africa region ranked fourth globally, incurring a $1.44 billion financial loss and 16,547 hours of disruption, affecting 105.04 million users. Countries like Nigeria, Ethiopia, and Sudan record the longest hours of internet shutdown due to either political problems, conflicts, or protests. Ethiopia experienced the longest uninterrupted internet blackout in world history, totalling 670 days from November 2020 to December 2022, during an armed conflict, resulting in a loss of approximately $1.9 billion, surpassing Iran’s $920.3 million.

The classic way to shut down the internet is to, well, shut it down. It’s a classic brute-force method that involves a guy in kaftan making a few phone calls to the CEOs of the handful of ISPs and telcos in the country with the simple order to shut it down, and if it’s a democracy the service providers might ask for justification, and typically they’ll go to the country’s politically complicit court or parliament and get a sign-off on that order. Usually, though, the CEO will call his engineers and ask them to withdraw their BGP (Border Gateway Protocol). In essence, BGP is equivalent to a postal code through which the rest of the world can send and receive information from the country’s network. When this is pulled, no one can reach said country. This is usually the “break glass in case of emergency” option, and we’ve seen it used in many cases:

  • Egypt (2011) is the canonical example. During the Arab Spring, the Mubarak government ordered the four main ISPs to shut down, plunging 93% of the country into an information black hole.

  • Cameroon (2017): To quash a protest movement in its English-speaking regions, the government imposed a 230-day internet shutdown in the anglophone regions. This was a regional delisting.

  • Ethiopia (2020-2022): During the war in the Tigray region, the government imposed one of the longest and most total shutdowns on record, creating a near-complete media blackout of the conflict.

  • Senegal (2024): Facing widespread protests, the government didn’t shut down everything, but it did the next-best thing: it shut down all of the mobile internet access, the primary way most people get online. This way, corporate infrastructure typically relying on non-mobile could continue functioning.

The 2024 Senegal shutdown tried to solve the biggest problem of this means of closing the internet. It is financially ruinous. During these kinds of shutdowns, banks go offline. POS systems fail. And crucially, in many African economies, you shut down mobile money. Services like M-Pesa are the lifeblood of daily commerce. This method also gets you bad press. The UN will write a strongly worded note. Access Now and Top10VPN will publish reports with scary-sounding statistics about your economy. It’s bad PR.

So, the more sophisticated approach is to shut down specific parts of the internet or degrade the service so badly that it becomes functionally useless, but without the “shutdown” label.

The block list is regarded as the à la carte menu of censorship. The government decides it doesn’t have a problem with the internet, just with the parts of the internet where people are organising. So, it sends a new order to the ISPs: “Keep the banks on, but block Twitter, Facebook, and WhatsApp.”

  • Uganda (2021): The government ordered a full social media blackout days before a contentious election. Why? It claimed Facebook had been “arrogant” and taken down pro-government accounts. The solution was to just ban Facebook. And Twitter, and WhatsApp, and everything else, just in case.

  • Nigeria (2021): The government banned Twitter for seven months. The official reason was “the persistent use of the platform for activities that are capable of undermining Nigeria’s corporate existence.” The other reason was that Twitter had deleted a tweet from President Muhammadu Buhari that violated its rules.

The tech here is also simple. The ISP can use DNS filtering (lying to your browser about where “twitter.com” is) or IP blocking (simply dropping any traffic destined for Twitter’s known servers).

The Throttle, though, is the trickiest play. The internet is technically on. But it feels like 1998 dial-up. Your WhatsApp message just says “Sending...” for an hour. You can’t upload that video of the protest. You can’t live-stream. You can maybe load a text-only email if you’re patient.

This is a common tactic on election days. Zimbabwe has been frequently accused of this during protests, as has Sudan.

It’s brilliant because it’s hard to prove. The government can just blame network congestion, technical faults, or even cable cuts. It creates immense frustration and stops the flow of high-bandwidth media (i.e., video evidence) without giving activists a clear “the internet is off” rallying cry.

Service providers are complicit because even though turning off the internet is bad for business, they risk losing their multi-million-dollar operating license if they refuse the government. Their lawyers do not need convincing.

All of these are simplistic explanations of a complicated problem. For example, when governments implement the block list, citizens resort to VPNs, and overly censorious governments in turn resort to something called Deep Packet Inspections (unironically called DPIs). DPIs can identify VPN traffic and block it, and VPN companies might improve their technology so it’s harder to identify, and DPI providers would upgrade their tech too to recognise the new VPN protocol. This sets off an arms race with its key players. Tune in next week, and we might talk about that.

Cybersecurity-as-a-service

Fu’ad Lawal, acting editor-in-chief of TechCabal and founder of Archivi.ng swears by his thesis that a key point of innovation in Africa is figuring out the business model for innovation, which is exactly what I thought about when I heard that in Accra, Ghana, a local firm called Virtual Infosec Africa (VIA) partnered with a global player, Exabeam, to launch what they’re calling “Africa’s first monthly cybersecurity subscription service.”

The product is a subscription to a “Security Information and Event Management” (SIEM) service. In normal-person terms, a SIEM is like a central security monitoring station for a company’s entire digital presence. It pulls in all the logs and alerts from your firewalls, servers, and employee laptops, and uses AI to look for patterns that might suggest someone is trying to break in. Big banks and corporations live and die by this stuff. It’s the digital equivalent of having a thousand security cameras all feeding into one room where a very smart, very paranoid guard is watching 24/7.

The problem is that a proper SIEM setup is ruinously expensive. You need the hardware, servers, the multi-million dollar software licenses, and a team of highly paid analysts who know what they’re looking at. For small startups and SMEs, this is a non-starter. This is the market inefficiency that VIA is trying to arbitrage. They’ve built the expensive thing—a Security Operations Centre hosted at the National Information Technologies Agency (NITA) in Accra—and are now slicing it up and selling access on a monthly subscription.

VIA claims to be “Africa’s First,” which is a bold and probably unprovable claim. Is it the first SIEM-as-a-service for SMEs on a monthly plan in Africa? Maybe. But other companies, like FirstWave, have partnered with providers to offer cybersecurity “on a consumption basis” in Ghana, Kenya, and elsewhere. Digimune also offers monthly cybersecurity bundles in Africa.

The service offers “AI-driven threat detection, monitoring, and compliance tools.” But the devil is in the details. What level of service does a basic subscription get you? Is it just automated alerts, or does it include actual human intervention and incident response? Can their central operations centre effectively handle the alerts and incidents from hundreds or thousands of unique clients simultaneously?

FEATURE

  • This documentary by Dubawa’s Phillip Anjorin exposes the alarming trend of individuals openly marketing traditional charms, locally known as “Oshole,” to internet fraudsters in Nigeria through social media platforms like TikTok.

  • A massive leak from a Chinese networking company, Geedge Networks, has exposed a sophisticated, off-the-shelf mass censorship and surveillance platform being sold to governments, with a significant focus on African nations. Leaked documents reveal that Geedge markets a product called “Secure Gateway,” which acts as a “national firewall” capable of performing deep packet inspection to block websites, throttle internet speeds, and even disable VPN services on a national scale. Read on WIRED. 

HEADLINES

ACROSS THE WORLD

OPPORTUNITIES

IMAGE OF THE WEEK

See you next week!

Reply

or to participate.