Operation Sentinel: Proof that India needs a unified cyber strike force now

Mumbai: When 574 suspected cybercriminals are apprehended across 19 nations in a single coordinated sweep, the global policing community takes notice—precisely what unfolded during INTERPOL’s Operation Sentinel, a month-long offensive against cybercrime networks traversing Africa, spanning from October 27 to November 27 this year. For Indian readers immersed in policing, intelligence and internal security, this operation transcends mere continental statistics; it embodies a template, a warning and an opportunity interwoven into one tapestry of digital defence.

Operation Sentinel manifested with uncommon clarity of focus. Rather than confronting “cybercrime” as an amorphous all-encompassing threat, INTERPOL and its African counterparts homed in on three offence categories now painfully familiar to Indian investigators: business email compromise (BEC), digital extortion (encompassing sextortion) and ransomware. These identical classifications emerge from the 2025 Africa Cyber Threat Assessment as the continent’s most rapidly proliferating and damaging cyber threats, with two-thirds of African member nations reporting cyber offences constituting medium- to-high proportions of all documented crime. The parallels resonating through India’s own crime charts demand recognition.

Over 6,000 malicious links and digital resources were decommissioned during Sentinel, while investigators successfully decrypted six distinct ransomware variants that had encrypted data in critical sectors including finance. In one frequently referenced case, a Ghanaian financial institution witnessed nearly 100 terabytes of data locked away; researchers reverse engineered the malware, constructed a decryptor and commenced data restoration without remitting ransom. Across this operation, law enforcement agencies recovered approximately $3 million in suspected cybercrime proceeds, despite investigating cases linked to estimated losses exceeding $21 million. These numerical narratives echo stories Indian officers recognise: even triumphant crackdowns reclaim only fractions of damage, yet they project potent deterrent signals when executed visibly and at scale.

One sentinel feature distinguishing Operation Sentinel was its orchestration of 19 African jurisdictions into a unified operational theatre. Nations as diverse as Nigeria, Kenya, South Africa, Senegal, Ghana and Benin integrated into a common planning framework housed within INTERPOL’s African Joint Operation against Cybercrime (AFJOC) initiative—partially funded by the UK government and supported by the EU-Council of Europe GLACY-e programme. Instead of isolated raids and apprehensions, there emerged calendars, shared intelligence landscapes and real-time coordination on takedowns, seizures and arrests. The granular dimensions of this coordination unfolded with remarkable detail. In Benin, authorities identified 43 malicious domains and 4,318 social media accounts linked to extortion schemes and online scams, advancing against both human operators and their digital infrastructure. Senegal witnessed a business email compromise attempt diverting $7.9 million from a major petroleum company disrupted when law enforcement swiftly froze destination accounts prior to fund withdrawal. Parallel narratives of emergency account freezes, device confiscations and arrests unfolded across 19 participating nations, each weaving into the broader operational tapestry.

Behind the curtain, Sentinel revealed what contemporary cyber takedowns truly entail. This transcended classical “good policing”; it involved embedding law enforcement within a web of network telemetry, malware analysis and blockchain forensics. INTERPOL publicly designated five private-sector partners as operationally essential: Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs and Uppsala Security. These entities furnished data on malicious IP infrastructure, exposed hosts, malware specimens and crypto-transaction trails, enabling local investigators to accelerate operations and secure assets with heightened confidence.

This imparts vital lessons for India. Law enforcement agencies here already collaborate informally with diverse domestic and international enterprises on specific cases, yet no Sentinel-style framework systematically integrates private telemetry into national-level cybercrime disruption campaigns. What INTERPOL achieved in Africa was transforming scattered partnerships into operational backbones. For a nation confronting everything from deepfake sextortion to large-scale mule-account networks, that structured cooperation has become indispensable rather than optional.

Why should an African operation resonate so profoundly with India’s security establishment? Because structural conditions converge. INTERPOL’s Africa Cyber Threat Assessment reveals cybercrime now constitutes over 30% of all reported crimes in West and East African regions, with online scams, BEC and digital sextortion ranking among most frequent categories. India’s complaint portals, state police FIRs and CERT-In alerts mirror identical trajectories: surging complaint volumes, transitions from petty local frauds to industrial-scale call-centre operations, and deepening interconnections between cyber fraud, organized crime and—selectively—extremist financing. Moreover, the African report illuminates a second uncomfortable reality: 90% of surveyed nations require significant enhancements in either law-enforcement or prosecutorial capacities for addressing cyber offences. This reflection demands India’s attention. Police stations and specialized cyber cells frequently navigate complex cross-border ransomware or BEC cases utilizing tools and training designed for vastly different eras. The outcome remains predictable: diminished conviction rates, sluggish asset recovery and growing offender confidence that serious consequences remain minimal.

A Sentinel-style nationwide operation in India would not function as a magic wand, yet it could recalibrate this equation. The primary prerequisite emerges as clarity of focus. Rather than confronting every online offence simultaneously, time-bound operations might prioritize precisely the same triad: business email compromise, digital extortion (including sextortion) and ransomware—crimes directly impacting ordinary citizens, small businesses and critical service providers while enabling high-value network mapping and coordinated dismantlement. A second essential requirement constitutes genuine jointness. Operation Sentinel succeeded through 19 nations integrating investigations within a common framework under AFJOC. Within India’s context, this would translate into mission-mode operations uniting state cyber police stations, central agencies, sectoral regulators and financial-sector watchdogs beneath unified operational plans. The Indian Cyber Crime Coordination Centre (I4C), CERT-In and National Crime Records Bureau naturally serve as anchors, though the true test involves whether state-level police and specialized units trust participation yields tangible support rather than additional bureaucratic burdens.

Third—and perhaps most crucial—resides visibility and accountability. Sentinel exemplifies INTERPOL’s commitment to showcasing African agencies’ capacity to defend digital spaces. A comparable Indian campaign necessitates transparent objectives, timelines and outcomes: enumerating networks dismantled, accounts frozen and victims supported through recovery processes. Given cyber complaint volumes, no operation can claim complete success, yet each can demonstrate serious coordinated disruption is underway. A human-interest dimension often escapes policymakers’ notice. When ransomware hospitalizes critical systems offline, sextortion propels young individuals into psychological crises or BEC eradicates small businesses’ working capital—these impacts transcend abstraction. Operation Sentinel explicitly framed results as safeguarding livelihoods, securing sensitive personal data and preserving essential infrastructure. An Indian campaign addressing cybercrime solely through “case numbers” and “rupee values” fails to connect with public cooperation necessary for success. Operations centred on protecting families, students, small businesses and critical services emerge both more authentic and compelling.

Finally, Sentinel underscores a fundamental truth: no single agency or nation independently navigates the cybercrime wave. INTERPOL’s cybercrime director articulated this while releasing Africa’s threat assessment: emerging threats like AI-driven fraud demand urgent collective responses. India possesses scale, technical expertise and institutional architecture to mount its own Sentinel-style operation while integrating within broader international cooperation networks. The question remains whether political and bureaucratic will exists to execute such strategies reactively yet strategically. For security and policing-focused readers, Operation Sentinel’s lesson should not frame Africa as having cybercrime challenges while merely offering lessons to India. A more candid interpretation recognizes both regions as frontline defenders in rapidly evolving threats, with Africa demonstrating one approach to large-scale counteroffensives. India’s true test lies in adapting this model—harmonizing federal structures, digital public infrastructure and court systems—to transform scattered cyber crackdowns into nationwide coordinated campaigns criminals cannot disregard.

• Brijesh Singh is a senior IPS officer and an author (@brijeshbsingh on X). His latest book on ancient India, “The Cloud Chariot” (Penguin) is out on stands. Views are personal.