# Report 03: Geopolitical Context & Digital Posture Assessment **Date:** 2026-03-03 **Analyst:** Claude (automated OSINT) **Classification:** Open Source Assessment --- ## Executive Summary Burkina Faso under Captain Ibrahim Traore's military junta presents a unique digital posture shaped by rapid geopolitical realignment. Since seizing power in September 2022, the regime has pivoted from Western partnerships toward Russia, joined the Alliance of Sahel States (AES) with Mali and Niger, expelled French military forces, and most recently signaled involvement in the Iran conflict against Israel and the United States. This geopolitical shift is directly reflected in the country's digital infrastructure — a mix of legacy Western hosting, emerging local capability, and significant gaps that reveal both the constraints and priorities of a junta under international pressure. --- ## Political Context ### Regime - **Type:** Military junta (Mouvement Patriotique pour la Sauvegarde et la Restauration — MPSR) - **Leader:** Captain Ibrahim Traore (youngest head of state globally at time of coup) - **Power Seizure:** September 30, 2022 (second coup in 8 months — first ousted Damiba in Jan 2022, who ousted Kabore) - **Government Structure:** 22 ministries (reduced from 24 in January 2026 restructuring) ### Key Restructuring Signals (Jan 2026) - Ministry of Defense renamed **"Ministry of War and Patriotic Defense"** — war-footing language - Civil Service renamed **"Ministry of Servants of the People"** — populist/revolutionary rhetoric - Humanitarian Action merged into **"Ministry of Family and Solidarity"** — reduced emphasis on aid/NGO coordination - Agriculture + Environment merged — consolidation of resources ### Alliance of Sahel States (AES) - Formed July 2024: Burkina Faso + Mali + Niger - All three juntas left ECOWAS - Mutual defense pact against external intervention - Shared security operations against jihadist insurgency - Potential Iran/Russia alignment axis emerging ### Iran Conflict Involvement - Burkina Faso signaling entry into Iran-side conflict against Israel and USA - Follows pattern of AES states seeking non-Western military partnerships - Wagner Group already present in country since 2022 - Implications: increased Western intelligence interest, potential sanctions, digital infrastructure scrutiny --- ## Digital Posture Observations ### 1. Hosting Geography Contradictions The junta's digital infrastructure reveals a tension between rhetoric and reality: **Anti-Western rhetoric, Western hosting:** | Site | Hosted In | Provider | |------|-----------|----------| | Presidency | Switzerland | Infomaniak | | Police Academy | United States | PlanetHoster | | SONABHY (fuel) | United States | Netlify/AWS | | ONEA (water) | United States | Bluehost/Cloudflare | **In-country hosting (only 3 confirmed):** | Site | IP | Location | |------|-----|----------| | ARCEP | 196.43.247.56 | Burkina Faso | | ONATEL | 196.28.243.151 | Burkina Faso | | SONABEL | 102.211.121.6 | African (likely BF or regional) | **Implications:** - Critical infrastructure websites dependent on US/European hosting - Presidency in Switzerland = neutral ground, but still Western jurisdiction - If US/EU sanctions increase, hosting could be disrupted - SONABEL's geo-blocking from US may be an early signal of network hardening ### 2. Military/Security Digital Posture - **Near-zero military web presence** — no armed forces website, no intelligence agency website - **defense.gov.bf** is only 1 year old (created 2025-03-11) — very recent digital standup - **Custom Mooré-language nameservers** (ntoo, wobgo, oubri) — indigenous language on DNS infrastructure signals national identity assertion - **Google Analytics on defense/security sites** — traffic data flows to US company (Google) - **TYPO3 shared platform** for defense + security = centralized, easier to secure but single point of failure - **Strong security headers** on defense/security (HSTS preload, CSP, XSS protection) — someone competent configured these ### 3. Cybersecurity Agency (ANSSI) as Outlier ANSSI's digital posture is dramatically different from the rest of government: - **Django (Python)** vs everyone else on PHP - **2-year HSTS** vs 6 months or none - **Zero subdomains** vs everyone else leaking infrastructure - **No server fingerprint** vs everyone else exposing Apache/PHP versions - **Modern security headers** (COOP, Permissions-Policy) vs basic or none This suggests ANSSI has **genuinely competent technical staff** but their expertise has not been disseminated to other agencies. The Information Systems Security Act (July 2024) may be too new to have forced compliance across government. ### 4. Critical Infrastructure Vulnerability | Infrastructure | Digital Status | Risk Level | |---------------|----------------|------------| | Electricity (SONABEL) | Geo-blocked, self-hosted DNS | MEDIUM | | Telecom (ONATEL) | No website, dbadmin exposed | HIGH | | Water (ONEA) | Domain expired, US-hosted | CRITICAL | | Fuel (SONABHY) | US-hosted (Netlify) | MEDIUM | | Domain registry (ARCEP) | Wildcard DNS, users leaked | HIGH | The country's domain infrastructure is particularly vulnerable: - **ONATEL operates the .bf TLD** but can't deploy a website - **ARCEP administers .bf** but has wildcard DNS misconfiguration - These two organizations control the entire .bf namespace ### 5. Contractor Dependencies Foreign contractors manage critical government digital assets: - **ECODEV INTERNATIONAL** — registered the presidency's domain - **YTCVN (Vietnamese)** — built the national police website - **IKA SOLUTION (local)** — manages water utility domain (but let it expire) - **Groupe Fadoul (local)** — manages multiple government sites - **PlanetHoster (Canadian/French)** — hosts police academy This contractor dependency means: - Institutional knowledge sits outside government - Domain renewals depend on third-party diligence (ONEA failure case) - A contractor compromise could cascade to multiple gov sites ### 6. Shared Google Analytics Account Defense (UA-144182518-5) and Security (UA-144182518-30) share the same Google Analytics property series. This means: - A single Google Analytics account has visibility into both defense and security ministry traffic - Traffic patterns (visitor IPs, pages viewed, referrers) for defense/security flow to Google servers - For a junta entering conflict with the US, this is a significant OPSEC concern - The UA-144182518 account holder (likely SIG or ANPTIC) sees all ministry traffic data --- ## Assessment ### Digital Maturity: LOW - Most sites run EOL PHP (7.3.x) - WordPress/Joomla/TYPO3 patchwork with no standardization - Only ANSSI demonstrates modern security practices - Domain management failures (ONEA expired, ARCEP wildcard) ### OPSEC Awareness: MIXED - Defense/security have good security headers - But traffic data flows to Google - Presidency on Western hosting - ANSSI is the only truly security-conscious site ### Resilience: LOW - Heavy Western hosting dependency - Contractor-managed infrastructure - ONATEL (TLD operator) can't deploy a website - Single shared TYPO3 platform for defense/security = single point of failure ### Trajectory Given the geopolitical direction (AES, Russia/Wagner, Iran alignment, anti-Western posture), expect: - Potential migration of hosting to non-Western providers (Russia, China, Gulf states) - Increased geo-blocking of Western IP ranges (already seen on SONABEL) - Possible domain infrastructure changes if sanctions target .bf registry - ANSSI likely to gain authority and push security standards across government - Risk of hasty infrastructure changes introducing new vulnerabilities --- ## Questions for Further Investigation 1. What is the full scope of the UA-144182518 Google Analytics property? How many gov.bf sites report to it? 2. Is SONABEL's geo-blocking intentional policy or misconfiguration? 3. Who holds the master credentials for the shared TYPO3 government platform? 4. Has ONEA actually lost control of onea.bf, or was the WHOIS expiry date a renewal-in-progress? 5. What is the relationship between ANSSI and the shared gov infrastructure — can they mandate security standards? 6. Are there any Russian/Chinese-hosted .bf domains appearing in the CT logs?