Last week, the Directorate of Criminal Investigation (DCI) in Kenya sent out photos of 130 people suspected to have engaged in a cyber-attack. The suspects are alleged to have taken part in extensive fraudulent electronic activity and hacking into banking systems.
Reports state that some of the criminals involved bank workers who enabled them to execute their activities. This showed a great deal of unprofessionalism and was a breach of the code of conduct by financial institution employees.
The large-scale fraud involved numerous local banks, such as Equity and The Kenya Commercial Bank, and it led to the loss of large amounts of cash in 2018. The individual banks, however, declined to give a statement on the extent of their financial loss, adding that their clients’ money was safe and that any such loss would be compensated.
Police records state that the amount of money lost by banking institutions to hackers increased every year, with the country losing Sh14 billion in 2015 and Sh17 billion in 2016. The National Bank itself revealed that it had lost Sh29 million during the recent attack.
The Central Bank of Kenya identified a number of sources of the cybercrimes, such as a breach of security systems making databases available to cybercriminals and illegally and unprofessionally accessing accounts that are supposedly privileged, leading to access and control of the whole financial system. Moreover, hiding incriminating activities by disabling security breach detecting gadgets and altering or deleting the login details to compromised accounts also facilitated these crimes.
Phishing activities have also led to the loss of huge amounts of money, especially as most of the targets are illiterate and inexperienced in relation to money systems. Skilled engineers have developed malware that is transferred to digitized systems through service providers leading to chain effects where the initial system breach causes a link in a similar system.
In response to these attacks, a Guidance Note about cybersecurity was issued in 2017 by the Central Bank of Kenya. The note addresses the potential business risks that come with digitizing financial activities. It also vividly outlines assessment procedures that help alleviate threats to cybersecurity and measures that would aid businesses and help financial institutions keep their reputation.
The note regulations require a number of activities to be undertaken by institutions. These include promoting stability of the Kenyan pay system and making coordinated efforts towards combating and prevention of further cybercrime attacks. Institutions should also invest more in their role of protecting Critical Information Infrastructure (CII), upgrade the security of their cyberspace, and prioritize safer information systems. In addition, they are tasked with encouraging people’s compliance with the technical changes and new operational standards so as to regain the trust of the public towards their mission and vision among other duties.
These are requisite standards meant to be strictly followed through by all those working in financial industries.
George Kinoti, the head of DCI, reported that the Chief Magistrate of Kiambu and the Nairobi Milimani courts have issued arrest warrants for the suspects. He also urged members of the community to share with authorities any valuable information that would lead to the arrest of the suspects. The photos of the accused have been circulated through local newspapers and various social media platforms, along with various phone numbers, emails, and websites that the public can use to communicate any useful information to authorities. They can also contact the DCI headquarters – ECCU section or the nearest police station.
Officials have communicated that friends and relatives of the accused should not house them as they may compromise their security in an effort to keep themselves away from law enforcement. They should instead report them for their own sake and that of the greater community.
A similar case to this one took place five years ago in the estate of Runda, Nairobi, where detectives discovered that a central command system had been stationed in the area. The system had the ability to access and interfere with all communication systems nationwide.
A total of 41 foreigners were also recently arrested in the same area by police detectives for allegedly erecting an advanced communication system aimed at stealing Kenyans’ hard-earned money by hacking financial institutions.
The government has heightened the war against such activities by sensitizing citizens on how to keep their personal information and their money safe. Anti-graft commissions have also been set up to bring justice to corrupt people who sell sensitive information that they have custody of and, in the process, compromise cybersecurity.