Hackers and other cyber criminals on the prowl are wreaking havoc in Kenya, threatening to turn the East African country’s dream of launching an e-government into a nightmare.
Hundreds of Web sites operated by government ministries and state-level institutions have been cracked, hacked and defaced in the last two years, with the hackers recording their biggest haul in January 2012 when an Indonesian intruder Direxer struck down 103 Web sites in one night.
With over 21 million Internet users out of its 44-million population, Kenya ranks fourth in cybercrime cases in Africa behind South Africa, Egypt and Algeria, according to latest statistics by Kaspersky Lab.
The security breaches are boding ill for Nairobi's quest to become an African tech hub. Kenya has launched a global charm offensive to woo investors to its $14.5 billion Konza Techno City, which has been billed as Africa's Silicon Savannah.
The attacks by international hacktivist groups— including the notorious Anonymous, Gaza, TiGER-M@TE and Dz Mafia— have also put the current government, which pitched itself as a digital player in last year’s elections, to shame. President Uhuru Kenyatta and his deputy William Ruto have on several occasions claimed to be tech-savvy leaders, and Kenyatta was recently declared Africa's most followed head of state on Twitter.
But Latin America-based Anonymous cell Anon_0x03 last week had a field day hitting at the heart of Kenyatta’s administration, which is grappling with runaway online and offline crime and a rejuvenated opposition.
On July 21, the group infiltrated Twitter accounts operated by the Kenya Defense Forces and its spokesman Emmanuel Chirchir. The hackers also posted an image of the Guy Fawkes mask, a symbol associated with Anonymous, that anarchists and anti-government protesters have worn when showing up at physical protests in the U.S. and around the world.
Three days later, Anon_0x03 hacked and used Ruto’s Twitter account to send abusive messages and publish a list of government Web sites it had defaced. A member of the group told Radio France International (RFI) that it launched the attacks in response to “a cry for help” to expose corruption. With a score of 27 out of 100, Transparency International ranks Kenya among most corrupt countries in the world, at position 136 out of 177.
“Someone asked for help, and we work for people across the world,” the hacktivist told RFI’s English service Friday, adding that they “feel that there is a lot of corruption,” but people “don’t pay attention to Africa”.
The hackers’ campaign has sent jitters across the country after the intruders penetrated Web sites with state secrets, and sensitive security and financial information. They include sites operated by the Central Bank of Kenya, Department of Immigration and Registration of Persons, the government’s Integrated Financial Management Information System (IFMIS), Attorney General’s office and Kenya Police Service.
Multinational companies that have suffered the sting of the hacktivists include Google Kenya— whose Web site, www.Google.co.ke, was turned into a music site for hours in April 2013— commercial banks, telecommunication and media firms.
The hackers have not been expressly stating the reasons behind their campaign but a look at their posts on the affected sites gives clues about their motivations.
After infiltrating the Kenya military Twitter account on Monday, for instance, Anon_0x03 posted: “#cartels run Kenya, #sugar, #insecurityKE, #corruptionKE, #ivorytraffickingKE, #rhinopoachingKE”.
A deteriorating security situation, the rot in Kenya's collapsing sugar sector and the slaughter of elephants and rhinos for ivory have all been linked to official corruption. Some ivory hauls seized at the port of Mombasa and Jomo Kenyatta International Airport have been tied to powerful people in the current and former regimes.
The hackers also seemed to oppose Kenya’s anti-terror campaign against al-Qaeda-linked al-Shabab in neighboring Somalia. It posted a message saying that “violence produces violence” and faulted “spending money on AK47s”— messages that ran alongside images of hungry-looking children.
Gaza Hacker Team, which breached the Central Bank of Kenya Web site on July 22, 2013 had a similar message: “But all your interests and your citizens in all parts of the world will be our legitimate targets! So, if you want the safety of yourselves, possessions and interests from our revenge, depart all soldiers from our land.” Gaza Team, which has been targeting Israeli Web sites since 2008, has members and associates from various parts of the world.
Some of the attacks seem to be driven less by political than pecuniary interests. Kenyan commercial banks, for instance, have been losing millions of dollars to online fraudsters, including hackers, every year. Afraid of losing customers, many of the affected financial institutions choose to suffer in silence to the delight of the local and international online fraudsters.
Cyber security experts have attributed Kenya’s vulnerability to hacking to the use of outdated operating systems like Windows XP; open source software Joomla, Apache and MySQL whose security codes are available online for free; and pirated software, which has been costing software manufacturers like Microsoft millions of dollars every year.
Others have linked the snowballing menace to the government’s continued sacrificing of expertise at the altars of corruption, tribalism, nepotism and regionalism during recruitment into public service, police and the military.
The government, for instance, has yet to put out a firestorm ignited by a recent shambolic police recruitment scandal in which university graduates in criminology and other disciplines were left out in favor of high school graduates who had allegedly bribed their way into police training colleges.
The irony is that the current government also has also hired people who have been arrested and questioned by Kenya’s Serious Crimes Police Unit over charges of hacking local and foreign Web sites.
A director in the Office of the President was, for instance, arrested in March 2012 for allegedly hacking into confidential e-mails of the International Criminal Court and intimidating witnesses in the crimes against humanity case facing Kenyatta. The suspect was released after spending several days in police cells without facing charges.
The hackers are posing serious threats to Nairobi’s grand vision for a digital future following heavy investment in fiber optic internet network. The government has so far pumped over $57 million (Ksh5 billion) into the project.
But private companies and individuals are wary of jumping on the digital bandwagon after it emerged that police and experts in the ministry of Information and Communication lack the expertise to counter the sophisticated attack tactics employed by the hackers.
Martin Luther Bwanga, a former police officer who was attached to the anti-cybercrime unit at the Directorate Criminal Investigation, recently told the Daily Nation that Kenya does not have the capacity to deal with the current global upsurge in cybercrimes.
“It is not a secret that our police officers cannot match the sophistication of those who perpetrate cybercrimes. They lack the requisite training to do the job,” said Bwanga, who is now a forensic audit manager at a mortgage lender.
The hackers seem to have caught the Nairobi regime and Kenya’s cybercrime experts on the backfoot and the East African economic powerhouse is struggling to contain the menace before it gets out of hand.
Harry Misiko, a copy editor of the Daily Nation in Nairobi, is the 2014 Alfred Friendly Fellow at The Post. E-mail: firstname.lastname@example.org.