The Directorate of Criminal Investigations (DCI) on Wednesday the 30th January 2019, published names and images of 130 suspects implicated with electronic fraud. The 130 comprising of 30 women and 100 men, are alleged to have hacked bank systems in the country.
In a seven-page pullout published in the local dailies on Wednesday, January 30, the DCI attached photographs of the suspects alongside their names and Identity card numbers, calling on the public to report their whereabouts to police.
Such fraud leads to the loss of colossal sums of money from banks and other financial institutions, according to police records that indicate a loss of Ksh 17 billion in 2016 up from Ksh 14 billion in 2015. Early 2018, the National Bank of Kenya (NBK) admitted to having lost Sh29 million in a fraud attack.
To address the risks posed to business continuity and the associated reputational risk arising from the increasing digitization of financial services, the Central Bank of Kenya issued a Guidance Note on Cybersecurity in 2017 that laid out the regulatory standards to industry participants on assessment and mitigation of Cybersecurity threats.
Under the regulations, banks were tasked to create safer and more secure cyberspace that underpins information system security priorities, to promote stability of the Kenyan payment system sub-sector, establish a coordinated approach to the prevention and combating of cybercrime, up-scale the identification and protection of Critical Information Infrastructure (CII) among others.
They also were obliged to promote compliance with appropriate technical and operational Cybersecurity standards in order to help maintain public trust and confidence in the national payment system.
Among the identified sources of cyber risk by the Central Bank of Kenya include a breach of institutions’ databases exposing its data to cybercriminals, unauthorized access to privileged accounts – a non-privileged user who gains access to a privileged account could control the entire system.
Others include people related attacks like phishing, a malware introduced through social engineering, that can be utilized to gain privileged system access to critical systems while interconnectedness of institutions could lead to a compromise in the institutions’ entry points such as through service providers.
In April 2016, detectives arrested 41 foreigners who were in the process of setting up a sophisticated communication centre in a house within Runda Estate of Nairobi, where from such crimes could be harbored.
Police said they obtained court orders from Milimani and Kiambu Chief Magistrates’ courts to hunt down the 130 who were targeting financial institutions in the country through a sophisticated hacking system. A list of phone numbers was provided for members of the public to call or send message to if they spot the suspects.
“The suspects listed are wanted by the Directorate of Criminal Investigation pursuant to a warrant of arrest issued by CM’s court Kiambu/CM’s court Milimani on January 24, 2019,” read the various pages. Continuing, “Any person with information to contact DCI Headquarters ECCU section, the nearest police station, call or SMS 0772627435, 0203343412, 0202861097 or email us on firstname.lastname@example.org.”