Detectives make strides in hacking probe, IEBC targeted

IEBC officials register voters at MV Patel Memorial Hall in Huruma, Uasin Gishu County, on February 18, 2017. Hackers are believed to have accessed the servers of the Independent Electoral and Boundaries Commission (IEBC) in the 2013 polls. PHOTO | JARED NYATAYA | NATION MEDIA GROUP

What you need to know:

  • The detective revealed that they had completed investigating the data breach at the Kenya Revenue Authority.
  • No Kenyan had also contacted the police in relation with the hacking but the investigator was optimistic that complaints would soon emerge.

Detectives questioning 19 suspects arrested in connection with hacking of banks and several other firms have now turned their attention to the gadgets they seized, even as more arrests are expected following interrogation of the alleged hackers this week.

On Saturday, a senior investigator told the Sunday Nation that because a magistrate allowed them to confiscate and probe phones and computers from the suspects’ homes, the next task will be to gather information and pursue new leads.

This is even as the case took a political angle yesterday because investigators have so far discovered that “prominent politicians and their relatives” had contacts with some of those arrested.

They are also believed to have accessed the servers of the Independent Electoral and Boundaries Commission (IEBC) before final results were announced after voting in the 2013 General Election.

Mr Aden Duale, the Majority Leader in the National Assembly, demanded the identification and arrest of a member of the opposition implicated in the case, pressing for answers on whether the politician was also involved in the hacking of banks and whether proceeds of crime are being used to finance the individual’s activities.

“Any attempt to hack into the IEBC database is criminal and those mentioned must be arrested,” he said Saturday.

Mr Duale claimed that recent allegations by the opposition that there were plans to rig the General Election in favour of Jubilee were meant to divert attention.

“It all makes perfect sense now. The whole noise about rigging of August elections by Cord (Nasa) leaders was meant to divert attention.

"It was a plot to hoodwink Kenyans to look the other way when, indeed, the opposition leaders were the ones busy attempting to interfere with the election,” said Mr Duale.


The Garissa Town MP demanded that parliamentary committees and the Ethics and Anti-Corruption Commission probe the matter.

“It is outrageous that a top Cord leader, who has been at the forefront of claiming that Jubilee would rig the elections, is linked to repeated attempts to infiltrate the IEBC database through hacking.

"Nothing can be more bizarre and criminal than attempting to subvert democracy to suit a few power-hungry individuals,” said Mr Duale in a statement to newsrooms.

Contacted, IEBC Communications Manager Andrew Limo sought to calm fears that the commission’s systems were open to manipulation.

“Like any other institution managing critical data, the Commission has continued to invest in secure systems to respond to any emerging technology threats and guard against vulnerabilities.”

The detective who spoke to the Sunday Nation revealed that they had completed investigating the data breach at the Kenya Revenue Authority (KRA) and that their next assignment was the National Transport and Safety Authority (NTSA).

“In fact, NTSA is one of the most affected,” the detective said, saying that they had discovered that the number of staff collaborating with the hackers’ ring was significant.

Several number plates were recovered from a house belonging to one of the suspects.

A laptop seized from the KRA headquarters in Nairobi earlier in the week, the detective said, had provided “very good leads”.

The laptop had been hidden inside a routers’ cabinet inside Times Towers and it had been giving the hackers privileged access to KRA data.

The compromised server was then linked to the office of one of the suspects, located at Afya Centre.

By yesterday, no bank had come forward to join forces with the police in probing the case, despite suspicion that lenders may have lost at least Sh20 billion in the last two years through the hacking ring.

With the exception of KRA, which claimed to have played a key role in unearthing the matter, no other agency had so far contacted the police to be enjoined in the probe.

No Kenyan had also contacted the police in relation with the hacking but the investigator was optimistic that complaints would soon emerge.

The Sunday Nation on Friday spoke to a woman who lost money from a local bank late last year in an attack that the detective said must have been coordinated by one of the arrested people.

As investigators follow leads that may lead to the arrest of more suspects before a lapse of the 20-day period granted to them by Jomo Kenyatta International Airport resident magistrate Muthoni Nzibe, the Sunday Nation has obtained fresh details about a number of those arrested in the case.

One of the alarming elements of the network is its global nature.

Among those detained was 52-year-old American, Larry Peckham II and another 32-year-old woman, Denise Huitron.

The pair is alleged to have been in contact with cyber criminals based in Spain, France, Moldova, and Belgium.

The Kenyans detained include Calvin Otieno Ogalo, who police say is the leader of the gang, Mr David Ndungu, Mr Albert Kipkechem, Mr Gilbert Kipkechem, Mr James Mwaniki, Mr Alex Mutungi, Mr Omar Ibrahim and Mr Joseph Kirai.

Yesterday, the detective who spoke to the Sunday Nation disclosed that Mr Ogalo, besides having been linked with the alleged hacking of the IEBC servers in 2013, raiding the Integrated Financial Information Systems (Ifmis) of Kitui County in 2016, and digitally breaking into a number of banks, has been found to have orchestrated a hack against a public university.

According to the detective, Mr Ogalo manipulated a marks database of the university where he awarded marks for Continuous Assessment Tests for 25 students.

Mr Ogalo, according to information from the criminal cases against him in various courts, has been operating with two ID numbers.

He now has five cases against him in different courts, with three top banks being complainants in three of the cases.

Mr Ogalo, who presents himself in public as a staunch Seventh Day Adventist church member and is even active in the church’s choir, is said to have had a change in fortunes after the 2013 General Election. 

This was revealed yesterday by a friend of Mr Ogalo’s who visited the Nation Centre. He said Mr Ogalo’s first office was at the ground floor of a building on Nairobi’s Kimathi Street.

He said it was so small that “more than three people could barely fit in”.

From that office, he occupied himself with asking for passwords from bank employees, which they would use to hack into databases of the institutions.

He is alleged to have later got involved in credit card fraud with some West Africans.

The source said that after an exposé about the last General Election on a local TV station, Mr Ogalo changed his habits.

“After that he started operating outside the city centre. Only on rare occasions was he spotted at a coffee house on Mama Ngina street,” said the friend, who added that after the exposé, “he was the most sought-after IT guy in fraud world”.

“In public, he avoided the company of fraudsters. You will always find him in company of SDA church choir members,” the friend said.

A police document seen by the Sunday Nation indicates that one of the suspects, Mr Omar Ibrahim alias “Mbuzi”, is a younger brother of an aspirant seeking a seat in Nairobi.

It says that both Mr Ibrahim and the aspirant are close to Mombasa Governor Hassan Joho.

But in a rejoinder, Mr Richard Chacha, Mombasa County’s Director of Communications and Public Relations, rubbished attempts to link Mr Joho to the syndicate, urging the public to let police conduct their investigations.

“You have friends and you don’t control what your friends do. The fact that you have been seen with them in public on a few occasions does not make you part of their actions,” Mr Chacha said yesterday.

Opposition chief Raila Odinga’s spokesman Dennis Onyango did not immediately respond to requests for comment on Mr Duale’s claims.

Another suspect with an intriguing history is 28-year-old Alex Mutungi Mutuku.

Mr Mutuku was in January 2015 charged with two counts relating to an attack against NIC Bank electronic systems.

And in April 2015, he was charged in connection with the hacking of a mobile phone company’s systems that saw airtime stolen and sold to others.

It is the same Mr Mutuku who, in March 2013, posted on Facebook detailing the procedure of obtaining the Daily Nation e-paper.

Readers usually have to pay to read the complete online version of the paper but he demonstrated how to beat the firewall.

He said he had created the e-paper hacking mechanism through a programme he came up with when he was a first year student at University of Nairobi.

When he appeared in court in relation to hacking into NIC Bank systems, Mr Mutuku and his co-accused, Stanley Kimeu, were — in the first count — charged with theft, attempted extortion and blackmail.

Prosecutors said the two sent threatening emails to the bank, demanding that the lender gives them 200 bitcoins (then equal to about Sh6.2 million) or else they would publish sensitive information that they had gathered by hacking into its systems.

In the second count, Mr Mutuku was accused of stealing Sh2.8 million from NIC Bank by collaborating with his co-accused and an employee of the bank. The theft was said to have been done between August 2 and 5, 2014.

The two denied the charges and each was released on a Sh700,000 cash bail, with the alternative of depositing a Sh1 million bond with a similar surety.


You're all set to enjoy unlimited Prime content.