Kenya dismisses Reuters report on Chinese hackers as 'sponsored propaganda'

Kenya has admitted that China runs the bulk of its critical networking infrastructure but insisted that Chinese hackers have not attacked government departments as alleged by an expose by the Reuters News Agency.

In a statement released Thursday evening by Interior Principal Secretary Raymond Omollo, the government said the allegations presented in the article were not "subjected to authoritative proof of existence by the relevant persons from both the Kenyan and the Chinese governments".

“In the absence of the above, the alleged motive behind the said attacks cannot be subsequently established beyond doubt,” said the PS.

The report claimed that the hacks went on for three year,  targeting eight of Kenya’s ministries and government departments, including the Office of the President and the National Intelligence Service (NIS).

The government questioned why China would opt to hack systems that it installed.

“The bulk of the critical networking infrastructure deployed by the Government of Kenya is sourced from the People’s Republic of China. It is reasonable, therefore, to contemplate that if the country of origin desired to infiltrate the same systems it has helped install, it would unlikely engage third-party hackers,” said Mr Omollo. 

On Thursday, the Chinese Embassy in Nairobi also refuted the claims in the report, terming them an attempt to sow discord between Nairobi and Beijing.

“The said false report is groundless, far-fetched and sheer nonsense. Hacking is a common threat to all countries and China is also a victim of cyber-attacks. China consistently and firmly opposes and combats cyber-attacks and cyber theft in all forms. Tracing the source of cyber-attacks is a complex technical issue,” the statement from the embassy read.

PS Omollo added that just like in many other countries across the globe, Kenya’s cybersecurity infrastructure is formative, which portends inherent high-risk exposure to cyber threats.

“Attempted cyber-attacks are not unordinary occurrences. The government and its agencies are alive to this reality and the necessary precautions that are under constant review to match the dynamic nature of the threats landscape have been deployed,” he said, adding that the report is a deliberate attempt at stoking panic and mistrust.

“The article should be viewed as sponsored propaganda. The wide circulation and the alacrity for its attribution by other foreign media with well-known inclinations further hint at a choreographed and concerted attack against Kenya’s sovereignty,” added the PS.

He said the government will continue to strengthen the security and resilience of all its Critical Information Infrastructure Systems (CIIS) through requisite laws and regulations and investments in stronger cyber security systems.

The hacking report coincided with the kick off of the ID4Africa conference that seeks to encourage African countries to adopt digital identities.

Kenya will on September 16 launch its Unique Personal Identifier (UPI) that will be used as the railroad to an integrated database that the government is in the process of consolidating to ease access to government services via the e-Citizen platform.

As at Tuesday morning, 6,200 out of a total 7,800 government services had been digitised.

“We are not planning to do fresh registration. We are going to bridge together all these databases to create a master population register of all persons living and working in Kenya including refugees," Immigration and Citizen Services PS Julius Bitok explained on Tuesday.

"For example, as we speak right now, we have 31.5million registered Kenyans in our NRB database. What we just need to do is clean that data and transit it into a national identity that is the UPI."

[email protected]