EACC closes in on bank account hacking ring

**Stealing a credit card through a laptop concept for computer hacker, network security and electronic banking security.** [Photo: Standard]

The Ethics and Anti-Corruption Commission (EACC) has completed investigations against a key suspect believed to be behind a hacking racket that has seen financial institutions lose billions of shillings.

The agency said yesterday it would forward the file of the suspect, who was arrested while attempting to bribe investigators looking into a hacking case involving his brother and cousin.

“Investigations are now complete and we shall be forwarding the file to the Director of Public Prosecutions any time now,” said EACC Spokesman Yassin Amaro in an interview.

He said the commission expected to charge the businessman by next month. The case is expected to give the public a rare glimpse into the dark world of hackers who have been giving banks and other institutions sleepless nights.

The suspect was arrested recently when he attempted to bribe a Directorate of Criminal Investigations (DCI) officer to release his brother and cousin who had been arrested for suspected cybercrimes.

He is suspected to be one of the ring leaders of the cyberattacks, working alongside his brother and cousin to execute hacking of local banks’ systems.

The DCI recently published the photographs of 134 suspected fraudsters in the national newspapers and issued arrest warrants for all the suspects. The suspect’s brother and cousin were on the list.

Investigators want to establish whether the businessman acquired his three passports (Kenyan, Somali and American) legally.

Intelligence sources said they believed some of these passports could have been acquired fraudulently.

The case will also shed light on how attackers conspired to alter customer prepaid card balances and data at the National Bank of Kenya, leading to a loss of Sh6.7 million.

The Economic Crimes Unit at the DCI said in the notice that the suspects had engaged in banking fraud between June last year and January this year.

“The suspects are wanted in connection with electronic fraud by hacking into banks systems. Any person with information on their whereabouts should contact the DCI headquarters or the nearest police station,” the notice read.

This comes at a time when the Central Bank of Kenya (CBK), the sector regulator, has asked lenders to brace themselves for heightened risks to their IT systems in the wake of rising cases of cybercrimes in financial institutions.

In what appears to be a growing trend, Kenya lost an estimated Sh14 billion to cybercriminals in 2015, with the figure rising to Sh17 billion the following year and Sh21 billion in 2017.

The figures could be much higher given that most attacks go unreported as financial institutions try to protect their image in the eyes of their customers and the public.

The latest report from the Communications Authority (CA) notes that the National Cybersecurity Centre detected 3.82 million cyber threats between July and September last year. This is up from 3.46 million threats reported in the previous quarter - April to June.

The CA report suggests that the threat exposes many Kenyan companies, institutions and co-operative societies to the risk of cyberattacks.

In the first quarter, the banking sector remained the most targeted industry followed by Government institutions.

The communication sector regulator says that only 0.17 per cent (6,384) of the total threats were determined as critical, validated and escalated for action.