Financial institutions lose Sh30b in two years to cybercriminals

Nairobi, Kenya: Financial institutions lost a staggering Sh30 billion to cybercriminals who hacked their systems in the last two years.

Records obtained by detectives show the institutions lost Sh17 billion last year and Sh14 billion in 2015.

Whereas Kenya private and public sectors lost Sh10 billion in 2015 the financial sector losing Sh4 billion of that amount, a police report shows.

This came afore after a multi-agency team arrested at least 11 suspects in an operation in Nairobi.

Those in custody include a former police officer who worked with cybercrime unit and a former Kenya Revenue Authority official.

Detectives have blamed the trend on technological advancement, which has made Kenya a soft target by cyber criminals.

Other institutions targeted are Kenya Revenue Authority (KRA), National Transport and Safety Authority (NTSA), Saccos and the Independent Electoral and Boundaries Commission (IEBC).

The criminals hacked the systems of the institutions in the period stealing data and money undetected.

In 2016 alone KRA, NTSA, DTB Bank, Family Bank, Equity Bank, Police Sacco, Stima Sacco, Kenya Power were attacked by hackers, police said.

Among those in custody include international criminals who have been colluding with locals in committing the crimes.

The criminals also have international contacts to countries such as Moldova, Belgium and France.

Investigations show they conspire with employees of the targeted institutions who provide them with access to the networks remotely using Remote Access Tools (RATS) and manipulate records in the computer system.

The hackers use other tools such as key loggers, Remote Access Tools (RATs) such as GoToMyPc, Blackshades, Progdata and malware, which they install into a PC on the institution’s network.

KRA officials on Wednesday evening demonstrated how one of their former employee planted a software in one of their system which was sending crucial data to his system.

The former employee had formed an international ring that installed malware into the system that allowed them take date from the institution’s system hence steal money.

This prompted an operation that saw the suspects being nabbed from their residences in Kilimani area. Among those in custody is former police officer Calvin Otieno who had been working with the DCI’s cybercrime unit, a former KRA employee and two US citizens.

Head of Special Crimes Prevention Unit Noah Katumo said they seized an AK47 rifle and drugs from the suspects’ residences.

Some of the suspects were later taken to KRA offices on third floor on Wednesday evening where they demonstrated how they had been hacking the system.

Commissioner General John Njiraini who was present said the institution played a leading role in unearthing the syndicate and hence the arrests.