Kenyan intelligence networks believe they are about to unmask the real hackers behind attacks on Twitter accounts belonging to the government and its officials.
On July 21, a group calling itself ‘Anonymous Kenya’ hacked into the Twitter accounts of Kenya Defence Forces (KDF) and that of the military spokesman, Major Emmanuel Chirchir.
Since October 2011, when KDF troops crossed the border into Somalia, Chirchir has effectively used his Twitter account to pass information on the happenings in the battlefield against Al-Shabaab.
The faceless group posted unpleasant tweets, mocking KDF for carrying out a failed operation in parts of Somalia where Al-Shabaab holds sway. The group accused Chirchir of spreading war propaganda.
A week earlier, Anonymous Kenya had penetrated Deputy President William Ruto’s Twitter account and also defaced three government websites; Integrated Financial Management Information System of Kenya, Immigration Ministry and Reforms Kenya.
Intelligence agencies have said Anonymous Kenya is a branch of worldwide anonymous hackers network established in June 2012 under the camouflage identity Anon_0x03.
Chirchir told The Nairobian he believes there must be someone in Kenya who is working with the South American hackers. Described as prolific hackers, the group is operated by five hackers from Latin America and mainly target governments, the military and police.
It is suspected that one of its members is a 17-year-old boy identified as Manuel Herrera, who lives in Buenos Aires in Argentina.
“Another element is the possibility of Argentinean origin, seeing that the group has tweeted a photo of the Argentinean flag. In addition, some linguistic indications of Argentinean and Spanish were evident in some posts,” says an intelligence brief.
The group’s ideology is an anti-institutionalism agenda. Anonymous Kenya is the Kenyan branch of the worldwide hacking network. Other possible affiliations include Venezuelan Hackers, Voldem0rt and Le Chiffre. Kenya is targeted because of her involvement in the pacification of Somalia, close ties with the West and preference of a capitalist economy.
“Since the group’s Twitter account stated that it used to be part of a group titled Venezuelan Hackers, it is likely that at least one member within the group is of Venezuelan origin.
Moreover, the group used to publish a lot of Venezuelan related content and was mentioned in many tweets with Anonymous Venezuela,” reads the security alert shared between local and some foreign intelligence networks. Cyber-crime intelligence officers say the attack on Kenya is the first of its kind, claiming that no activity has been detected in Africa before.
“A fact confirmed by the interview given to Radio France Internationale (RFI), where the element (Anon_0x03) mentioned it was the first time the group attacked African targets. Furthermore, the element was explaining that sometimes they receive requests for help from other parts of the world, which was probably the case in Kenya,” states the brief.
The email address which is listed on the group’s Twitter profile used bitmessage protocol, which involves a decentralised, encrypted, peer-to-peer, trustless communications that can be used by one person to send encrypted messages to another person or multiple subscribers.
“Excluding the group’s Twitter account, no other vectors of communication were seen utilised by the group. There is an inactive Instagram account under the group’s name, with no content uploaded to it,” says the intelligence.
The other detected online activity of the worldwide group includes the Gaza war. The group expresses support for Palestinians while directing hostility towards Israelis.
“In addition, prior to the Israeli campaign, the element was chiefly involved in anti-institutional activities in a swath of countries, including defacing police websites in Thailand, hacking the Twitter account of the British National Party’s chairman Nick Griffin,” reveals cyber specialists who added that Argentina, Mexico and Bolivia were not spared.