NAIROBI, Kenya, Jan 30 – The Directorate of Criminal Investigations on Wednesday released photos of 130 suspects wanted over electronic fraud and hacking into bank systems.
DCI boss George Kinoti said warrants of arrest for the suspects have been issued by the Chief Magistrate’s court in Kiambu and Nairobi’s Milimani and is now urging members of the public to volunteer information about the suspects.
The fraud is said to have led to the loss of colossal sums of money from banks and other financial institutions – and sometimes involved insiders.
The suspects’ pictures are circulated in the daily newspapers.
“Any person with information to contact DCI headquarters -ECCU section, the nearest police station, call or SMS 0772 627 435, 020 334 3412, 020 286 1097 or email us on [email protected],” DCI Kinoti appealed.
In 2018, Kenyans lost millions of shillings to hackers and this did not spare financial institutions.
In early 2018, the National Bank of Kenya admitted losing Sh29 million in a fraud attack.
According to police records, financial institutions lost Sh17 billion to the fraudsters in 2016, an increase from Sh14 billion in 2015.
To address the risks posed to business continuity and the associated reputational risk arising from the increasing digitization of financial services, the Central Bank of Kenya issued a Guidance Note on Cybersecurity in 2017.
The note set out the regulatory standards to industry participants on assessment and mitigation of cybersecurity threats.
Under the regulations, banks were tasked to create safer and more secure cyberspace that underpins information system security priorities, to promote stability of the Kenyan payment system sub-sector, establish a coordinated approach to the prevention and combating of cybercrime, up-scale the identification and protection of Critical Information Infrastructure (CII) among others.
They are also supposed to promote compliance with appropriate technical and operational cybersecurity standards in order to help maintain public trust and confidence in the national payment system.
Among the identified sources of cyber risk by the Central Bank of Kenya include a breach of institutions’ databases exposing its data to cybercriminals, unauthorized access to privileged accounts – A non-privileged user who gains access to a privileged account could control the entire system.
For example, hiding criminal acts by modifying or deleting log files or disabling detection mechanisms.
Others include people related attacks like phishing, malware introduced through social engineering that can be utilized to gain privileged system access to critical systems while interconnectedness of institutions could lead to a compromise in the institutions’ entry points such as through service providers.
In April 2016, detectives arrested 41 foreigners who were in the process of setting up a sophisticated communication centre in a house within Runda Estate in Nairobi.
Police said the suspects were targeting financial institutions in the country through a sophisticated hacking system.
In 2014, a cyber command centre, with the ability to disrupt communication systems in the country was found with the same estate.