How Anonymous and other hacktivists are waging war on Kenya
7/30/2014WASHINGTON — Hackers and other cyber criminals on the prowl are wreaking havoc in Kenya, threatening to turn the East African country’s dream of launching an e-government into a nightmare.
Hundreds of Web sites operated by government ministries and state-level institutions have been cracked, hacked and defaced in the last two years, with the hackers recording their biggest haul in January 2012 when an Indonesian intruder Direxer struck down 103 Web sites in one night.
With over 21 million Internet users out of its 44-million population, Kenya ranks fourth in cybercrime cases in Africa behind South Africa, Egypt and Algeria, according to latest statistics by Kaspersky Lab.
The security breaches are boding ill for Nairobi’s quest to become an African tech hub. Kenya has launched a global charm offensive to woo investors to its $14.5 billion Konza Techno City, which has been billed as Africa’s Silicon Savannah.
The attacks by international hacktivist groups — including the notorious Anonymous, Gaza, TiGER-M@TE and Dz Mafia — have also put the current government, which pitched itself as a digital player in last year’s elections, to shame. President Uhuru Kenyatta and his deputy William Ruto have on several occasions claimed to be tech-savvy leaders, and Kenyatta was recently declared Africa’s most followed head of state on Twitter.
But Latin America-based Anonymous cell Anon_0x03 last week had a field day hitting at the heart of Kenyatta’s administration, which is grappling with runaway online and offline crime and a rejuvenated opposition.
On July 21, the group infiltrated Twitter accounts operated by the Kenya Defense Forces and its spokesman Emmanuel Chirchir. The hackers also posted an image of the Guy Fawkes mask, a symbol associated with Anonymous, that anarchists and anti-government protesters have worn when showing up at physical protests in the U.S. and around the world.
Three days later, Anon_0x03 hacked and used Ruto’s Twitter account to send abusive messages and publish a list of government Web sites it had defaced. A member of the group told Radio France International (RFI) that it launched the attacks in response to “a cry for help” to expose corruption. With a score of 27 out of 100, Transparency International ranks Kenya among most corrupt countries in the world, at position 136 out of 177.
“Someone asked for help, and we work for people across the world,” the hacktivist told RFI’s English service Friday, adding that they “feel that there is a lot of corruption,” but people “don’t pay attention to Africa.”
The hackers’ campaign has sent jitters across the country after the intruders penetrated Web sites with state secrets, and sensitive security and financial information. They include sites operated by the Central Bank of Kenya, Department of Immigration and Registration of Persons, the government’s Integrated Financial Management Information System (IFMIS), Attorney General’s office and Kenya Police Service.
Multinational companies that have suffered the sting of the hacktivists include Google Kenya — whose Web site, www.Google.co.ke, was turned into a music site for hours in April 2013 — commercial banks, telecommunication and media firms.
The hackers have not been expressly stating the reasons behind their campaign but a look at their posts on the affected sites gives clues about their motivations.
After infiltrating the Kenya military Twitter account on Monday, for instance, Anon_0x03 posted: “#cartels run Kenya, #sugar, #insecurityKE, #corruptionKE, #ivorytraffickingKE, #rhinopoachingKE.”
A deteriorating security situation, the rot in Kenya’s collapsing sugar sector and the slaughter of elephants and rhinos for ivory have all been linked to official corruption. Some ivory hauls seized at the port of Mombasa and Jomo Kenyatta International Airport have been tied to powerful people in the current and former regimes.
The hackers also seemed to oppose Kenya’s anti-terror campaign against al-Qaida-linked al-Shabab in neighboring Somalia. It posted a message saying that “violence produces violence” and faulted “spending money on AK47s"_ messages that ran alongside images of hungry-looking children.
Some of the attacks seem to be driven less by political than pecuniary interests. Kenyan commercial banks, for instance, have been losing millions of dollars to online fraudsters, including hackers, every year. Afraid of losing customers, many of the affected financial institutions choose to suffer in silence to the delight of the local and international online fraudsters.
Cyber security experts have attributed Kenya’s vulnerability to hacking to the use of outdated operating systems like Windows XP; open source software Joomla, Apache and MySQL, whose security codes are available online for free; and pirated software, which has been costing software manufacturers like Microsoft millions of dollars every year.
Others have linked the snowballing menace to the government’s continued sacrificing of expertise at the altars of corruption, tribalism, nepotism and regionalism during recruitment into public service, police and the military.
The government, for instance, has yet to put out a firestorm ignited by a recent shambolic police recruitment scandal in which university graduates in criminology and other disciplines were left out in favor of high school graduates who had allegedly bribed their way into police training colleges.
The hackers seem to have caught the Nairobi regime and Kenya’s cybercrime experts on the backfoot, and the East African economic powerhouse is struggling to contain the menace before it gets out of hand.
---
Misiko, a copy editor of the Daily Nation in Nairobi, is the 2014 Alfred Friendly Fellow at The Washington Post.
bc-kenya-hackers