Kenya: Member of Hacking Syndicate Charged with Stealing Millions

Kenyan prosecutors charged Wednesday an IT expert with electronic fraud he allegedly committed as member an international cyber crime syndicate that stole millions from banks and government bodies.

13334048894 001d3e53d1 zKenya prosecutors charged IT experts with electronic fraud (Photo: Yuri Samoilov CC BY 2.0)Alex Mutungi Mutuku, 28, was arrested two weeks ago along with eight other suspects, including two U.S. expats, police and civil servants with contacts in Moldova, Spain, Belgium and France.

The group is believed to have stolen Sh30 billion (US$ 291.8 million) over two years by installing malware in computer systems that allowed them to manipulate records and seize data.

"It is a case of remote control hacking where the suspects operate smoothly with their machines and the next minute you realize you have no money in your account," state prosecutor Edwin Okello told Kenya’s Standard.

"The information we have is just a tip of the iceberg. The racket is big and involves people outside the country," he added.

The group performed so-called "salami attacks" - the theft of small undetectable amounts before launching a major attack.

They came under police scrutiny after Kenya Police Sacco, a savings cooperative, discovered it had lost Sh50 million (US$ 486,400).

Among those arrested was alleged leader Calvin Otieno Ogalo, a former police officer who sang in a choir while hacking banks every other day between 3pm and midnight.

Ogalo now has five cases against him in different courts, three of which are from banks.

An unnamed source told Daily Nation that Ogalo "was the most sought-after IT guy in fraud world."

Investigators found a laptop hidden within the network chambers of Kenya’s Revenue Authority that gave hackers remote access to their system. Several KRA employees were arrested in the sting.

Mutuku has been charged with stealing Sh4 billion (US$ 38.9 million) from KRA but denies the accusations.

Investigators say that some of those arrested have contact with "prominent politicians and their relatives." Before the final results of Kenya’s 2013 General Election, the group is believed to have accessed the servers of the Independent Electoral and Boundaries Commission.

A police report said "there are fears their plans included hacking IEBC system in conjunction with the Russians."