Hacked! The dark side of the internet

I hear there are days when a phone ringtone was literally answered by person by whiping out a classic rep flip phone to answer the call. Back then, the ‘flip’ or the ‘slide’ was the privilege among the creme de la creme.

We are told the children of today will never get the joy of playing the game “Snake Xenzia” or bounce with the famous cell phones like Nokia 3310 or as we call them today “katululu”.

It almost seems hieroglyphics to imagine writing makeshift emojis using semi colons, hyphen and parenthesis, or the weird “xaxa” texts and sending a disclaimer saying “usinitext nimerudisha simu”. Those are the days where you’d get your favorite music from since YouTube or Spotify were nowhere to be found.

Such memories leave you going down memory lane, thinking you’re slowly becoming a fossil, which is true. You might think or feel like this was ages ago but you’d be surprised to know that this was actually less than 15 years ago.

This shocker comes as a result of the meteoric rise in advancements and technological progress that translates to today’s world where I can comfortably call my friend in another continent and have a  real time conversation rather than wait three months for my letter to get a reply via ship.

A key component in the growth is the internet which in 1995, had only 0.4 percent of the world’s population as user’s but currently 69 percent of the entire world’s population use the internet. The internet simply put is a worldwide network of computers and devices that allows communication between the devices across the globe. This connectivity allows for the exchange of information seamlessly making it a global village.

Especially with the invention of smartphones, Internet usage increased drastically and as of 2022 over 90 percent access the internet via their phones. Social media too has played a key role. It currently has over 59 percent of the world’s population using social media with Facebook being the most popular platform with approximately 4.2 billion users.

Through those 15 years the internet has generated a huge amount of data mostly from mundane amusement to personalised information. This data now referred to as the next gold has mostly been appropriated by private companies for sale to advertisers and political but once in a while get hacked into by thieves demanding a ransom for its sensitivity.

Personal data allows hackers to create another very valid virtual personality called identity theft to steal our money or commit fraud like transacting on behalf of our employers.

Cybercrimes are a growing concern in Kenya according to the Communications Authority of Kenya that reported an all time high of 359.2 million threats last year, a 133 percent increase from FY2020-21’s 154 million.

In 2018, business consulting firm Serianu said that Kenya loses about Kes33.5 billion to cyber criminals every year, an amount that has been increasing steadily, experts say.

For a long time these data breaches have been kept away from the public especially by financial institutions keen to keep the trust of their consumers. But once in a while news breaks out that a bank has been hacked like the new year’s eve incident where a Mombasa-based Microfinance bank’s IT systems were breached by a 22-year-old Francis Mairura, who made away with Kes900,000 before sending it to his own M-PESA accounts.

Odd for someone smart enough to breach bank systems, he clearly missed robbery 101 since he directly identified himself by sending to his own registered M-PESA. Fortunately for the DCI this was made easier and they arrested him on 21st January 2023 when he still had most of his loot, Kes600,000 left at his home in Kisii.

Most cases come up in court like the October 2020 NCBA systems hack by two second year JKUAT students. Antony Mwangi, 23, and Ann Wambui, 21, were charged with stealing Kes25.4 million from the bank and are also said to have attempted stealing an additional Kes190.7 million from the same institution.

Others are reported because they are prosecuted across border like the Equity Bank fraud cases in Uganda and Rwanda.

Telco giant, Safaricom has fallen victim, too. In February 2015, Alex Mutuku gained access to Safaricom convergent billing system. The telco looses approximately Kes3.6 million worth of airtime in the incursion from irregular top ups by different mobile numbers.

Two weeks later, Mutuku strikes again reeling with confidence from his initial breach. This time he allocates himself airtime worth Kes20,000 from the service provider. Luckily he’s  arrested and charged with electronic fraud.

Read also: Kenya in rush to check out trashy TikTok amid global bans

Now with the new data protection laws that require companies to notify the commissioner within 72 hours of breaches it is bound to expose the true rate at which Kenyans data is being hacked out there.

Recently Supermarket chain Naivas, which has the country’s largest retailer footprint, announced that it had been hacked via a ransomware attack by an online criminal organization and stated that the intrusion may have compromised some of its data.

Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files denying you access. A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files.

Naivas moved on to add that the attack had been contained and resumed operations normally. They took immediate steps to prevent external access by engaging leading American cyber security experts CrowdStrike to ensure system integrity.

The growing risk of cyber attacks and the reputational damage it could do to corporate handling our personal data has created a new impetus for companies and parastatals to be more conscious about their cyber security creating a growing market for solutions to add security and protect themselves from evolving cyber threats.

As the legal arms play catch up to this growing threats, increased activities and policies on data protection have subsequently increased the need for compliance and companies are setting aside good budgets to cater for their cyber security and schools are also offering programmes on cyber security. Companies want to safeguard their reputations, protect the clients data and maintain their systems integrity.

But even as companies seek to plug loopholes and make it harder to access your data, at the end of the day, it is all in your hands. “A wise man once said, you can either hack the device or the individual” the need to protect personal data starts by what you chose to put in the internet in the first place.

[email protected]

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.