Internet Fraud: Lessons From Kenya

Recently, the internet and mainstream media have been buzzing with news of how Interpol-led investigations are underway, with over 1000 and more suspects under police custody across several countries. Among these, are 26 Kenyans who were arrested in the international joint operation that involved Kenya shs.1.1 billion (US$8.6 million) online credit card fraud targeting Kenyan financial institutions.

Ugandans last week were treated to almost the same debacle when reports and media were awash with headlines of how Shs. 62 billion (approximately $16.8 million) mysteriously disappeared from the Bank of Uganda. Hackers broke into the Bank of Uganda’s IT system and stole around 62 billion Ugandan shillings. However, investigations showed that the hacking story was a cover-up for an inside job. It’s alleged that a group of individuals, possibly including those from the Ministry of Finance’s Treasury Department and the Accountant General’s office, created fake expenditures for waste management activities and sent the money out in two batches. The rest of this story is in several newspapers and the internet for curious readers to find, but what are lessons we can all learn from the incidences that have rocked these two East African countries?

According to Digital 2024: Uganda, the number of internet users in Kenya in 2024 is approximately 47.8 million, while Uganda has around 13.30 million internet users. With social media usage, Kenya has around 12.3 million social media users, while Uganda has approximately 2.60 million social media users. These statistics indicate that Kenya has more internet users compared to Uganda. However, Uganda’s internet user base is rapidly growing, with a 10.3% increase in internet users between January 2023 and January 2024.

According to Africa Defense Forum magazine published in October 2024, cybercriminals see Africa as a testing ground and so governments and businesses are being plagued by ransomware, hacking and identity theft.

Similar internet fraud schemes

Surprisingly, these two incidents are not the first of their kind; in 2018 in Kenya, an online pyramid scheme called “Wakanda” which promised unusually high returns on investment, defrauded thousands of Kenyans of millions of shillings. The next year 2019, a phishing scam called “M-Pesa” had scammers who sent fake M-Pesa messages to victims, tricking them into revealing their PINs and stealing their money. In Uganda, an “Online loan” scam in 2020 saw several Ugandans losing money to online loan scams, which promised easy and quick loans but turned out to be fraudulent.

Interventions made by Uganda

Uganda has in place regulatory bodies like the UCC (Uganda Communications Commission) which is the regulatory body for the communications sector in the country that has implemented measures to combat cybercrime, including the establishment of a cybersecurity department.

The National Information Technology Authority (NITA-U) regulates the IT sector and has established guidelines for cybersecurity, data protection, and online safety.

Legislatively, Uganda has in place the Computer Misuse Act (2011) which provides a legal framework for combating cybercrime in Uganda. It criminalizes offences such as unauthorized access to computer systems, data tampering, and cyber-stalking. Also, in 2019, the Data Protection and Privacy Act (2019) was enacted into law, which regulates the collection, storage, and use of personal data. It aims to protect an individual’s right to privacy and prevent data breaches.

There have been public awareness campaigns by both bodies, that is, UCC and NITA-U to educate citizens about online safety, cybersecurity, and the risks associated with internet fraud. More interventions are being put in place.

“To achieve a more cyber-safe environment for all organizations globally, we need to increase awareness of this growing issue,” says Performanta CEO Guy Golan, as reported by the cybersecurity news site Dark Reading. “It is only through understanding the trends and patterns of geopolitical cyber warfare that will enable us to bring clarity to the global threat landscape.”

Lessons to learn from the Kenyan incident

 Kenya is a technology hub in East Africa, earning the nickname “Silicon Savannah.” The country boasts a robust ICT infrastructure, with six undersea cables connecting it to the global digital network, meaning many young people there have uninterrupted access to all digital platforms and some wrong elements can cleverly outmanoeuvre any lax security systems in the financial sector and businesses to steal information and monies. Kenya has its government bodies driving the digital economy like the Ministry of Information Communication and the Digital Economy (MICDE), ICT Authority (ICT-A) and Communications Authority (CA), which have their mandated roles. The recent incident in Kenya, which involved a complex cybercrime scheme and required Interpol’s intervention, offers valuable Uganda. Here are some key takeaways;

1. Uganda needs to invest in robust cybersecurity infrastructure, including firewalls, intrusion detection systems, and encryption technologies. These are expensive for small businesses but are very necessary and important if one is to survive being hacked into as every business is shifting operations to the digital space. “A lot of the institutions in Africa, both public and private, have a very low level of cybersecurity readiness and are therefore vulnerable,” says Dr. Robinson Sibe, CEO of the Nigeria-based cybersecurity company Digital Footprints.

2. We need to review and strengthen our laws and regulations related to cybersecurity and cybercrime as a country. This includes implementing measures to prevent money laundering and terrorist financing.

3. Cybercrime knows no boundaries, and international cooperation is essential to combat it. Uganda should therefore strengthen its collaboration with international organisations, such as Interpol and regional bodies, to share intelligence, best practices, and expertise.

4. Uganda needs to invest in developing local cybersecurity talent through education, training and capacity-building programs. These will help address the shortage of skilled cybersecurity professionals in the country. “Africa has one of the lowest numbers of cybersecurity experts in the world,” Sibe says. “You cannot wage a formidable war against cyber criminals without competent staffing. To solve this sustainably, governments need to strategically strengthen educational institutions. The idea is to raise competencies to fill the widening gap in cybersecurity talents.”

By learning from the recent incidents in Kenya and implementing these measures, Uganda can strengthen the risk of similar incidents occurring in the future.

References

1) Cybercriminals See Africa as Testing Ground Ransomware, Hacking and Identity Theft Plaque Governments and Businesses by ADF Last updated Oct 21, 2024 https://adf-magazine.com/2024/10/cybercriminals-see-africa-as-testing-ground

2) https://www.trade.gov/country-commercial-guides/kenya-digital-economy Last published date: 2024-09-18

3) https://www.nita.go.ug/advice-consumer-1

4) https://stratnewsglobal.com/africa/uganda-admits-hacking-of-bou-systems-but-denies-loss-of-reported-amount/ Uganda Admits Hacking Of BoU Systems But Denies Loss Of Reported Amount By Tripti Nath; - Nov 29 2024, 13:05

5) Digital 2024: Uganda https://datareportal.com/reports/digital-2024-uganda 23 February 2024 by Simon Kemp

6). INTERPOL Arrests Kenyans Involved in KSh 1.1bn Credit Card Fraud by Brian Nzomo November 30, 2024 https://kenyanwallstreet.com|interpol-arrests-kenyans-involved-in-ksh-1-1bn-credit-card-fraud

7) Bank of Uganda awaiting police report on alleged $17 mln hacking theft Published: Fri, 29 Nov 2024 04:33:00 GMT by Elias Biryabarema Reuters https://www.cnbcafrica.com/2024/hackers-steal-17-mln-from-uganda-central-bank-state-paper/