Police holding two over NIC Bank database hacking


A branch of NIC Bank on Wabera Street in Nairobi. PHOTO | FILE

Police are holding two suspects accused of hacking into NIC Bank’s database and later demanding Sh5.9 million ($65,000) from the lender.

Mr Alex Mutungi and Mr Stanley Kimeu are said to have threatened to publish the confidential information they had obtained if they were not given the money.

The suspects were arrested at 1am at a house in Nairobi on Friday and their phones and laptops seized, the investigating officer told the Milimani Court on Monday.

“I’m investigating a case of unauthorised access of a computer service, contrary to the Communication Commission of Kenya Act 2013. We have an allegation that the suspects gained access into the IT systems of the NIC Bank and need more time to finalise the probe,” said Charles Odhiambo of the Flying Squad police unit.

A third suspect in the case, Mr Sylvester Muthoka Kamula, was Monday charged at the chief magistrate’s court with stealing Sh2.8 million from the NIC Bank head office on August 2 and 5.

He was released on bond pending the hearing of the case.

The Flying Squad officer told the court that the suspects were first taken to Tala after the arrest and later to Machakos before being locked up at the Muthaiga Police station.

The officer also asked the court for five working days to complete investigations, saying that if the suspects were released before crucial evidence had been secured “they may access the network from any location and interfere”.

READ: IT sector players lament growing cases of cyber crime

Milimani resident magistrate Hellen Kugura granted the request for further detention but directed that the suspects be detained for two days at the Kilimani Police station.

“There are seized electronic material which are undergoing forensic analysis at the cyber-crime unit...the nature of investigations being conducted involves mobile phones and laptops,” the police officer said.

“The offence is cyber-related and if they gain access to the network there is a likelihood that they may compromise ongoing investigations. They are IT experts,” he said.

Meanwhile, the case against Mr Kamula has been set for hearing on January 1.

There is a likelihood that he may be enjoined for trial with the other two as the offences are related, the court was told.

Banks have been victims of fraud, with annual losses estimated at over Sh1.6 billion.

Security experts say the amounts reported reflect only a small part of the real losses suffered since banks prefer taking internal disciplinary action in cases involving employees to avoid loss of reputation risk that comes with going public.

The losses have been attributed partly to poor system controls by the banks.

The lenders last year moved their customers to the more secure chip and pin card technology (commonly referred to as EMV) to curb theft at point-of-sale and automated teller machines (ATM).

A bank whose non-compliant ATM is used for fraud is expected to absorb all losses associated with the theft, according to an agreement signed by the lenders.