Hacking Safaricom lands duo in court

Safaricom chief executive Bob Collymore. FILE PHOTO | NMG
Safaricom chief executive Bob Collymore. FILE PHOTO | NMG 

Two men suspected of having links with terrorist organisations were yesterday charged in court for hacking telecoms operator Safaricom’s #ticker:SCOM network and stealing Sh266,000 belonging to a mobile phone subscriber.

Robert Nsale, a Ugandan , and Morgan Kamande were first arrested on March 31 after Safaricom reported unauthorised access to its network.

“A report was booked at Parliament Police Station by one Erick Mugo, a senior manager at Safaricom’s fraud investigation department, who had reported unauthorised access to the telecom operator’s protected system,” police said in court papers.

Safaricom said in a statement that the affected customer lost money through an illegal SIM swap and that he was later refunded.

Initial police investigations linked the breach to a Safaricom staff account but further investigations showed that a phone number registered to one Edward Waweru was used to execute the attack.

The suspects brought to court yesterday were found in possession of the SIM card used in the hacking attempt and a laptop with “the unauthorised access information”.

Police yesterday asked for more time to trace Mr Waweru, the owner of the SIM card, and the agent who registered the phone number. They were been granted 15 days.

Safaricom sought to reassure customers,  saying that its risk management unit caught the intrusion immediately before it could escalate into something bigger.

“I wish to assure our customers that all their data is safe and we have no evidence of any money being removed from the system,” said Safaricom chief executive, Mr Bob Collymore.

Safaricom said that it adheres to international standards on information security and data management.

The company investigated 27 cases of fraud in the 2016 financial year, two of which ended up in court.


The two men involved in the Safaricom hack have also been linked to terrorism.

They were initially released on a bond but were later arrested again after investigations by the Anti-Terrororism Police Unit showed they may be involved in terror related hacking activities with larger a larger criminal network affiliated to ISIS and ISIL cyber caliphate in the country.

Increased technological access has been a double-edged sword in Kenya as incidences of cybercrime have been on the rise. 

Internet security firm Serianu estimates that Kenyan businesses had lost about Sh18.1 bilion ($175 million) to cybercrime last year. Audit firm Deloitte recently predicted that losses to cybercrime would peak this year.

A 28-year-old man, Alex Mutungi Mutuku, was last month arrested and charged with hacking the Kenya Revenue Authority’s (KRA’s) systems, leading to a loss of Sh4 billion.