Kenyan police are holding a Ugandan on suspicion of attempting to hack into the electoral agency’s systems and working with the Islamic State group.
Mr Ronnie Nsale is also being investigated over hacking into databases of banks, mobile phone companies and money transfer service providers.
He was arrested on Friday and after spending the weekend in cells, police took him to court on Monday and asked for more time to complete investigations into claims that he stole money from Safaricom and several banks.
Police were allowed to detain him for three days. They said it was while in custody that the terrorism angle was discovered.
Mr Nsale was taken to court for the second time Thursday. The court allowed anti-terrorism detectives to hold him for 15 days.
He was in court with Mr Morgan Kamande, who is also being investigated for links to terrorist groups.
Safaricom issued a statement saying one of its customers lost Sh266,000 “through an unauthorised SIM Swap”.
“However, proactive action saw him refunded immediately,” the statement said.
The company added that it foiled an elaborate cybercrime fraud attempt to hack into its systems.
According to the statement, Safaricom’s risk management unit detected the intrusion and immediately escalated it to security agencies.
Safaricom CEO Bob Collymore said the company maintains a state-of-the-art information security system, which easily triggers an alarm if a breach is detected.
“This matter is being treated with the seriousness it deserves with the suspects due to be arraigned for hacking and fraud. I wish to assure our customers that their data is safe and we have no evidence of any money being removed from the system,” Mr Collymore said.
He said the issue was sensitive and that details would be provided at a later date “to avoid jeopardising the ongoing investigations”.
But it is the issue of the Independent Electoral and Boundaries Commission and the IS, the terrorist group that declared a caliphate in Syria and Iraq, that has escalated the importance of the investigation.
An officer close to the investigation told the Nation that the two men were found with Internet Protocols (IPs) of IEBC and Safaricom servers as well as those of several banks.
Investigators said Mr Nsale’s other associates were in contact with wanted IS agents in and outside Kenya.
The prosecution said the two were being investigated for hacking into computer systems of “vital and key installations, agencies and a telecommunication service provider”.
The court was told that the hacking resulted to a loss of unspecified “huge amount of monies”.
The prosecution said more details would be disclosed in camera.
“Their actions can jeopardise the country’s security,” Mr Duncan Ondimu, the prosecutor, said.
“The Anti-Terrorism Police Unit has been investigating the presence of ISIS/ISIL cyber caliphate in the country and whether the hacking of computer systems was linked to the terror groups, but will require more time since the information to be examined is about one terabyte,” Mr Ondimu said.
The two were arrested on March 31 in connection with fraudulent activities at Safaricom.
They were initially released on bond but were rearrested immediately thereafter and locked up at Central Police Station, Nairobi.
Later, they were transferred to the ATPU headquarters.
According to an ATPU detective, they are being investigated for “providing property and services for the commission of terrorism, collection of information for the same and obstructing the course of justice”.
“Pursuant to intelligence information received and evidence gathered so far, there has been an increase in the use of the cyber space by ISIS/ISIL/DAESH propagating terrorism and related activities,” the court heard.
The prosecution said Mr Nsale refused to produce his passport and that his travel history was yet to be ascertained “as he frequently leaves and jets back into the country”.
The prosecution also told the court it intended to contact the Ugandan Immigration department on the matter.
The court was told that the pair had associates who were yet to be apprehended and that they had refused to reveal their identities.
A senior manager at Safaricom’s fraud investigation department reported on March 10 an unlawful access to the company’s protected systems and the two were held at Parliament Police Station and later released.
Investigations had initially targeted Safaricom staff on suspicion of targeting the system remotely.
Detectives also pointed to a number belonging to a Mr Edward Migwi Waweru, who is still at large.
Police are looking for a Safaricom agent who registered the line. The case will be mentioned on April 21.
Safaricom moved to reassure its customers saying the company routinely and proactively implemented preventative and detective controls around its information security on its platforms.
“The firm holds the globally acclaimed ISO 27001 Information Security Management System certification that confirms adherence and implementation of appropriate processes and controls relating to mobile data, mobile money services, cloud services, billing and customer support,” the statement said.
“Safaricom complies with laws regarding protection of customers’ privacy and consumer data in line with Article 31 of the Constitution of Kenya and the Kenya Information and Communications Act.”
In his LinkedIn account, Mr Nsale markets himself as senior information security consultant at Lockheed Martin.
He also says he is a “certified information systems security professional specialising in IT security solutions, with notable success directing a broad range of IT initiatives while participating in planning and implementation of information security solutions in direct support of business objectives”.
- Morgan Kamande (left) and Ronald Nsale in a Nairobi court on April 6, 2017 during the hearing of a case in which they are accused of hacking into databases of banks.