Some hackers even use the social media to brag about their exploits, where they are known to use fancy nicknames.
Calvin Ogalo, one of the suspects arrested during the recent high-profile police operation, was respected because he was allegedly involved in some of the toughest “jobs”. But it appears there was an adrenaline rush pushing him to be more and more adventurous — never mind he had been arrested a number of times earlier and had pending court cases. The hackers are also said to have formed a local and international network. In the recent case in Nairobi, among the suspects detained were 52-year-old American Larry Peckham II and Ms Denise Huitron, 32. Police are investigating the pair’s alleged contact with cyber criminals based in Spain, France, Moldova, and Belgium.
There is also always room for bragging, it seems. In March 2013, Mr Alex Mutungi Mutuku, one of those arrested recently, posted on Facebook detailing the procedure of obtaining the Daily Nation e-paper. Readers usually have to pay to read the complete version of the paper online but he demonstrated how to beat the firewall. He said he had created the e-paper hacking mechanism through a programme he came up with when he was a first-year student at the University of Nairobi.
4. Making money while at it
The end game for most hacking activities is to make money, and often the path to riches is not straightforward.
Speaking to Nairobi News in June last year, Mr Bruce Donovan — who is the regional manager for computer security firm ESET East Africa — revealed that remotely blocking computers is the commonest way through which hackers make money.
The attack happens through what is called ransomware, where a hacker locks your computer and makes a message flash on the screen that unless you pay them, you will lose all the data.
“Ransomware remains one of the most prevalent forms of internet threats and prevention is essential to keep users safe. Therefore, users should keep their operating system and software updated, use a reliable security solution with multiple layers of protection, and regularly backup all important and valuable data at an offline location,” Mr Donovan said.
Part of their money-making schemes also include obtaining sensitive information from a company then contacting them with a threat to release the material — as one of the arrested people is suspected to have done before.
But because some firms prefer to jealously guard their information, the tactic does not work for all hackers, according to Mr Kanyanjua.
“Most of the times, companies will not respond. Companies don’t want to accept they’ve been hacked. But if hackers were to declare how many companies they’ve hacked today in Kenya, you’ll be shocked,” he said.
Besides ransomware, hackers are also obsessed with how to make money by forging credit cards.
CNBC, a US-based television channel that focuses on business news, last year published the observations of a “white-hat” hacker whose job is to break into computer systems of various companies, upon invitation, to check for vulnerabilities.
Mr Billy Rios said that once hackers get access to user’s confidential information, they log on to the victim’s online banking account and cart away the savings.
He also revealed that hackers have created databases of credit card information where anyone can buy and use elsewhere, adding that he had heard of hackers who have stolen medical information then got services in a hospital using another person’s insurance.
To stem this, Mr Wanjohi urged Kenyans to be vigilant.
“So long as the user — who is basically a door to the computer — is not careful at all, then vulnerabilities are there,” he told Lifestyle.
Kenyan banks are estimated to have lost at least Sh20 billion to hackers, which is proof that criminals targeting local facilities mean business.
Part of the problem, Mr Kanyanjua said, is that many institutions like to keep mum when their systems are attacked.
“They will not tell you directly that they’ve been hacked. We do an assessment then in the process you realise there are some strange people in their systems. So, most of the cases when we do our assessments, we end up finding that they’ve been hacked in one way or another. You know, hacking is quite broad,” he said.
Some of the suspects arrested in Nairobi recently have more than one criminal case against them, mostly related to hacking. With cash bail terms ranging from Sh20,000 to Sh700,000 among those arrested, it means a hacker will need a supply of cash to ensure he is out to continue with his business as the trial continues.
However, the government proposes stiffer penalties against hackers, which may see the cash bails rise. The Cyber Security and Protection Bill 2016, which is still in Parliament, proposes to jail hackers for up to five years.
“A person who, without authorisation intentionally accesses in whole or in part, a computer system or network, commits an offence and is liable on conviction to a term of imprisonment not exceeding five years or to a fine not exceeding one hundred thousand shillings or both,” says part of the Bill, drafted under the watch of ICT Cabinet Secretary Joe Mucheru.
5. Bitcoin is often a hacker’s first choice currency
How Bitcoins are generated and how they become money is a subject that only a few people can understand, given that it needs a computer to generate a Bitcoin. But considering the fact that the currency moves online without leaving a clear trace, it appears to be the most preferred mode of exchange among hackers.
In criminal case against one of the suspects arrested two weeks ago, Mr Mutuku, police say that the accused demanded money in Bitcoins from NIC Bank in December 2014. The prosecution alleges that Mr Mutuku and his co-accused wanted 200 Bitcoins or else they would publish confidential information they had obtained after hacking into the bank.
Mr Mutuku has denied the charges, but according to Mr Wanjohi, who occasionally posts on Facebook to educate users on how to keep hackers at bay, most hackers are keen not to leave tracks.
“They don’t want to leave a digital footprint of themselves,” said Mr Wanjohi, adding that what often gives away hackers is that they leave logs behind after an attack, which is traced back to them.