When the Kenya Revenue Authority (KRA) fired tech-savvy Edward Kiprop for misconduct, they did not realise he would later on use what they had hired him for to torment them: his ingenious computer skills.

After being banished from KRA, the agency responsible for collecting the country’s revenues, he hatched a scheme to siphon part of the cash into his personal account using a laptop hidden within the network chambers at Times Tower, Nairobi.

He connected the laptop through port 11 which allowed the ring of cybercriminals access crucial data, robbing the taxman of millions of shillings.

Mr Kiprop is part of the 11 cyber-crime suspects arrested early this week having played a critical role in depriving the country’s financial institutions of a massive Sh30 billion in two years alone.

The arrests were made in a sting operation in Nairobi by a multi-agency team. Besides the former KRA officer, also netted was a former police officer Calvin Otieno and international criminals who have been colluding with locals to commit these crimes. Those arrested included two Americans.

Records obtained by detectives show the institutions lost Sh17 billion last year and Sh14 billion in 2015.

Whereas Kenyan private and public sectors lost Sh10 billion in 2015, the financial sector lost Sh4 billion of that amount, a police report shows.

Facilitating theft

Detectives have blamed the trend on technological advancement, which has made Kenya a soft target by cyber-criminals.

Apart from KRA, other agencies that have been targeted by these tech-savvy criminals include the National Transport and Safety Authority (NTSA), Saccos and the Independent Electoral and Boundaries Commission (IEBC).

The criminals hacked the systems of the institutions in the period stealing data and money undetected.

In 2016 alone, KRA, NTSA, DTB Bank, Equity Bank, Police Sacco, Stima Sacco, Kenya Power were hacked, police said. The criminals also have international contacts to countries such as Moldova, Belgium and France. Investigations show they conspire with employees of the targeted institutions who provide access to the networks remotely using Remote Access Tools (RATS) to manipulate records in the computer system.

KRA officials on Wednesday evening demonstrated how one of their former employees planted a software in one of their systems which was sending crucial data to his system. The ex-employee had formed an international ring that installed malware into the system that allowed them take data from the institution’s system facilitating theft.

This prompted an operation that saw the suspects arrested from their residences in Kilimani area. The Daily Nation reported this on Thursday.

Head of Special Crimes Prevention Unit Noah Katumo said they seized an AK47 rifle and drugs from the suspects’ residences. Some of the suspects were later taken to KRA offices on third floor on Wednesday evening where they demonstrated how they have been hacking the system.

Commissioner General John Njiraini, who was present, said the institution played a leading role in unearthing the syndicate and hence the arrests.

The suspects had left a laptop hidden within the network chambers at KRA offices and connected through port 11, which allowed the ring access crucial data. Officials at KRA said the suspects have been robbing financial institutions using salami attacks, which is a software that steals small undetectable amounts before launching a major attack. They have also been doing electronic transfers from these institutions.

There are also claims that the suspects were planning to manipulate IEBC system ahead of the August polls. “There are fears their plans included hacking IEBC system in conjunction with the Russians,” said a police report.

The probe was launched after Banking Fraud Investigations Unit was informed that the Kenya Police Sacco lost Sh50 million to fraudsters. This was later linked to Otieno.

Also in custody is 52-year-old American, Larry Peckham II, who police say usually communicated with the son and daughter of a prominent politician. Another American 32-year-old woman, Denise Huitron, was also arrested at an apartment along Riverside Drive, Nairobi.

Former KRA employee Edward Kiprop, one Albert Komen Kipkechem, suspended KRA official David Ndungu Wambugu and Alex Mutungi Mutuku were also arrested. Otieno, Kipkechem, Wambugu and Mutuku have pending court cases for cyber-crime.

Police say Kiprop is linked to the group’s ability to access NTSA system through KRA and hence register a number of cars illegally. Wambugu is also believed to be the main suspect in hacking KRA and working with his accomplices in fleecing data and money. He is a graduate of JKUAT in BSc IT.

One James Mwaniki is a programmer who creates software used by Saccos. He, however, leaves backdoor access within the software, which he uses to gain illegal access in the future. Eleven suspects were Wednesday presented before a JKIA court and police were allowed to hold them for 20 days as the probe goes on.