The Independent Electoral and Boundaries Commission (IEBC) has denied claims that hackers infiltrated its servers and obtained the personal details of at least 61,000 registered voters.
This was after the Directorate of Criminal Investigations (DCI) said it had arrested a 21-year-old fraud suspect said to have hacked into the servers IEBC.
Police said the suspect and others gained to IEBC’s database and stole the personal details of 61,617 registered voters from a county in western Kenya.
The data found in his possession contains names of registered voters, their ID numbers and dates of birth.
However, IEBC chairman Wafula Chebukati said the reports were not factual and argued the register of voters is kept in a Biometric Voter Registration (BVR) system, which he said has never been tampered with since it was installed eight years ago.
He said the BVR system was designed to have its own isolated network making it difficult for hackers to infiltrate it.
“The Commission’s register of voters is kept in a Biometric Voter Registration (BVR) system, which is hosted on several servers. The BVR system has been designed to have its own isolated network, set of servers as well as user account directory to ensure integrity, confidentiality and high availability,” he said.
Chebukati said Sunday the data in question could have been obtained from entities that acquired it through legitimate means.
The Constitution allows the IEBC to give part of the register of voters - for specific electoral areas at a fee.
“The commission services numerous requests by various entities requiring the register of voters for specific electoral areas. These requests are serviced upon payment of certain fees and in accordance with privacy laws requiring personally identifiable information to be kept confidential,” he said.
He added since the installation and commissioning of the system eight years ago the BVR system that hosts the register of voters used during elections has never been hacked because the servers are not connected to the open internet.
“The rest of the Commission’s entire internal network is behind a high-security firewall system.”
He said what is currently being reported in the media is not data obtained through hacking of the BVR system but possibly from entities that may have legitimately obtained from the Commission through formal request and upon payment of requisite fees.
DCI boss George Kinoti said the fraudsters used the date to contact different wireless carriers and convince the customer service agents that they are the true owners of the lines.
Upon successful sim swapping, the suspect is granted full access to the victim’s online accounts.
The suspect who was expected in court Monday is believed to have previously worked for one of Kenya’s mobile phone networks, was found with a gunny bag full of Safaricom, Airtel and Telkom sim cards.
The suspect is from Mulot, Bomet County making it the latest arrest to be made at the place in a series that has been ongoing in the past months.
For the last five years, several suspects, all-hailing from Mulot, have been arrested in connection to SIM swapping, M-Pesa and general fraud.
DCI has already flagged Bomet as a hotspot for mobile and bank fraudsters.
The fraudsters do SIM swaps by cloning victim’s accounts before stealing the cash from the account.
In some cases, they use the victim’s details to borrow money from online lending platforms. Most of them are young and known to be heavy spenders at social joints.
The area, along the Narok-Bomet-Kaplong highway, has gained notoriety as the headquarters of mobile money frauds in the country. The group is mixed with university students and some mere high school dropouts.
In March, detectives arrested five suspects in Kasarani, Nairobi. Police recovered more than 2,000 SIM cards, 15 mobile phones and a register with names of victims. Four of them were from Mulot while one of them was from Embu.
In October 2019, another group of seven suspects were also arrested in Kabete, Kiambu county where police recovered more than 200 SIM cards and several mobile phones.
Police say they are still yet to crack the link between the two places and the fraud. Most of the suspects are still in court.
