Disbelief in Kenya over alleged Chinese cyberattack on gov’t data

A report on infiltration of government networks by Kenya’s largest creditor has Kenyans asking how secure their systems are.

China-financed project in Nairobi
China is Kenya's biggest foreign creditor and has financed a number of projects, including the Nairobi Expressway shown here, built under a public-private partnership with the China Road and Bridge Corp [Thomas Mukoya/Reuters]

Nairobi, Kenya – A report about China carrying out hacking attacks on Kenya’s government has sparked debate in the East African country about the security of the nation’s systems.

Reuters news agency reported on Wednesday that beginning in 2019, Chinese hackers targeted key ministries and state institutions in Kenya’s government as its debt piled up.

After President William Ruto took office in September, the East African nation began to reduce borrowing from Beijing even as the latter also began adopting a more cautious lending approach post-COVID-19 over concerns about debt piling for African countries.

As of January, Kenya’s external debt stood at $34bn. A sixth of this is owed to China, which remains Kenya’s biggest creditor after the World Bank.

And now, news that China was reportedly spying on its debtors has led to Kenyans questioning the cybersecurity of the country’s systems and its preparedness to repel similar attacks.

“We need to take this issue of cybersecurity seriously, otherwise we are doomed,” Twitter user Emmy Odongo said.

Ferdinand Ragot – an IT expert and ethical hacker, who hacks into computer networks to test and evaluate their security – told Al Jazeera he would not be surprised if the Chinese hacked the systems as a display of political muscle or to access private state information.

He said that while it might be difficult to tell who the hacker was, identifying the originating country of the attacks is easier.

Cyberattacks and debt-trap diplomacy

A Kenyan cybersecurity expert told Reuters that he was brought in by authorities in Nairobi in late 2019 to assess the breaching of a government-wide network and find out who the hackers were and what they accessed.

He said the attackers gained access when a Kenyan government employee unknowingly downloaded an infected document, allowing hackers to infiltrate the network and access other agencies.

According to the Reuters report, eight of Kenya’s ministries and government departments, including the presidential office, the National Intelligence Service, the National Treasury and the Ministry of Foreign Affairs, were targeted over a three-year period. The attackers stole a vast trove of documents pertaining to Kenya’s foreign debt.

The attackers, the report noted, sought to gain information on the billions of dollars in debt owed to Beijing and Kenya’s repayment strategies.

China has been criticised in recent years for what is known as “debt-trap diplomacy”, the art of leveraging the debt burden of its debtors to expand its influence abroad.

The terms of Beijing’s loans to developing countries are also usually secretive and require borrowing nations to prioritise repayment to Chinese state-owned banks ahead of other creditors, according to AidData, a US research lab at the Virginia-based College of William & Mary.

In 2017, bugs were found at the headquarters of the African Union in Addis Ababa, five years after its investigations revealed that classified data belonging to the AU was being copied to servers in Shanghai.

The leak was discovered after technicians noticed a peak in data usage at 2am when the building, a $200m gift from the Chinese to the African Union, was mostly empty. Beijing denied any involvement in that episode.

On Wednesday, China’s embassy in Nairobi also denied claims of hacking Kenyan government files, saying the allegations are “far-fetched and sheer nonsense”.

“Hacking is a common threat to all countries and China is also a victim of cyber attack,” its embassy said in a press statement on Wednesday. “China consistently and firmly opposes and combats cyber attacks and cyber theft in all forms.”

The statement added that tracing the source of cyberattacks was too complex a technical issue to pin cyberattack labels on a foreign government without solid evidence.

“Whether the cooperation between China and Kenya is good or not, the people of the two countries have the most say,” the embassy statement said. “Any attempt to sow discord between China and Kenya is doomed to failure and will only disgrace oneself.”

Kenya’s presidency said on Wednesday that hacking attempts by Chinese entities were not unique, adding the government had also been unsuccessfully targeted by “frequent infiltration attempts” from Chinese, American and European hackers.

Mixed reactions

Governments ought to have policies to train employees to avoid phishing, a common method hackers use to breach systems, Ragot said.

“Basic training like how to treat emails from unknown persons, not clicking on links before verifying the source and not installing tools or software in their devices,” he said. “Portable devices should have end-to-end encryption too.”

“Unless we want to make our own devices, then we should always be ready to be hacked,” Twitter user Maritim Cheruiyot said, criticising the government’s laxity.

Other Kenyans doubted the report, questioning why China would need to hack government systems to find out information that is readily available to the public. “I am surprised that China would need to hack to get that information,” Nairobi-based investor and stock trader  Aly-Khan Satchu said on Twitter.

Source: Al Jazeera