Nairobi, Kenya – A report on China’s hacking attacks against the government of Kenya has sparked debate in the East African country about the security of the country’s systems.
The Reuters news agency reported on Wednesday that as of 2019 Chinese hackers targeting key ministries and state institutions in Kenya’s government as debts piled up.
After President William Ruto took office in September, the East African nation started to decrease borrowing from Beijing, while the latter also started to adopt a more cautious approach to borrowing post-COVID-19 due to debt accumulation concerns for African countries.
As of January, Kenya’s external debt was $34 billion. One-sixth of that is owed to China, which remains Kenya’s largest bilateral lender.
And now news that China was allegedly spying on its debtors has led Kenyans to question the cybersecurity of the country’s systems and its readiness to fend off similar attacks.
“We have to take this cybersecurity issue seriously or we are doomed,” said Twitter user Emmy Odongo.
Ferdinand Ragot — an IT expert and ethical hacker who hacks into computer networks to test and evaluate their security — told Al Jazeera he wouldn’t be surprised if the Chinese hacked into the systems as a show of political muscle or to gain access to private information. state information.
He said that while it may be difficult to determine who the hacker was, identifying the country of origin of the attacks is easier.
Cyber attacks and diplomacy in the debt trap
A Kenyan cybersecurity expert told Reuters he was brought in by authorities in Nairobi in late 2019 to assess the breach of a government-wide network and find out who the hackers were and what they had access to.
He said the attackers gained access when a Kenyan government employee unwittingly downloaded an infected document, allowing hackers to infiltrate the network and gain access to other agencies.
Eight ministries and government departments of Kenya, including the Presidential Office, National Intelligence Agency, National Treasury and Ministry of Foreign Affairs, were targeted over a three-year period, according to the Reuters report. The attackers stole a huge trove of documents related to Kenya’s external debt.
The attackers, the report said, were trying to obtain information about the billions of dollars in debt owed to Beijing and Kenya’s repayment strategies.
China has been criticized in recent years for what is known as “debt-trap diplomacy”, the art of using its debtors’ debt to expand its influence abroad.
According to AidData, a US research lab at the Virginia-based College of William & Mary, the terms of Beijing’s loans to developing countries are also usually classified and require borrowing countries to prioritize repayment to state-owned Chinese banks over other creditors.
In 2017, bugs were found at the African Union headquarters in Addis Ababa, five years after an investigation found secret data from the AU being copied to servers in Shanghai.
The leak was discovered after technicians noticed a spike in data usage at 2 a.m. when the building, a $200 million gift from the Chinese to the African Union, was mostly empty. Beijing denied any involvement in that episode.
On Wednesday, the Chinese embassy in Nairobi also denied allegations of hacking into Kenyan government files, saying the allegations are “far-fetched and sheer nonsense”.
“Hacking is a common threat to all countries and China is also a victim of a cyber attack,” the embassy said in a statement. press statement on Wednesday. “China consistently and resolutely opposes cyber attacks and cyber theft in all forms.”
The statement added that tracing the source of cyberattacks was too complex a technical matter to put cyberattack labels on a foreign government without solid evidence.
“Whether the cooperation between China and Kenya is good or not, the people of the two countries have the most to say,” the embassy statement said. “Any attempt to sow discord between China and Kenya is doomed to failure and will only bring shame.”
The Kenyan presidency said on Wednesday that hacking attempts by Chinese entities were not unique, adding that the government was also unsuccessfully targeted by “frequent infiltration attempts” by Chinese, American and European hackers.
Mixed reactions
Governments should have policies to train employees to avoid phishing, a common method hackers use to breach systems, Ragot said.
“Basic training like how to handle emails from unknown people, not clicking links before verifying the source, and not installing any tools or software on their devices,” he said. “Wearable devices should also have end-to-end encryption.”
“Unless we want to make our own devices, we should always be ready to be hacked,” said Twitter user Maritim Cheruiyot, who criticized the government’s laxity.
Other Kenyans questioned the report, wondering why China should hack into government systems to extract information that is readily available to the public. “I’m surprised China would have to hack to get that information,” Nairobi-based investor and stock trader Aly-Khan Satchu said on Twitter.