The Independent Electoral and Boundaries Commission(IEBC) has dismissed claims that the IEBC database has been hacked.
This is after detectives attached to Directorate of Criminal Investigations(DCI) arrested a fraud suspect who is said to have gained access into IEBC’s database and acquired personal details of 61,617registered voters from a county in western Kenya.
In a press statement, the electoral commission said that the information is not factual stating that the Biometric Voter Registration(BVR) system which is hosted on several servers are not connected to the open internet.
“The BVR system has been designed to have its own isolated network, set of servers as well as user account directory to ensure intergrity, confidentiality and high availability. Since installation and commissioning of the system 8 years ago the BVR system that hosts the register of voters used during elections has never been hacked because the servers are not connected to the open internet,” stated IEBC.
Additionally, the commission said that the rest of its entire internal network is behind a high security firewall system.
IEBC avvered that what is being currently being reported in the media is not data obtained through hacking of the BVR system but possibly from entities that may have legitimately obtained from the commission through formal request and upon payment of requisite fees.
Identified as Kiprop, the suspect is believed to have been operating a high-tech mobile phone scam syndicate.
The data, which was found in his possession contains names of registered voters, their ID numbers and dates of birth.
DCI said using the fraudulently acquired personal details the suspects contact different wireless carriers and convince the customer service agents that they are the true owners of the line.
Upon successful SIM swapping, the suspect is granted full access to the victim’s online accounts.
The 21-year-old believed to have previously worked for one of Kenya’s mobile phone networks was arrested on Friday morning and a gunny bag full of SIM cards belonging to Safaricom, Airtel and Telkom mobile phone service providers recovered.
“His arrest followed a joint operation by detectives and Safaricom investigators after the suspect swindled an Mpesa agent an unspecified amount of money,” the DCI said.
The suspect was arrested in Juja by sleuths from the Crime Research and Intelligence Bureau, supported by Safaricom’s fraud investigations team and Jomo Kenyatta University of Agriculture and Technology security officers.
The George Kinoti led department further said the fraudster masquerading as an Mpesa customer care attendant called the agent and lured her into dialing unspecified codes.
“Before the agent realised that she was in a phony call, she had already lost cash from her money lending account. The money was sent to an Mpesa account belonging to one of the fraudulently acquired SIM cards before being transferred to an account at Cooperative bank,” DCI said.
The suspect and his accomplices who escaped DCI’s dragnet narrowly are believed to have swindled unsuspecting members of the public millions of shillings through the pretentious scheme.