In a major international crackdown on cybercrime, 24 Kenyans have been arrested as part of an operation named Serengeti. The joint effort, led by Interpol and Afripol, targeted criminals involved in online credit card fraud, ransomware, and other digital crimes. Investigators revealed that the group was responsible for stealing KSh 1.1 billion (USD 8.6 million) by hacking into banking systems and exploiting their security flaws.
The stolen money was transferred through SWIFT codes to accounts in the United Arab Emirates (UAE), Nigeria, and China, and later moved to digital asset platforms for trading and other financial activities.
The operation also led to arrests in 19 African countries, with authorities detaining 1,006 suspects and dismantling over 134,000 malicious online networks.
The Serengeti operation is part of a larger global initiative to combat cybercrime, especially in Africa, where digital fraud has been on the rise. The investigation found that Kenyan criminals were targeting both local financial institutions and international victims using advanced hacking tools and fraudulent scripts.
According to Interpol, over 35,000 victims were identified during the operation, with a combined financial loss of almost USD 193 million globally.
Key support for the operation came from private sector partners like Internet Service Providers (ISPs). They provided intelligence, secured infrastructure, and helped authorities identify vulnerabilities in networks.
The Inspector General of Police, Douglas Kanja, is leading Kenya’s collaboration with Afripol, ensuring the operation’s success locally. This effort highlights Kenya’s growing commitment to combatting cybercrime through partnerships and advanced investigative tools.
Kenya recently joined the Council of Europe (CoE) Convention on Cybercrime, also called the Budapest Convention. This treaty promotes international cooperation in cybercrime investigations and standardizes laws to fight crimes like hacking, online fraud, and data breaches.
In recent years, Kenyan banks and institutions have faced several major cybercrime cases that highlight the growing threat. In 2019, hackers exploited weaknesses in mobile lending apps to steal millions from customer accounts. In 2020, ATM card skimming syndicates used devices to steal card information, leading to significant losses and lawsuits from affected customers. By 2022, SIM swap fraud became a major issue, with criminals taking over victims’ mobile numbers to access and drain bank accounts. In 2023, businesses were targeted through email scams where hackers pretended to be senior managers, tricking employees into transferring money to fraudulent accounts. These incidents show the urgent need for stronger cybersecurity measures in Kenyan financial institutions.
Dr. Raymond Omollo, the Principal Secretary for Internal Security, emphasized the importance of building strong cybersecurity capabilities. He stated that as Kenya’s reliance on technology grows, so does its vulnerability to sophisticated cyber threats. Joining the Budapest Convention strengthens Kenya’s ability to handle international cybercrime cases.
Kenyan banks are increasingly vulnerable to sophisticated cyberattacks as criminals adopt advanced technologies like AI-driven malware and exploit system vulnerabilities. Traditional security measures are no longer sufficient to combat these evolving threats, leaving financial institutions exposed. The financial consequences of these breaches are significant, not just in direct monetary losses but also in damage to the banks’ reputations. Customers lose trust in institutions that fail to secure their data, which can lead to reduced customer loyalty and market share.
To tackle these challenges, Kenyan banks should adopt advanced security measures such as multi-factor authentication (MFA) and real-time fraud detection systems to safeguard against unauthorized access and fraudulent activities. Regular security audits and penetration testing are crucial to identifying and fixing vulnerabilities in their systems. Training bank employees to recognize cyber threats like phishing scams is equally important, as human error is often the weakest link in cybersecurity defenses.
Collaboration with law enforcement agencies and cybersecurity experts is another key strategy. By sharing intelligence and resources, banks can stay ahead of emerging threats. Finally, educating customers about safe online banking practices will empower them to recognize and avoid potential scams, reducing overall exposure to cybercrime. Strengthening cybersecurity will not only protect Kenya’s banking sector but also enhance customer confidence and support the country’s growing digital economy.
