"Sponsored propaganda!" - Gov't responds to article alleging Chinese cyber-attack on Kenya’s critical systems

A report by Reuters published on Wednesday, May 24 alleged that Chinese hackers targeted Kenya's government in a widespread, years-long series of digital intrusions against key ministries and state institutions.

The report claimed that two of its sources assessed the hacks to be aimed, at least in part, at gaining information on debt owed to Beijing by the East African nation: Kenya is a strategic link in the Belt and Road Initiative - President Xi Jinping's plan for a global infrastructure network.

The Kenya Kwanza Government has responded to the article, urging Kenyans to treat it as a sponsored propaganda by some forces hellbent in undermining the country's sovereignty.

In a statement from Principal Secretary for Internal Security and National Administration Dr Raymond Omollo, the government says the allegations presented in the article have not been subjected to authoritative proof of existence by the relevant persons from both the Kenyan and the Chinese governments.

Here is PS Omollo's full statement

Our attention has been drawn to a news article published by Reuters (https://reuters.com/) under the headline “Exclusive: Chinese hackers attacked Kenyan government as debt strains grew.”

The story, which was first posted on May 23, 2023 and updated on May 24, 2023, features serious claims about a series of cyber-attacks and infiltration of critical and sensitive systems belonging to, and operated by, the Government of Kenya.

Further, it insinuates that the attacks were carried out under the aegis of the Government of the People’s Republic of China, which is an act tantamount to deliberate economic espionage against Kenya.

Having carefully interrogated the claims, we wish to respond as follows:

1.  The allegations presented in the article have not been subjected to authoritative proof of existence by the relevant persons from both the Kenyan and the Chinese governments.
2. In the absence of (1) above, the alleged motive behind the said attacks cannot be subsequently established beyond doubt.
3. The bulk of the critical networking infrastructure deployed by the Government of Kenya is sourced from the People’s Republic of China. It is reasonable, therefore, to contemplate that if the country of origin desired to infiltrate the same systems it has helped install, it would unlikely engage third-party hackers.
4. Just like in many other countries across the globe, Kenya’s cybersecurity infrastructure is formative, and this portends inherent high-risk exposure to cyber threats. Therefore, attempted cyber-attacks are not unordinary occurrences. The Government and its agencies are alive to this reality, and the necessary precautions that are under constant review to match the dynamic nature of the threats landscape have been deployed.
5. The totality of (1-4) above leads to a supposition that the article, considering its choice of the so-called “cyber-security experts” interviewed, is aimed at provoking a particular response from the Government of Kenya. The deliberate stoking of panic and mistrust with an established vendor of sensitive infrastructure hints at geopolitical and global rivalries for markets for niche equipment and attendant services and leverages.
6. The article should be viewed as sponsored propaganda. The wide circulation and the alacrity for its attribution by other foreign media with well-known inclinations further hint at a choreographed and concerted attack against Kenya’s sovereignty.
7. The Government of Kenya will continue to strengthen the security and resilience of all its Critical Information Infrastructure Systems (CIIS). This is being done through the national security policy, cybersecurity laws (The Computer Misuse and Cybercrimes Act of 2018 and The Data Protection Act of 2019) as well as other regulations.
8. Kenya is also enhancing its threat detection and mitigation systems and capacities. Through the National Computer and Cybercrimes Coordination Committee (NC4), the Government is also investing in a stronger and better coordinated cyber security regime.