DAILY NATION
Inside Forkbombo, the dreaded Kenyan cybercrime gang
Sunday, July 25, 2021
By Brian
Wasuna
Nation Media Group
In 2010, financial institutions in Kenya began experiencing a surge in cyber-attacks. At the time, authorities believed they could swiftly contain the threat. Initially, hackers focused on stealing small, nearly undetectable sums in what is known as salami attacks before escalating to large-scale financial thefts.
Soon,
corporate organizations also fell victim to these cybercriminals, who managed
to siphon significant amounts of money from banks and other institutions. Among
the officers assigned to dismantle these cybercrime networks was Calvin Otieno
Ogalo, a detective with exceptional skills in tracking digital crimes.
By
2012, Ogalo had identified and traced some of the most skilled hackers in the
country who had successfully compromised highly secured financial systems.
However, instead of apprehending them, he allegedly brought them together,
forming what would become East and Central Africa’s most feared cybercrime
syndicate—Forkbombo.
Though
Alex Mutungi Mutuku became the most publicly recognized member of the gang,
other key players reportedly included Reuben Kirogothi Mwangi, Eric Dickson
Njagi, Godfrey Gachiri, Erickson Macharia Kinyua, and Stanley Kimeu Mutua. The
group also included Henry Achoka, Duncan Bokela, Martin Murathe, former Kenya
Revenue Authority (KRA) officers Edward Kiprop Langat and David Wambugu, as
well as Albert Komen and James Mwaniki.
Initially
engaged in minor scams, these hackers eventually evolved into masterminds of
multi-million-shilling financial heists under Ogalo’s leadership. Forkbombo’s
operations became increasingly sophisticated, with the group employing both
remote system intrusions and insider collaborations to compromise institutions.
The
Rise of Forkbombo
Ogalo’s
tenure at the Directorate of Criminal Investigations (DCI) came to an abrupt
end in 2012 under undisclosed circumstances. By 2013, the group had honed its
ability to bypass some of the most advanced cybersecurity measures, enabling
them to target institutions at will.
Rather
than using traditional armed robbery tactics, Forkbombo’s members infiltrated
financial networks discreetly. They planted malware and physical devices in
secure areas, allowing them to extract money without resorting to violence.
Investigations into cyber heists frequently led back to a common email
address—forkbombo@gmail.com—giving rise to the gang’s name.
The
gang’s first high-profile crime took place in 2013 when they infiltrated the
Judiciary’s financial system and manipulated the National Treasury into
approving fraudulent payments amounting to KSh 80 million. However, the scheme
unraveled when CFC Bank (now Stanbic) sought verification from the Judiciary’s
finance head, Benedict Omollo. Four members—Achoka, Bokela, Mwangi, and
Murathe—were subsequently arrested and later convicted in January 2020.
Mwangi’s prison term is set to begin in 2029 after completing a separate
sentence in Rwanda for attempting to hack Equity Bank.
Multiple
Cyber Heists
Over
the next four years, Forkbombo orchestrated several attacks on financial
institutions, often eluding capture by securing release on bail whenever
members were arrested.
In
December 2014, Mutuku and Kimeu were detained for hacking NIC Bank (now NCBA)
and attempting to blackmail the institution by threatening to leak confidential
customer data unless paid KSh 6.2 million in Bitcoin. At the time, Bitcoin was
valued at KSh 31,000 per unit, making it an ideal transaction medium for
criminals seeking anonymity. The duo also allegedly stole KSh 2.88 million from
NIC Bank, though they secured their release after posting a KSh 700,000 bail.
Three
months later, Safaricom fell victim to Forkbombo’s tactics, losing KSh 3.6
million in stolen airtime. Investigators traced the attack back to Mutuku, who
later faced additional allegations of fraudulently topping up his phone with
KSh 20,000 in airtime. WhatsApp conversations between Mutuku and an associate,
Paul Nderitu, were submitted as evidence, despite Mutuku’s attempts to
challenge their admissibility in court.
Expansion
and Ultimate Downfall
In
2016, Forkbombo reportedly merged with another cybercrime group, Grapzone,
which specialized in supermarket fraud. By forging receipts, the gang
collaborated with store employees to illegally acquire high-value goods such as
digital televisions. While the exact sum stolen by Forkbombo remains uncertain,
experts estimate losses exceeding KSh 400 million between 2013 and 2017.
By
this time, Forkbombo operated like a well-structured corporation, complete with
financiers, a CEO-like figure in Ogalo, and mid-level managers such as Mutuku
and Mwangi overseeing hacking operations.
The
group commenced 2017 with bold ambitions, executing a heist on the Kenya Police
Sacco that netted KSh 50 million before attempting to breach KRA’s systems. The
latter plan involved planting an insider’s laptop within KRA’s server room to
gain access to tax records.
However,
the heist caught the attention of detectives, leading to increased scrutiny of
the gang’s activities. Investigators leveraged information obtained from two
American nationals, Larry Peckham II and Denise Huitron, who had traveled to
Kenya and were believed to be associated with Forkbombo.
In
March 2017, multiple members—including Ogalo, Mutuku, Langat, Wambugu, and the
two Americans—were charged with orchestrating fraudulent transactions that cost
KRA KSh 3.9 billion. Also implicated were Lucy Katilo Wamwandu, Kenneth Opege
Riaga, James Mwaniki, Gilbert Kiptala Kipkechem, and Joseph Kirai Mwangi. The
case remains ongoing.
Following
the KRA debacle, Mwangi took the reins of Forkbombo, rebuilding the syndicate
with a fresh team of hackers. He enlisted Erick Dickson Njagi, Godfrey Gachiri,
and Erickson Macharia Kinyua, alongside four newcomers—Dedan Muchoki Muriuki,
Samuel Wachira Nyuguto, Damaris Njeri Kamau, and Steve Maina Wambugu.
The
gang expanded its operations to Rwanda, where they recruited additional
members, including Ugandans and Rwandese nationals. The Kenyan faction focused
on developing hacking software, while local recruits handled cash withdrawals.
In
November 2019, Rwandan authorities arrested 12 Forkbombo members attempting to
hack into Equity Bank’s mobile money system. Two weeks ago, all 12 were
sentenced to eight years in prison.
The
Mechanics of Their Fraud
Forkbombo’s
sophisticated techniques allowed them to siphon money from bank accounts while
evading detection. They developed software capable of transferring funds
seamlessly, bypassing security protocols without alerting account holders.
Collaborating with mid-level banking staff, they gained system access and
executed their heists with minimal risk.
Next, Read How they did it, and how they werecaught. The scam was sophisticated yet so smooth that it would take days before anyone noticed that a robbery had occurred. The hackers would script complex software that can move money from any bank account to a destination of their choice, without raising any red flags within the lender's system or alerting the money's true owner. The crooks would then enlist mid-level staffers at a targeted bank, and share the software.
bwasuna@ke.nationmedia.com
Comments
Post a Comment