Ugandan businessman Ronald Nsale charged with hacking Safaricom systems

file photo:Kenyan Morgan Kamande (left) and Ugandan Robert Nsale (right) before a Milimani law court in Nairobi.

A Ugandan businessman has been arraigned in a Nairobi court and charged with unlawfully accessing Safaricom’s protected systems without authority.

Ronald Nsale is alleged to have committed the offense on diverse dates between 1st December 2016 and 30th march 2017 at Kilimani jointly with others not before court.

The accused denied the charges before chief magistrate Francis Andayi and was released on a cash bail of Sh200, 000.

The magistrate ordered that the passport of the accused person be deposited in court as additional security.

The case will be heard on May 23rd 2017.

It was alleged that on diverse dates between January 20th and March 30th 2017 an IT expert at Safaricom Headquarters noticed suspicious attempts to access the Safaricom network remotely from pone of their stuff member, Martin Kabucha’s sim card remotely.

The IT expert James Yogo tried to enquire the malpractice from the said Kibucha but he denied having tried to access the systems remotely.

The matter was reported to the Senior Manager Fraud investigation unit Eric Mugo who took up the matter and revealed audit logs from security monitoring systems.

Mugo confirmed the user Martin Kibucha had made several attempts to access the system and upon further forensic analysis it was established that the Safaricom sim card was registered by one Edward Migwi Waweru who was not a member or Safaricom staff.

The matter was reported to Parliament police station and investigation commenced where the accused was traced to Kilimani and arrested.

The accused confirmed to have been given the said sim card by Morgan Kamande and led the investigation to his arrest to kileleshwa area.

However, Kamande denied having given out nor procuring the said sim card. Later the accused changed the story and said the sim card was given to him by a watchman and he could not recall.

After the accused was arrested, his Mobile phone and laptop among other internet connections were taken on inventory and later handed over to DCI cyber-crime unit for further analysis which revealed the extent of the access the accused had done.

On further investigation it was established the suspect had put in a proposal for penetration training in response to a request for proposal from Safaricom to Price Waterhouse coopers (PWC).

He had been had put in the said proposal among other trainers by PWC and he had been recommended by George Wahome of PWC since he knew him by working together in Earnest & young limited in Uganda.

After agreeing to be part of trainers from PWC the accused is believed to have started the trials on unauthorized access of protected systems and penetrated as per cyber-crime report and the opinion report from safaricom IT expert.

The accused and the Kenyan Morgan Kamande were arrested last month and brought to court under two miscellaneous applications.

The first one was with the DCI who sought to have the suspects detained in order to investigate them on allegations of unauthorized access to Safaricom’s protected systems and were granted three days.

However, the two were arrested again by Anti-Terror Police Unit (ATPU) who sought 30 days to investigate the mobile number that was being used to hack Safaricom as it was alleged to be used by terrorists for cyber-crimes  in the country.

ATPU was granted the 30 days but they however never brought any terrorism cyber-crime charges against the two.

Further, at the end of the investigations, the police never procured any charges against the Kenyan Kamande who was alleged to have given the sim card to the accused person thereby closing his file.