Chebukati denies claims IEBC systems hacked
The Independent Electoral and Boundaries Commission (IEBC) has denied claims by the Directorate of Criminal Investigations (DCI) that a fraudster recently hacked into their database and retrieved personal details from the voter registers.
IEBC chairman Wafula Chebukati on Sunday, July 18, 2021, also distanced the commission from the arrest of a 21-year-old suspect and a former telco staff on accusations of hacking into the IEBC database.
Chebukati confirmed the commission stores voter registration data in a Biometric Voter Registration System which is hosted on several servers.
He added that the servers have no connection with the open internet and would therefore be very difficult to access without permission.
“The BVR system has been designed to have its own isolated network, set of servers, as well as user account directory to ensure integrity, confidentiality, and high availability,” read Chebukati’s statement.
“Since the installation and commissioning of the system 8 years ago, the BVR system that hosts the register of voters used during elections has never been hacked because the servers are not connected to the open internet,” clarified the statement.
He further explained that the data could have been possibly been obtained from entities that may have legitimately obtained the register from the Commission through a formal request.
“The Commission services numerous requests by various entities requiring register of voters from specific electoral areas. These requests are serviced upon payment of certain fees and in accordance with privacy laws requiring personally identifiable information to be kept confidential,” he said.
The suspect and his syndicate had been suspected to have hacked into the IEBC database and obtained personal information belonging to 61,617 registered voters in a county in Western Kenya.
DCI had also reported that the individual is suspected to have been running a mobile phone hacking syndicate.
The 21-year-old is said to have randomly called users and convincing them that they were the wrong owners of the said SIM cards.
He would pose as an M-Pesa customer service representative and would trick unsuspecting victims into dialing random codes.
He would then gain access to the victim’s accounts after successfully swapping SIM card details and thereby stealing information and money from the victims.