A recent report revealing alleged cyberattacks by China on Kenya’s government has sparked significant concerns about the nation’s cybersecurity infrastructure. The Reuters news agency disclosed that Chinese hackers had targeted key ministries and state institutions in Kenya since 2019, coinciding with the country’s mounting debt to China.
With China being Kenya’s largest foreign creditor and an active financier of various projects, including the notable Nairobi Expressway, questions about the security of Kenya’s systems have been raised. The nation’s external debt stands at $34 billion, with a significant portion owed to China. This revelation has led many Kenyans to question the country’s preparedness to defend against similar cyberattacks.
Experts in the field, such as Ferdinand Ragot, an IT expert and ethical hacker, suggest that the possibility of Chinese hackers infiltrating the systems is not implausible. Ragot believes that such attacks could serve as a demonstration of political power or a means to gain access to confidential state information. He further explains that while identifying the hacker’s origin might be challenging, tracing the attacks back to a specific country is relatively easier.
The reported cyberattacks aimed to obtain information about Kenya’s foreign debt and repayment strategies, contributing to growing concerns about China’s “debt-trap diplomacy” tactics. China’s lending terms to developing countries often lack transparency, with borrowing nations pressured to prioritize repayment to Chinese state-owned banks over other creditors. The 2017 discovery of bugs at the African Union headquarters in Addis Ababa, which revealed data breaches involving servers in Shanghai, highlights similar concerns about China’s involvement in cyber espionage.
In response to the allegations, China’s embassy in Nairobi has denied any involvement in hacking Kenyan government files, labeling the claims as “far-fetched and sheer nonsense.” The embassy emphasizes China’s opposition to cyberattacks and theft and states that attributing cyberattacks to a foreign government requires solid evidence.
The mixed reactions among Kenyans range from calls for improved employee training and cybersecurity measures to skepticism about the authenticity of the report. Some question why China would need to resort to hacking when much of the information is publicly available. Nonetheless, the discussion underscores the importance of bolstering Kenya’s cybersecurity capabilities to safeguard national security and protect against potential cyber threats.