Kenyan Hacker with a mission to correct costly omissions

Posted In Cyber Security, Security, Technology - By admin on Wednesday, June 12th, 2013 With No Comments »
 Fred Wahome of Secunets Technologies at one of his offices in Nakuru. “It is laughable when a major suspect is apprehended and the police ask him to help them access his own laptop.

Fred Wahome of Secunets Technologies at one of his offices in Nakuru. “It is laughable when a major suspect is apprehended and the police ask him to help them access his own laptop.

Had Fredrick Wahome been driven by greed, he would be raking in more than Sh2 million hacking into companies’ and banks’ systems, not the Sh1 million that he and his three partners make every month.

The 27-year-old software engineer is the managing director of Secunets Technologies Group, an information technology company that specialises in data security.

He and his colleagues have been contracted by banks, insurance companies, and revenue authorities from as far as Rwanda, Uganda, and Zimbabwe to make their systems impregnable to hackers.

Wahome lists the Bank of Kigali and the Ugandan Revenue Authority, as well as Kenya’s Bamburi Cement, as some of his regular customers.

For a five-stage process of securing a system from electronic intrusion, normally a month’s job, Wahome charges between Sh200,000 and Sh1 million, depending on the load.

He and his two partners also own a tourism side business and an online computer school, into which they plough their profits after splitting their earnings.

The online school, East Africa School of Computer Security and Forensics, has seven students who pay Sh20,000 to participate in a computer forensic competition at the end of their course.

“Many people think I am bluffing when I tell them I can get into their networks… until I give them a screen shot with a date and time to prove that I have just done that,” Wahome says.

He adds that his company’s viability is secured by lack of corporate discipline in many organisations to ensure that they are safe from attack.

He says: “There is no adequate training of employees on simple issues such as the fact that an image or hyperlink in their email may have scripts that can relay crucial information about the organisation to a hacker.”

After completing an assignment, he conducts a “health check” on the system. This entails hiring an external and equally competent hacker to conduct an external “penetration test”.

“If he manages to penetrate the system, I start the process all over again,” he says.

Secunets also develops payrolls and point-of-sale systems.

The company has five permanent employees and two branches and is planning to open a free school in Nakuru County to act as a hub for scouting for talent and training people to make money using technology.

Wahome’s tales of what his work, which he describes as curative and preventive, entails would scare many companies.

“Competitor companies could pay a fortune to unethical hackers to acquire a rival group’s information, such as marketing plans of upcoming projects, personal details of shareholders, and payrolls, among other details… this kind of misfortune is what we try to prevent.”

While still in school, he developed a passion for information security and taught himself when he was introduced to the course in his third year at university.

He learnt how to penetrate systems such as the university’s examinations server, wreaking havoc regularly in the administration.

After graduating from Maseno University, Wahome was employed at Kenya Data Networks as a network engineer with a monthly salary of Sh50,000. He says he felt “under-employed intellectually” while in formal employment.

In May 2010, with one month’s salary, he registered his company and its website domain and paid an instalment for the rent of an office in Nairobi.

“It was tough being without the guarantee of a salary,” he says.

Wahome remembers his first job, which involved automating a hardware company’s check-out system. He says it was too much work for a mere Sh40,000.

In his free time, he would try to penetrate systems to “see how smart he was” and he was surprised at how easy it was to hack into various banks’ networks.

Rubbished his claims

When he approached the administration of a certain bank and offered to help, the IT manager rubbished his claims, terming him “greedy and one looking for fame and money”.

“He asked what qualifications I had compared with all the professional certificates from international software engineering institutes that he had.”

Barely a week later, another hacker intercepted the bank’s electronic funds transfer.

“The manager called me, saying he was ‘too busy’ to handle the hacking and, therefore, he needed my help.”

Secunets has received many referrals, both local and international.

Wahome plans to volunteer his services to train Kenya’s security personnel on forensics.

“It is laughable when a major suspect is apprehended and the police ask him to help them access his own laptop,” he says.


About -