The long arm of the prisoner: social engineering from Kenyan prisons

Thursday 29 September 2022, 10:00 - 10:30

THIS PRESENTATION WILL BE GIVEN REMOTELY

Patricia Musomba (iHUB)
Tim Dagori (iHUB Nairobi)

Prisons serve four major functions: retribution, incapacitation, deterrence, and rehabilitation. Retribution is achieved by depriving criminals of their freedom and incapacitation through the removal of criminals from society so that they can no longer hurt innocent people. While serving sentences, prisoners go through rehabilitation programs to turn them into law-abiding citizens and deter any future criminal activity. However, with the advent of technology, all these four functions are impeded since prisoners can gain some digital freedom to perpetuate criminal activities through smuggled mobile devices.

Using social engineering, Kenyan prisoners have utilized mobile phones to defraud free citizens of their hard-earned money. While this has long been the case, a recent uptick in scamming incidents has drawn the attention of the media, the government, the security community, and the general public. Over time, the scams have become more sophisticated. For example, in early 2022, a prisoner serving a life sentence at Kamiti Prison confessed to scamming a job applicant of Ksh 800,000 by impersonating the Defense Cabinet Secretary.

Through an in-depth investigation of data posted on social media and news sites, this research reports on the social engineering strategies used by convicts, such as baiting, pretexting, vishing, and smishing. It also recognizes the telltale indicators, such as instilling anxiety and a sense of urgency, as well as requesting sensitive information like mobile money PIN numbers. Finally, it presents ideas on how to minimize the expanding threat.

• Download paper for this talk

Patricia Musomba Patricia Musomba is a digital security associate at Cocreation Hub Nigeria and iHUB Nairobi where she implements digital resilience programs for at-risk communities such as human rights defenders, civil societies and journalists. Her domain knowledge spans network security, security assessments and audits, and cybersecurity training. Patricia is passionate about cybersecurity awareness training, having implemented security training programs for various targeted audiences. Her most significant training was with the Commonwealth of Learning, where she developed cybersecurity awareness courses for teachers and teacher educators. She gives back to the security community by volunteering as a mentor and trainer with SheHacks Kenya and Accessible Online Security, a Mozilla Open leaders Project. She has presented at TechWeek 2019 Nairobi. She holds various industry certifications such as Certified Ethical Hacker (CEH), Cisco Certified Network Associate (CCNA), and Cisco Certified CyberOps Associate.

Tim Dagori Tim is a process geek working at the node where business, government, public policy and the law meet technology and innovation. He is a seasoned technology, media and telecommunications (TMT) lawyer, public policy and government relations expert. He has a keen interest and demonstrated experience in technology policy, intellectual property, data protection, privacy and digital rights, digital resilience, and internet governance. Currently, Tim is the Practice Lead, Technology and Society Practice. He is a member of the Oversight Group of the African Internet Rights Alliance (AIRA), a 2021 Kenya School of Internet Governance Fellow and an active member and contributor of the Internet Society and African Digital Rights Network.

Back to VB2022 Programme page

Other VB2022 papers