Clik here to view.
Unaitas CEO masterminded the Cyber Attack and covered it up.
Towards the end of 2017, Unaitas experienced a massive cyber attack, which saw thieves cart away KSH28M. This amount has never been verified; some people believe it is more while others believe it is less.
The story of the cyber attack began on a Monday when staff woke up to a massive cyber fraud via the mobile phone channel commonly called Mo Cash. Mo Cash is a product of Coretec, an IT firm that offers mobile banking solutions to Sacco’s via a USSD platform. The attack apparently targeted many Sacco’s and millions of shillings were stolen. At Unaitas, the figure fluctuated until finally it was placed at KSH28Million.
Immediately after the attack took place, Tony and Martin swung into action. First, they ensured everyone was shielded from any process that would since follow regarding investigations as to how the cash was stolen.
Martin even barred internal ICT staff from looking into the issue.
In that process, the two commissioned ‘friendly’ detectives from the Directorate of Criminal Investigations to look into the theft. The normal procedure would be officially reporting the matter to the DCI who would in turn assign officers to undertake the investigations. It is in this process that the friendly officers in cahoots with Martin and Tony undertook the investigations. The investigators were given access to the servers and all the necessary support they required including cash facilitations. At some juncture, the investigators were ferried late in the evening to Muranga office where Unaitas servers were housed where they spent better parts of the night trying to unravel what might have taken place.
Critical points to note here was that it took more than two weeks or so before Tony officially reported the matter to the board. All along as investigations were ongoing, the board was practically kept in the dark from the ongoing.
After days of investigations, the DCI officers produced a report that was basically a return to normalcy situation report.
Lets go back to the scope of the DCI officers when they were engaged to undertake the assignment. Assuming basic assumptions of what the scope would be in such a situation, what would be the objective of such investigations?
One, the first scope would be top identify the loopholes meaning that the officers were to identify how the money was stolen; Secondly, The officers were to ascertain how much was stolen; thirdly, the officers were to establish the recipients of the cash and track them down; fourth, engage preventive mechanisms from a repeat of the same and lastly, all this should have culminated in arrests and prosecution of culprits.
Believe it or not, none of the above happened. What was done, it is rumoured, since it has never been tabled officially to senior management, was a return to normal report. So how would that help the organization anyway? It came to happen that the issue was quietly swept under the carpet and that was the end of the story. The team working on the matter came to realize that the board did not further pursue the matter and it died a natural death.
Remember Edwin’s woes, since Tony failed to have him commit suicide by resigning voluntarily?
Having successfully suppressed the matter of the cybercrime, Tony and Martin sat back easy. At least for now, their threat was somehow diminished. In the build up to the August 9th doomsday, Tony had a lot of soul-searching to do. On his mind were several issues ringing. First, he was leaving the organization, he had played many of his colleagues at the senior management and to some extent to the middle management level.
What do we mean by playing them? Tony, remember, was a sly man. Indeed it is worth repeating that he was a very bad man. He pitied staff against each other and as part of his last moments at the organization he strived to scheme on how he would ensure he had a grip at Unaitas even after he is long gone. To this extent, there is evidence that he managed to convince the board that the best successor would surely be Martin. Why? Tony and Martin handled the matter of cybercrime alone. This means only the two of them knew what transpired.
At some point, they tried to influence Edwin to ‘sanitize’ the process by coercing him to undertake an audit of the loss. But Edwin is smart. He declined. But how can Edwin purport to audit a process where competent DCI officers who were paid to that matter had cleared and issued a report? What was Tony thinking when he was coercing Edwin to undertake this ‘audit’?
Remember the DCI investigators had cleared their work.
Unconfirmed reports show that the investigators managed to catch up on the culprits, and recovered the money and the proceeds shared by the players. Who were the players again? Tony, Martin, and the DCI Officers. This is apparent even after it emerged that among the Saccos that were hit was Police Sacco. However, Police Sacco had through their security apparatus and machinery managed to recover their cash. How can you steal from the police and expect to walk scot-free? Never.
So among the issues going on Tony’s mind as he exited was the fact that how would the issue of the cybercrime be handled after his exit. What if his predecessor came to revisit the issue, what would be the findings?
Clik here to view.
Former Unaitas CEO Tonny
And that is why Tony had to campaign for martin at the board and the best strategy, wait a minute, at this point it is emerging that the only strategy he had was that of hyena accusing his children of smelling like goat whenever they wanted to eat him. This recycled strategy has been the one that has constantly kept Tony and Martin on the game. See, these two chaps will never accord anybody a fair hearing, what they are good at is sneaking behind of their targets and maligning them to an extent that all their malice are bought as the gospel truth. There is an African proverb saying that when the alligator comes from the sea and says the crocodile is sick, everybody would believe.
So apparently as Tony left, he managed to secure the seat for Martin.
Martin was his accomplice when handling the cybercrime matter. To this effect, he desperately needed Martin more than ever. In fact, Tony’s life depended on Martins taking over as the CEO. Before leaving the scene, Tony ensured that he moved people left right and centre in order to cover any trail that he might have left behind. This clearly explains why Tony desperately wanted Edwin out of the way. Edwin is a competent auditor and his existence at Unaitas post-Tony was giving people sleepless nights. The issue of cybercrime was key on the list of uncomfortable issues that were haunting Tony.
Another area Tony wanted to be wiped clean without a trace was the procurement department. Tony had managed to champion the sacking of Abu who was the head of procurement since 2015. Abu has never made it easy for Tony to undertake his deals. Unfortunately, for Tony, Abu is said to have built a lot of evidence and documentation on all the shoddy deals. Tony can rest assured that this will follow him at some point maybe on this blog. If he is lucky to be reading this, then it is high time he starts running, we don’t know to where.
Tony ensured that he transferred all the staff from the procurement department. How did he do this? Refer to their old tired strategy of accusing hyenas of smelling like sheep. Of course, Tony had to accuse the procurement team of being members of a cartel. Interestingly, none of these allegations has ever been brought to any evidence. As such, they have always been left as corridor office gossip and mudslinging on people.
Clik here to view.
Martin – Left, Tony- Right
In September 2018, the board at a meeting held at a hotel in Two Rivers issued a resolution that the issue of cybercrime is revisited. The board’s resolution was crystal clear, that the CEO (By then Tony/Martin was the CEO depending on who came to the office first) Martin would sit in the CEO’s office in the morning while Tony would be sitting on the same position in the afternoon.
Even after the board passed the resolution on a Friday that a letter is written to Coretec and Safaricom to provide logs of Mobile banking since 2015, this was bluntly ignored.
Weeks passed until when the board chairman realized that Martin and Tony showed laxity in executing the resolution and took it upon himself to get court orders to compel the two companies to get the data required. In an interesting turn of events, the chairman of the board’s representative at the court reported the disappearance of the case file. This necessitated the case file to be reconstructed afresh. But with the attempts to sabotage the case right from the time the board instructed that a letter be written to no avail and the disappearance of the file clearly points out to some mischief.
It was until a board retreat to Kigali in November 2018 that martin was taken to task by the board on the status of the resolution regarding the issue of the cyber attack. It was at this juncture that Martin reported that he had written to Coretec to demand a refund of Ksh25Million. What mischief? First, the board resolution was very clear, the letter was to be addressed to Safaricom and Coretec demanding for logs of Mobile banking. Instead, Martin reports to the board that he has instructed Coretec to refund the Kshs25 Million.
Quick questions; Who instructed martin to demand for a refund, secondly, how did he know it was Kshs25 Million since all along the board had been informed that the amount of money lost was Kshs28 million. This clearly points out that Martin knew something. After all, he is the one together with Tony who handled the investigations together with the 2 officers from DCI.
Clik here to view.
Martin and Tony after the “Cyber Attacks”
In an attempt to bar the board from taking a resolution during the meeting at Two rivers, Tony had tried to persuade the board to invite one of the officers who had undertaken the investigations and who according to our sources had intimated that the gentleman by the name Hanington had long left DCI service and was now employed by one of the major insurance firms as a forensic officer. Tony’s heart raced, according to sources present at the meeting, Hannington failed to turn up and the board unanimously resolved to pursue the matter afresh giving the board chairman an impetus on the matter.
At the end of the meeting, secret investigators followed Tony who drove straight to Coretec offices located in Westland’s, where he spent a considerable amount of time before proceeding to the office.
This behaviour clearly shows the reason why Martin resorted to writing a letter demanding a refund of the cash rather than asking for the logs. As the saying goes the devil is in the details, the secrets of the cybercrime lie in the logs and attempt to have them have been frustrated including sabotaging the court process through the disappearance of the case file.
Sources at the Kigali meeting confided that when the matter came up, two board members who apparently have since been identified as the godfathers of Martin seemed upset on attempts by the board chairman in pursuing the matter by his own means. In fact, the two indicated through their actions that they did not support how the matter was being pursued. But this again opened up the eyes of other board members who have since started coming to terms with Martins’s appointment to the position of CEO.
From the above, it is clear that Tony’s push for Martin to be appointed Ceo was to cover up this and many other ills he had committed during his tenure as CEO.
Within the month of November 2018, Unaitas was hit with another cyber attack resulting in a loss of Kshs1.7 Million. If at all the first cyber attack was handled professionally, would there a repeat of several attacks?
Fresh investigators need to relook into the manner in which the previous investigations were conducted. Was the due process followed? Were the two officers from DCI engaged with clear terms of reference? Was the process of onboarding the officers legit? Why was Unaitas head of internal audit under whose jurisdiction such process falls under sidelined?
Why were Unaitas ICT teams kept in the dark regarding the investigations? Why were the investigations limited to Tony and Martin only? A school of thought would say that everyone else was being treated as suspects. But what logic dispelled the fact the two stand an upper chance of even being the key suspect? Remember Martin was heading Risk and Compliance while Tony was the CEO.
This makes them prime suspects.
The other articles have been pinned hereunder.
Facts, myths and misconceptions on the downfall of Unaitas SACCO – part 2 of 7
The UNAITAS SACCO great controversy: Exit Tony Mwangi, enter Martin Muhoho- part 3 of 7
As our series continues, in the next part, we will reveal how the 2018 “Cyber Attack” was handled by sacrificing small fish who later went to court and sued the collapsing Unaitas.
Keep it here
Would you like to get published on this Popular Blog? You can now email Cyprian Nyakundi any breaking news, Exposes, story ideas, human interest articles or interesting videos on: hello@cnyakundi.com. Videos and pictures can be sent to +254 710 280 973 on WhatsApp, Signal and Telegram.
Clik here to view.
