In the wake of viral hacking incidences in Kenya in 2010, the Directorate of Criminal Investigations (DCI) received many reports of companies and individuals who had lost money or crucial information to hackers.
The reports were becoming overwhelming to DCI, which had few experts in the field of technology equipped with enough skills to resolve the cases.
However, one officer was exceptional, Mr Calvin Otieno Ogalo. He, among other officers, was tasked to investigate and resolve the cases as soon as possible.
According to reports, Mr Ogalo was so good that by 2012 he had concluded almost all his investigations and had names of the best cybercriminals in the country.
However, instead of bringing them to book, he organised them into a lethal gang that would hack institutions and individuals seamlessly, stealing either money or crucial information.
He was discovered sooner than later, which led to his silent but unceremonious exit from the DCI as a crimebuster in 2013. Nothing much about his exit or the gang he had formed was reported then.
In his gang that later would be named Forkbombo was Mr Alex Mutungi Mutuku, one of the best hackers in the country. Others included Reuben Kirogothi Mwangi, Eric Dickson Njagi, Godfrey Gachiri, Erickson Macharia Kinyua and Stanley Kimeu Mutua.
Mr Ogalo roped in the services of insiders in targeted institutions and on top of it former Kenya Revenue Authority officers Edward Kiprop Langat, David Wambugu, Albert Komen and James Mwaniki.
Also in the gang were Henry Achoka, Duncan Bokela and Martin Murathe.
Investigations by cybersecurity group OnNet Africa found an email associated with the hackers in almost every hacking incidence, firstname.lastname@example.org.
One of the group’s major hits was in 2013 when they infiltrated the Judiciary’s system and requested National Treasury to approve Ksh80 million payment to several fictitious companies.
The payments would be flagged by CFC Bank (now Stanbic) which called Judiciary’s chief of finance Mr Benedict Omollo, but the money was already gone.
Later, Mr Achoka, Mr Bokela, Mr Mwangi and Mr Murathe of the Forkbombo group would be arrested and convicted seven years later, in January 2020.
One of the masterminds of the heist, Mr Mwangi, is currently serving a jail term in Rwanda alongside seven other Kenyans after attempting to Equity Bank in Kigali.
The Judiciary heist was neither the first nor the last, as the group would target other institutions, sometimes succeeding and other times being arrested. To them, being arrested was part of their job and they would pay cash bail and get back to work.
For instance, in 2014, Mr Mutuku and Mr Stanley Kimeu Mutua were arrested after hacking into NIC Bank and stealing crucial information and Ksh2.88 million. In this incident, they were demanding a total of 200 bitcoins (equivalent to Ksh6.2 million then) in exchange for the information.
The duo was released on Ksh700,000 cash bail. In three months’ time, Mr Mutuku was accused of infiltrating the Safaricom system and stealing airtime worth Ksh3.6 million.
Most probably he found a loophole in the Safaricom system, and a month later, it is alleged that Mutuku tricked the system to recharge his phone number with Ksh20,000 airtime.
Daily Nation reports that in 2016, Forkbombo is believed to have merged with another group of hackers, Grapzone, which had since 2013 been targeting supermarkets.
Forkbombo is believed to have stolen at least Ksh400 million between 2013 and 2017. though the amount could be higher than that.
Mr Ogalo operated like the group’s CEO, and sometimes used his connections in the security systems to bail ut the members.
It is believed that Forkbombo hacked and stole at least Ksh50 million from the Kenya Police Sacco in 2017.
The Kenya Police Sacco heist was so easy for them, and now they decided to loot KRA, through the help of two American nationals, Larry Peckham II and Denise Huitron, who were in constant communication with Mr Ogalo and even visited the country at one time.
In the heist where the taxman is said to have lost at least Ksh3.9 billion, Mr Edward Kiprop Langat (former KRA employee) is said to have been used to plant a laptop in the KRA servers.
Other suspects of the heist are Mr Mutuku, Mr Langat, Mr Wambugu, Lucy Katilo Wamwandu, Kenneth Opege Riaga, James Mwaniki, Gilbert Kiptala Kipkechem and Joseph Kirai Mwangi.
Forkbombo, through Mr Mwangi recruited more suspected hackers including Dedan Muchoki Muriuki, Samuel Wachira Nyuguto, Damaris Njeri Kamau and Steve Maina Wambugu.
Also a Ugandan and at least three Rwandans were recruited even as the group sought to create a hacking software, according to intelligence reports.