Revealed: How Kenyan hacker flew into the trap of US security agents
It was supposed to be an easy transaction. The kind drug dealers do in movies. Product in exchange of money and a handshake. Jeffrey Sila Ndungi’s connection in Texas, US had told him he had identified a person willing to buy one of his Treasury Cheques worth $76,000 (Sh7.6 million) for $40,000 (Sh4 million).
Having spent nothing for the federal document apart from his forgery skills and knowledge in IT, the computer genius took the next flight from Nairobi to the land of opportunity. What he didn’t know was that his contact was setting him up and the person who was going to buy his Treasury Cheque was a US federal agent.
This was in August 2016 and by then the 29-year-old already had a criminal case in court in Nairobi where he was accused of hacking into Multichoice’s DSTV signal and illegally selling subscriptions in Kenya and Nigeria. So lucrative were his activities that in 2013, just three years after graduating and at the age of 26, Sila had bought two planes and leased one to a flying school.
His two Cesna 172 planes bear the registration numbers 5Y CCN and 5Y CCO. A lease agreement signed by a Mr C Kigalo for the Kenya Civil Aviation Authority (KCAA) on November 26, 2013 shows 5Y CCN is being operated by Nairobi Flight Training Limited.
“The operation of the aircraft under the dry lease agreement between Nairobi Flight Training Limited and Sila Jeffrey Ndungi for aircraft registration 5Y-CCN, type C172, serial number 17271786 is approved with effect from the date of this letter,” says the lease agreement.
At the time of his arrest in the US, Sila also had as part of his possessions in Nairobi a Range Rover Sport and an Escalade. The Saturday Standard understands that the US government is trying to repossess his property.
He is however so secretive that despite making millions of shillings from hacking he has no online presence unlike his age mates. We had to get his picture from a 2015 police charge sheet.
Sila was first arrested on March 31, 2015 when authorities raided his residence at Executive Suite Estate house number 15 in South B, Nairobi and released him on a Sh10,000 bail. As the case continued he sued Multi Choice and The Kenya Copyright Board for accessing his house without a warrant and for malicious damage.
Repair his house
In court papers he claimed he used Sh1.9 million to repair his house after it was ‘vandalised’ by government officials. What the Kenyan police did not know as they thought they were prosecuting a low level digital TV signal hacker is that they had within their sights an international criminal being investigated in the US. But even with two cases in court, Sila took a flight to the US.
What he didn’t know was that US authorities had monitored him for some time and he was flying to a trap. Last week he was sentenced to 10 years in a US jail for defrauding the American government. On Thursday the High Court in Kenya threw away the case he had filed against Multi Choice while his criminal case continues.
“All the petitioner did was to note down what he considered to be the damages and asked the Court to grant them. He did not do anything or even try to prove them. The petitioner had the burden of proving his case on a balance of probability but did not discharge this,” said Justice Chacha Mwita while throwing away the case.
Court papers and correspondence between law enforcement agencies in the US obtained by the Saturday Standard show of an international criminal who was ahead of time.
It is emerging is that the 32-year-old was part of an international ring of fraudsters who steal identities of US citizens and use them to defraud the American government. Those who are targeted for identity stealing are mostly retired or dead American citizens. Their identities are then used to get access to tax refunds.
So entrenched is the vice among Kenyan hackers that the US government has a special unit whose role is to monitor cyber-crime emanating from IP addresses in Kenya. In 2015 US President Barack Obama also pushed Kenya to enact a cyber-crime law.
During Sila’s trial in America which lasted three days, Tenisha Manning, a Special Agent for the Criminal Investigations Department of the US Treasury said in a sworn affidavit that she was investigating thousands of similar fraudulent tax return filings emanating from computers in Kenya.
“These returns use social security numbers belonging to deceased individuals and attached fictitious Form W-2s reporting substantial wages. However many of the addresses and bank accounts receiving fraudulent tax refunds are located in the US,” said Manning.
The US Treasury cheque number 403471754321 with the amount $76,592.86 which the court heard was genuine had been sent to Cynthia H Short at PO Box 925, Uhuru Gardens, Nairobi.
“It was generated from a 2014 tax return electronically filed with the IRS using an IP address in Kenya,” says court documents in the case between the United States of America vs Jeffrey Sila Ndungi released to the Saturday Standard on request.
“Attached to the tax return was a 2014 form W2 from Aureis Radiology located in Omaha, Nebraskea that reported wages of $116,740.00 purportedly paid to Mrs Short,” says court papers. However Aureis Radiology told federal investigators that “Cynthia Short did not work for the company. Furthermore the company did not know Mrs Short.
So how did a Kenyan get access to a Treasury cheque issued to an American who did not work for the company claimed in the document issued by the US government? Furthermore how did the cheque authorizing payment of Sh7.6 million get sent to a Kenyan address?
A Treasury Cheque is issued by the US Department of Treasury for several types of payments. These include federal tax refunds, Social Security benefits, child support payments, veteran’s benefits and retirement benefits. A form W-2, a tax form issued by employers in the US and stating how much an employee was paid in a year.
There are no records
In order to receive a payment, for excess tax, the holder of the cheque presents a W2 as proof of employment.
Fraudsters however have devised a way of circumventing the system by filing fake tax returns using the details of deceased people and then applying for a refund. They then cash the cheques or sell them to third parties in the black market at lower prices.
Flamboyant businessman and Kenyan politician Don Bosco Gichana who is serving time in Tanzania was arrested for depositing US Treasury cheques amounting to $4,940,363 (Sh7.9 billion).
Don Bosco who ran a string of restaurants and a popular night club in Nairobi when he was still in his late 20’s shot to fame in 2007 when he gave ODM leader a Hummer for the presidential campaigns.
His cookie crumbled in 2013 when Tanzanian authorities arrested him as he tried to cross the border back to Kenya after visiting his colleague who was being held for money laundering. By the time of his arrest Don Bosco was also facing charges of stealing Sh100 million from Eco Bank and Fina Bank.
Two other Kenyans, Benjamin Kinyua and Thomas Ng’ang’a are currently serving time in the US for the same crime. Had Sila not been arrested as he attempted to board a flight to Amsterdam on September 11, 2016 at Los Angeles airport, maybe his he could surpassed Don Bosco Gichana’s levels.
A second class honours Bachelor of Electrical and Electronic Engineering 2010 graduate of the University of Nairobi (UoN), there are no records of Sila having ever practiced as an engineer in Kenya. But as early as 2012, law enforcement records in the US show that he was already in the Treasury Cheque forgery business.
However as with all criminals, their goose eventually gets cooked when they are at the best of their run. And so on June 27, 2016 Sila traveled to the US on a tourist visa to get connected to a buyer. What he didn’t know was that even his connect was also a government informer and all his meetings with him were being recorded.
“Who does the cheque belong to?” the undercover agent masquerading as a purchaser asked Sila, says court documents.
“The person is dead, they died a long time ago. There are a lot of people involved in this cheque that if I tell them something happened, they can kill me,” Sila replied during a meeting at a house in Dallas, Texas.
The federal agent then gave him $48,000 (Sh4.8 million) in cash. He also gave him $300 (Sh30,000) for creating a fake drivers licence whose details were to match those on the cheque. He was arrested two months later.