DCI Kenya Official X Account Hacked

The official X (formerly Twitter) account of the Directorate of Criminal Investigations (DCI) Kenya has fallen victim to hackers, who appear to be using the platform to push a cryptocurrency scam.

The account, which typically disseminates security and law enforcement updates, has been posting content promoting a dubious crypto scheme, alerting followers to potential fraud.

The breach was noticed when the DCI Kenya account deviated from its usual posts, instead sharing details about a cryptocurrency investment opportunity.

One of the messages posted on the account urged local media to support the launch of a blockchain project, while another promoted the distribution of tokens in exchange for likes and retweets.

DCI confirms the hack

However, the DCI seems to have regained control, as the posts have since been deleted.

The DCI has since issued the following statement regarding the hack on their X account:

“For some moment this evening, we experienced a cyber-attack on the DCI digital platforms (X and Facebook), but have since regained full control. During the short period, the cyber criminals who attempted to take over the accounts posted the information captured on the screenshot below.” The statement reads.

During the brief period when the accounts were compromised, the hackers managed to post misleading information, which was captured in a screenshot and referenced in the DCI’s statement. The DCI explicitly clarified that this information was “FAKE” and did not originate from them.

“The information is therefore FAKE and not from the DCI. A scrupulous interrogation into the criminal activity has been activated to bring to book the perpetrators.” It added.

This marks another high-profile case of cybercrime in Kenya, following closely on the heels of a similar attack on the Kenya Broadcasting Corporation (KBC) account just last week.

In the KBC incident, hackers not only took over the account but also swiftly changed the handle to “DeepseekOnSoI”, named after the AI chatbot DeepSeek, which mimics the functionality of well-known AI like ChatGPT. This rebranding was evidently an attempt to leverage the chatbot’s recognition for misleading potential investors.

This incident is part of a growing global trend where high-profile social media accounts, including those on YouTube, X, and other platforms, are hijacked for similar fraudulent activities. Cybersecurity experts have long warned about the increasing sophistication of such scams, where attackers often rebrand accounts to impersonate well-known entities or celebrities to gain trust and credibility.

Scammers would also hold the accounts until they’re paid. Ransomware is common especially with big corporates that are targeted by hackers and part with millions.

How Crypto scams works

According to cybersecurity trends, the attack method often involves phishing emails or malware designed to steal session cookies. This allows hackers to bypass even two-factor authentication measures. Once they gain control, the account is used to broadcast live streams or posts promising high returns on cryptocurrency investments. However, the funds ultimately disappear into the hands of the scammers.