Dark Web & Kenya: Assessing the Risk to Local Businesses

Executive Summary

Sensitive, personal and corporate information has been sold on the dark web as a result of recent hacks in Kenya that revealed serious flaws in the nation's data protection infrastructure. A report by the cybersecurity company Recorded Future, claims that the Chinese hacker collective RedJuliette, targeted over 24 government organizations in different nations, including Kenya.

According to an article, cybercriminals cost Kenya 3.6 billion shillings in 2022. After hackers gained access to their bank accounts, the majority of those impacted were Saccos and commercial banks, who lost billions of shillings. The proof of these breaches is compiled in this study, which also offers suggestions for improving cybersecurity for company owners.

Introduction and Background

Websites that are not indexed and are only reachable through specialized web browsers are referred to as the "dark web." The dark web is a subset of the deep web; however, it is much smaller than the little surface web.

Creation of the Dark Web

• Does not have surface web indexing.
• The "Virtual Traffic Tunnels" are created by randomized network infrastructure.
• Traditional browsers cannot access it because of the registry operator.
• Disguised by firewalls and encryption, two types of network security mechanisms.

Data and Analysis

Evidence of Data Breaches:

• Kenya's Business Registration Services (BRS) cyber-attack

In 2025, (BRS) experienced a major data breach, exposing private company information to the public. The attack, believed to be an internal sabotage attempt, led to the downing of the online database and the loss of financial records for companies in financial distress.

• Kenya's Micro and Small Enterprise Authority (MSEA) hacking

In December 2024, a hack of Kenya's MSEA exposed private government and organizational information on the dark web. The data was put up for sale on dark web forums after the breach took advantage of IT flaws, raising questions about data security.

• Kenya Airways data breach

Customer data was stolen as a result of a ransomware attack by RansomExx against Kenya Airways in late 2023. After the airline declined to pay the ransom, the attackers uploaded private data to the dark web.

Key Findings

Difference between Dark web and Deep web

Deep web: Unindexed content accessible via search engines, including medical records, fee-based content, membership websites and confidential corporate pages.
Dark web: Intentionally hidden, requires Tor browser, estimated to be around 5% of total internet.

Growth of the Dark Web and Cryptocurrency
The dark web, fueled by bitcoin, enables anonymous transactions, but it also attracts scammers and thieves. Despite features like ratings and forums, these sites lack quality control and can be easily manipulated. The price of stolen data fluctuates with market changes.

Recommendations

• Strengthen cybersecurity: Implement robust security protocols, update software and limit unauthorized access to sensitive data.
• Implement Dark Web Monitoring: Use tools to detect leaks of sensitive information and set up alerts for mentions of organization's domain names, employee credentials or financial information.
• Implement Data Protection Measures: Comply with Kenya's Data Protection Act, obtain explicit consent for data processing and use, and implement strong encryption methods.
• Provide Employee Training: Regularly provide cybersecurity training to raise awareness of potential threats and data protection best practices.
• Develop an Incident Response Plan: Address data breaches, conduct regular security audits, minimize data collection, maintain transparency and comply with Kenya's Data Protection Act.

References

• Nation media

• CSO

• KenyaCyberSecurityReport2020

• Techpoint

• Business Daily

• Kaspersky