Tweets Shouldn’t Get You Killed — rather code than coffins
Discussing with Ian on how targetting is done in Meatspace.
With that — we decided to do a blog on Cyberops,
and how they could save lives, because it did before.
Okay, let’s start with the problem.
The main issue right now is that the Kenyan IC lacks real Cyberwarfare
and Cyber Operations capability.
Most personnel fake the know-how — borrowing heavily from known outdated
IRGC tactics from back in the days after Stuxnet (Operation Olympic Games).
The Agencies’ heads keep hiring friends, cousins, and neighbors,
which kills any chance of innovation or serious infrastructure development
to support national security. So when something mission-critical drops,
they flop — falling back on public tools, scraping OSINT,
and pulling data from Telcos and MNOs, even using court subpoena,
just to try and piece together required field intent.
The current status of ops
Once the target is captured, what happens to the target depends on how emotional
the complaint was — or how personal it feels to the boss calling the shots.
Now, the problem with going full meatspace to grab these guys after geo-location
ops is that it exposes everything, CTR aside (Close Target Reconnaissance).
The world sees exactly what’s happening.
And let’s be honest — CAPTURE/KILL tactics are meant for ground warfare against
insurgents or terrorists, not regular citizens. It puts the intelligence
community (IC) and the presidency under a harsh spotlight, dragging their
secret policies into the open when they were never meant to be seen.
That’s why the current government is loathed by most Kenyans — except for the
small circle benefiting from the chaos, whether through career boosts or payouts.
Hence the nickname 'YamuneFC' on socials.
What they don’t get is this — tracking youth through their phones,
then capturing — or worse, killing them, exposes the government’s
entire playbook in the worst possible way. And it needs to stop.
It’s made the presidency look paranoid, insecure, and bloodthirsty.
That image doesn’t just stay local — it travels, and it stains.
If you’ve been watching closely, these types of Smash and Grab ops
started ramping up post-2018, right after Kenya’s cyber capabilities collapsed.
Cybercom, which was housed under MOICT, got shut down after political interferences
poisoned the well. That move was a massive step backward — for the nation.
Because when it was still running, Cybercom actually supported the state’s
security response — especially when threats popped up from the information space.
Whether it was a rogue influencer or a coordinated smear network,
or a penetration by an adversary, it was easier for a CS or PS to quietly
loop in Cybercom for containment — without ever laying a finger on the target.
Cyber meant precision, it always does. It kept everyone in the shadows.
It did mean that the government would not blow things up in meatspace when they
actually didn’t have to.
Presenting Project IrisScholar and Operation SaveHome at African Hackon
We’d already built real capability back then.
Take Operation SaveHouse and Project Iris Scholar as shown above — two ops we discussed
recently at AfricanHackOn conference. These efforts saved lives.
Young lives... like literally.
Because once the heat came down on hackers linked to Anonymous Kenya groups,
there was political pressure to round them all up.
But we had already shown we could write custom CNO weapons,
run full-on penetration, do proper collections — everything from
COMINT to SIGINT — against domestic and foreign targets.
And when required, we could even execute disruptions and
full destructive ops across an enviroment.
After the execution of a Destructive Implant, the OS crashes just before reboot
If the user tries to boot the targeted box, this is the image they get
In any case, these were supposed to go into a large infrastructure before the 2018 handshake.
Weapons were set, CNE was in and deep on every target.
Action month came — and I still remember one moment that stuck with me.
There was an active disinfo network pre-2018 handshake, spewing hate daily.
It was mad crazy. We had already given options after deep CNE.
The President looked at it, then turned to us:
“If you wipe their infrastructure, how long will it take for them to recover?”
We knew — it would be years. The CONOP was ready. COAs had been revised.
But the leadership paused it — not because we couldn’t do it — but because hundreds
of people would lose their jobs. So instead, we pivoted to deep collection as follow-ons.
Then the shift happened.
Cybercom was scrapped. The meatspace ops began. That’s when the Yala River killings
started surfacing, and more abductions followed into 2024 and 2025.
What replaced cyber containment was brutality: people kidnapped or killed over tweets,
comments, memes.
Zero nuance. Just brutal force.
And now? The government’s out here trying to buy foreign cyber tools like
that’s going to fix anything. Worst advice the IC can give to leadership.
It’s a total clown move. Buying spyware from abroad exposes your game.
Platforms see it coming. PSPs get patched. The tools stop working.
And you’re back to scraping OSINT — which barely scratches below the surface.
That’s RUMINT-level collection, not even real SIGINT especially if you are scraping off socials.
So, what works? Building in-house capability. Always.
A class screenshot, when training operators on how to build Weapons and other CNO Tools for a CT operation
That’s how you gain the upper hand. That’s how you prep for long-term ops.
That’s how you create asymmetric dominance.
Example: Iran — after years of corruption — they figured it out.
And that’s when we saw MuddyWater, their first true CNE toolkit.
Built by IRGC contractors, tested, deployed. That’s the path.
The first version of MuddyWater with code leaked online.
The Iranians were still learning, that's why everything was on a higher language
But let’s be real — this stuff needs geeks. People who can burn hours crafting code,
researching infrastructure, building tools from scratch.
Not some hire-your-cousin operation. Not some conference-watching, copy-paste crowd.
You need real CNO devs and Operators. Engineers who speak in r00t, sleep in code,
and love their country enough to dedicate their lives to build real shit.
That’s what Cybercom had. And that’s what Kenya needs again.
A fresh start — especially after we reset the nation in the next election.
