Last week a social media activist, Martha O’Donovan, was arrested for a tweet that went out in September 2017 that is said to have denigrated the President of Zimbabwe as well as for having set up organisations that are aiming to “subvert a constitutional government through masterminding a social media campaign to overthrow the government by unconstitutional means”.
That our government can be overthrown through WhatsApp, Twitter and Facebook (WTF in short!) don’t say much about us and our security but something more interesting is the way the Zimbabwe Republic Police managed to get to O’Donovan.
According to court documents that have been widely shared online, the police managed to get an I.P. address from where the Twitter account @Matigary was tweeting from and proceed to the internet service provider, in this case, ZOL, and asked for details about the user of that I.P address on a particular day.
Not to digress too much, I suspect that the police did not reach out to Twitter to get the credentials of the @Matigary account holder, but however, may have used a web URL to decipher who had access to the account. Basically, what may have happened is someone on the Government’s end sent a direct message (DM) to @Matigary on Twitter, trying to get them to click on this link. When the link was clicked on, Government operatives were able to see what I.P. address clicked on the link, what device the person clicking on the link was used together with what operating system.
I say DM because it would be foolish for them to tweet at or tag @Matigary and think that any click on that link would be from that account because if it was public, anyone could click on it.
Armed with this data the police sought a court order that they could use to track down the source of that click (I suspect) and their investigations led them to ZOL officers.
Information from Techzim sources at ZOL confirm that there was an enquiry last week from the police regarding Twitter activity and standard practice from the internet service provider is to give as limited information as is necessary.
What is suspected is that ZOL confirmed the address of the user who was allocated the said I.P. address on a given date, as well as broad activity (ZOL can track the websites you visit but can’t see what exactly you do on those websites). They may also have been able to advise what devices accessed the internet from that connection and for how long. A log of websites visited may have been surrendered.
Information we have is that earlier in the month O’Donovan made a complaint to ZOL about her data finishing faster than it should have, suspecting that perhaps someone else may have had access to her account. Disappearing data is an issue in Zimbabwe though, so it may not have been an external user.
ZOL probably does not know what Twitter accounts you own and manage, neither does any local ISP/IAP. This data will have to be sought directly from the social networks, like how the Zimbabwe government sent a team to the US to go “ask Facebook” about Baba Jukwa’s credentials.
They came back with a suntan and empty-handed.
Alternative Conspiracy Theory
Law enforcement recently had a run in with MotoRepublik, the creative space where Magamba TV, OpenParlyZW and BustopTV are housed. From this event, the government may have been alerted to their activities and kept a watchful eye on them, maybe being suspicious that there was an American citizen working with them.
Magamba TV are the makers of the satire show ‘The Week‘ and their jokes on video could have stepped on a few toes.
Subsequently, the government may have tracked down credentials for O’Donovan and sent her a link that after she clicked on, resulting in them accessing her I.P. address, which they then took to ZOL.
And this is what may have got us here.
Conclusion
The court case will be interesting to watch and see what facts the government will put on the table to prove that O’Donovan has access to the Matigary Twitter account, as well as how Magamba TV and OpenParlyZW were going to overthrow the government.
Have you got any details to this matter and may make it clearer? Please advise in the comments below if you know (or think) could have happened to get us here.
31 comments
So she did not use TOR ? Your report elsewhere says she was using TOR ? And here you are saying the report has an IP address which eliminates use of TOR.
Yes, in our first article there and most recent there is mention of the TOR browser, but they also mention an I.P. address that’s linked to ZOL.
It is rather strange how they could pick up the Zimbabwe ip address and yet in the same sentence state that she was using TOR
Why not just wait for the issue to go to court and the state will explain their case and evidence as is required by law? All that you have done is drag ZOLs name through the mud through conjecture. Whatever conclusions you draw here have no bearing on the court proceedings, but they do affect the ZOLs name. Maybe they were involved, maybe they weren’t, let the facts define that.
ZOL should have followed the Apple example…….i think it will lose many subscribers
True
The Apple example whilst operating from Zim???? If Apple was in Zim they would have done what ZOL did.
bad move ZOL
Hahahahahahahahaha @matogary account is not enabled for DM ???? so they did not send a link to it most definitely
Sadly this is not the case. It is. You both need to follow each other.
if this is true, then might be time to leave ZOL
ZOL has no chance against Zanu PF goons pretending to be the government. Also Martha was careless when she used her IP address without Tor or a VPN. A recent case took place in the US when a stalker used Nord VPN. There were caught because they let their guard down.
That is still wrong, she was grassed by someone she works with.
Let me tell you how wrong your assessment is!!
IP addresses are either public or private. There are billions of private ip addresses to use, but they are used privately, which means they are not accessible from outside to pinpoint one’s location.
Public IP addresses is what is used to pinpoint someone location on the internet, but there is only one major problem: public ip addresses ran out a while back, so there is nothing to give to each individuals who access the internet.
That means this lady didnt have a direct public ip the police can track her on.
Furthermore, ZOL uses NAT to preserve scarce public ip addresses which is called carrier class grade nat. This means all the access points or router they give out to customers are all using private ip addresses
I stand to be correct but claiming that they tracked her via ip is being used to hide her work mates who snitched on her.
Zol doesn’t use CG NAT for other than wifi last i checked – i have fibre at home and my public IP is static to me…
It should also be noted that even with the use of CG NAT it is not impossible for IP history to be tracked – more difficult yes but not impossible – i wouldn’t want users that are behind CG NAT to get a false sense of security about this.
Is it true ZOL can track the actual websites we visit though?, last time i got a usage report from them it wasn’t that detailed, only at the protocol/application level like Bittorrent, Email, Web Browsing, they do seem to capture the big items like facebook/twitter/whatsapp/youtube etc but certainly not all the websites i might have browsed within that month
to me this whole escapade sets a worrying precedent within the wider context of the constitution (freedom of speech and expression???) and just shows how the ruling party is clutching at anything they can grab to try and manhandle and oppress the majority into submission, meanwhile Aluta Continua
I’m also surprised that the big Trump in US of A hasn’t jumped in and commented if only to deflect the attention from his other issues with the russians… we know what he has said about His Excellency on previous occasions…..
Yes; unless you’re on a VPN or using TOR. It is normal practice for ISPs to log the IPs you connect to, and mapping an IP-block to a website is trivial – especially if you’re using your ISP-provided default DNS server.
I had both indoor and outdoor units units using 10.10.×.× ip range, at one point l had YoAfrica using the same range plus my current Telone using the same.
I would love to see what the zol contract says about giving info to government agents, banks are clear about that, when compelled they will release info to government agencies. Otherwise ZOL yatove ZANU OnLine.
Your are wrong and i stand to correct you. They did track her via public ip address which leads to ZOL and Zol will then lead them to her because every Zol client is given a dynamic ip address whenever they login and Zol logs this data to say who used what ip address and when. Its that simple. The hectic part was how they got the ip address which is what the write explained.
They actually give static on their fibronics. If its dynamic then there is no case even if her mac address is reflecting on that ip address!
MacdChip , my guy, sit down.
ISPs are still dishing out Public IPs to individuals. ZOL for example, they are rolling out public IPs via their PPoE connections on their fiber, very few ISPs are using private IPs for their broadband services. I used to use UMaX WiMAX, Yoafrica ADSL & now on ZOL fibronics, all use/d STATIC public IPs, I can/cld RDP into my home desktop (wherever,whenever).
TechZim is on point
Im currently on TelOne adsl and it uses private range, same with when l was on YoAfrica, Zol and PowerTel.
Maybe that option is only available if you have fibre but not on standard copper adsl
Sit down MacdChip
Lol sit down for real, this is above your college grade
If you only knew…
Im not here to brag!!
seriously though, why are ZOL internals talking to Techzim about stuff like this. surely thats un-called for when there is an on-going investigation on this matter? especially without some kind of permission from upper management, or a formal statement? this all brings ZOL’s privacy policies into question
They are not revealing running configs are they?
The key takeaway from all of this stuff is that, online security and anonymity, is much like home security.
If someone is determined to scrutinize your usage, they will find a way.
Which leaves us with the same solution as home security, the only way to maintain your anonymity is to look less interesting than those around you.
With all due respect, that is a simplistic and cowardice advise!
I need more information on the IP address issue . Every time I log on I have checked and realized that my IP address will be different. When I checked on what has been happening on my previous IP address I found out that some downloads which I never did are indicated. How accurate is the tracing of an individual using IP addresses
The lawyers in Martha’s case need to step up their game and just argue that the state PROVE that she infact did what they claim. Public ip address or not, hacking WiFi has been a trivial affair since “KRACK” was released, has ZOL patched their routers ???
Did the GVT contact twitter to confirm the identity of the individual –
Even if ZOL gave her address up – whats stops a neigbour with the powers of google from hacking and using her connection.
The lawyers need to exploit any and all Loop-holes in this case and ask the GVT to PROVE IT WAS HER. . . . .
least we set a very BAD PRECEDENT for the future
Dot worry , this case has no legs in any court of law. hey just wanted her to suffer in remand!
ISPs are still dishing out public IP addresses. When they say IPV4 addresses have been depleted they mean from IANA and many regional bodies. ISPs still have a pool of addresses as they can re-allocate unused ones. Techzim is spot on, ZOL snitched on her but come on guys…no ISP in Zimbabwe would say no to our gvt, However I feel as a customer, ZOL should nicodimously warn me if that happens!