I remember a time when people could use Econet data for free. I may or may not have partaked. Some claim they can still use NetOne data for free today. The hacks that allowed/(allow?) for that involve tricking Econet/NetOne systems into believing one has an active bundle.
So, when I heard that some guy had been charged with hacking Liquid Intelligent Technologies Zimbabwe, I thought he had done a similar thing. Turns out, his was a different hack.
First things first, here is what is being reported:
Nyadziso Chiyangwa, a 27-year-old man from Chitungwiza, has been charged with hacking Liquid Intelligent Technologies and fraudulently transferring 1070 gigabytes of data valued at US$2 942.
He is also accused of fraudulently opening Fibre on the Go accounts and illegally connecting 82 users to the internet without the consent of Liquid Intelligent Technologies. Chiyangwa allegedly received US$10 from each of his clients on a monthly basis.
Siphoning 1070GB
The first thing that caught my eye was that 1TB of data is valued at $2,942 by Liquid. That’s about $2.73 per GB, which is a lot for fixed internet. I hate to bring Starlink into this but $24 gets you an uncapped package there, just saying.
Anyway, Liquid allows customers on capped packages to transfer data to friends. Let’s say you have a 150GB bundle in your Fibroniks account, you can transfer 50GB of it to someone else who has a Fibroniks account.
You go to My Account > My Transfers > Select the type of data transfer you want to make, enter the amount of data you’d like to transfer and then select the service you’d like to transfer to.
When you click PROCEED, a One-time password (OTP) will be sent to your registered email and/or mobile phone via SMS. You will need to enter the OTP to confirm the transaction.
You can see how someone with access to your account could transfer data out to whoever they want to. Hence Liquid keeps reminding you not to give your your account details to anyone.
What about the one-time password sent to your phone or email? – you ask. That should stop someone from finding your computer while you’re logged into your Liquid Home account and gifting themselves data, right?
If someone gains access to your Liquid Home account, they can edit your profile and change your phone number. Liquid will then send the one-time password (OTP) to the new number, which the person can use to confirm the transfer of data to their own account. Liquid should change this and send the confirmation code to the old number or to your email address before making the change.
Nyadziso’s hack
From the above, you can see how Nyadziso was able to fraudulently transfer data. He got access to the accounts of 117 Liquid customers and transferred their data to other Liquid customers, for a fee of course.
What is not clear is how he got people’s login details to be able to do this. Did he hack Liquid’s databases and peep that information or did he use social engineering to get it? I think it’s the latter – he is charged with stealing customers’ data and not hacking Liquid according to the reports.
Fibre on the Go
Nyadziso had another zhet. He exploited another useful feature that Liquid has. Liquid allows its customers to use their data away from home with their On-The-Go service. FibroniX on the Go allows you to use your FibroniX bandwidth at any Liquid Home Wi-Fi zone.
To use your fixed internet away from home, simply add the devices you want to be able to use your data in WiFi zones. This way, you’ll be able to connect your devices to the internet through WiFi hotspots, just like you would at home.
Nyadziso would simply add devices to the Liquid Home On-The-Go service of unsuspecting Liquid customers without their knowledge. These devices would need to be used at Liquid Home Wi-Fi zones, but Nyadziso’s clients likely did not mind because they were only paying $10 per month to use other people’s data without limit.
Seeing as Nyadziso had connected 82 people in this way, he was making about $820 per month from this. If we add whatever he charged for the data transfers then he was easily making a grand a month.
Data Protection Act
Nyadziso is accused of contravening the Data Protection Act. He was remanded out of custody for which he paid bail of $400.
We talked about the Act a lot and you can go back and see what it has to say:
- Here’s your citizen’s guide to the Cyber Security & Data Protection Act
- POTRAZ invites your input on data protection regulations, you might want to participate
The reports say Nyadziso’s victims have not recovered their data. I am not even sure they know that they were victims. They could have been told via email and so if that’s you, let us know in the comments section.
I rushed to check my own Fibroniks On The Go devices and thought I was a victim for a second. I’d forgotten about an old device and so thought some MAC address I saw there was one of Nyadziso’s.
I don’t condone what Nyadziso allegedly did, some people out there thought Liquid was playing games as they watched their data deplete at rates that didn’t make sense. Nyadziso stole from his fellow Zimbos who are struggling out here. It’s easy to not think of this as theft but it is. If you were a victim you would easily understand how this is thievery.
However, I’m still fascinated by his entrepreneurial spirit. I wonder how he was caught in the end.
Also read:
Stop lying Zimbos, there’s no way half of you carefully read cookie policies as Potraz survey shows
POTRAZ has started monitoring your calls. Here’s what you need to know
Share
Home
21 comments
Firstly, tricking Netone and Econet to think you have data, is kinda cool. I know niggas who’ve been doing it for years now.
And I think he social engineered his victims, they’re tutorials and softwares of how to hack, you just have to find them!
Also zheti he pulled was amazing, but he stayed too long in the game.
I’m too interested in knowing you snitch on him.
I think they should employ him
we do not employ criminals. the thief must rot in jail
So you thing he is the only one,,, thats why FBI even makes deals with criminals to catch or prevent the same from repeating itself.
If you cant beat them Join them!…or make them join you😅
It’s social engineering the nigga just exposed your security flaws instead u shld employ him as head of cyber systems security like what they did to Kevin mitnicky
My little brother is always online downloading whatever and whenever, apparently there’s this app called Droid, u just need to set it up and a netone sim and u are gud for free internet, net1 irikudyiwa data kwete zvekutamba nevapfanha..
Note
I asked my lil bro to set the Droid app in my itel kuti ndipinde mahara ne econet. Ndichingopinda mahara chete ndakabva ndatumirwa msg ne econet kuti bvisa app what u are doing is illegal
iyo starlink yamuri so obsessed with munomboziva kuti unit yacho inoita +700 usd kuiunza muZimbabwe?
Nothing wrong with that. If paying extra up to twice the price is worth the convenience to you, go for it. It will payoff in cheaper subs for unlimited and fast net. Every one else wanting to get on Starlink on a strict budget is either crossing borders or leveraging diaspora and trusted friends to pay the real retail price.
This is a one time upfront payment. After it’s cheap monthly subscriptions. With the range on that thing you can share the 700. Even 4 households vanokwana pa data iroro.
Anyway, I once bought a data bundle (8gig) re econet around 1 a.m to download some software, (2gig). In the middle of the download around 2 a.m magetsi bva abaya only to come back the following day kuma 2- here no magetsi means no network ye econet. Bundle was depleted, called econet zvikanzi your line was active until 7 a.m we saw multiple downloads this that. Ndakafa nekuseka but to prove a point I argued till they sorted it. Do you think panga paitwa zhet???
Kana usina 700, usafunga kuti vamwe havana. Mugore rimwe inenge yatofanana nekushandisa dzemuno. Makore anotevera acho, unenge wozipirwa.
Nepfungwa dzakadai haufi wakatenga mota.
Id love to give him a job in my startup, i like people who think outside the box,we can make use of his abilities to make real money legally
you need him to boost your illegal startup,i see.
With liquid hotspot, I buy like 700mb of data with Ecocash. After it has connected l then restart my PC. You will download staff and surf until you are tired.
Thank you for all these tips. We will be working on rectifying these issues.
Next time u won’t spill the beans
😈
we
Most internet companies in Zim are expensive for no apparent reason. We are buying data in USD not Rtgs. They should lower their rates down, that’s the reason why people are stealing in the first place, if you see yourself stealing cheap data ask yourself what you are doing.
Guys can you help toridawo remahara iri