Wednesday, August 10, 2022

Amon and Molao’s Facebook hacking story not credible

A Facebook account by a whistleblower who posted an alleged Facebook messenger conversation between Sebina Councilor Kemmonye Amon and Assistant Minister of Education Fidelis Molao is more credible than statements by the two Botswana Democratic Party (BDP) leaders denying that they ever had the conversation ÔÇô Sunday Standard investigations have revealed.

The alleged conversation between Molao and Amon took place weeks after the Facebook-owned messaging took place weeks after Facebook which owns Whatsapp and Messenger rolled out its hack-proof encryption. At the time Molao and Amon allegedly had the conversation (which was bought by Facebook and have the same settings) Whatsapp had on April 5 2016 rolled out an end to end encryption for all its 1 billion users. The new feature was implemented covertly and became available to users automatically.

“The move to an end-to-end model for Whatsapp extends the message encryption so that the message in encrypted on the sender’s device, and only decrypted on the recipient’s device, with Whatsapp or others unable to decrypt the message in between,” explained Dominic White, chief technology officer at South Africa’s digital security firm SensePost. Although White and another tech wiz Murray Hunter, who works on the secrecy desk for South Africa’s Right2Know agree that Whatsapp’s end-to-end encryption is not infallible they also agree that it cannot be hacked.

 “You will still give off lots of sensitive information about the message (e.g. who you are communicating with, when and where – this is called metadata). They also point out that the new encryption system will not secure your phone from security breaches like someone taking your phone and reading the messages right there. “And it won’t protect you from your friends and frenemies taking screenshots of what you’re saying in your private messages,” said Hunter. This adds up with the Facebook account by the whistleblower, Amon’s niece who claimed to have taken screenshots of the conversation between her uncle and Molao and posted then online. Even before the whatsApp end to end encryption, the Facebook-owned messaging service could not be hacked remotely. There were two systems being touted on the internet: Mac Spoofing or using spyware, both systems however involved physically getting hold of the victim’s cellular phone handsets. This means the culprits would have had to get hold of both Molao and Amon’s cellularphone handsets to hack into their Facebook accounts.  They would then have to access both their Media Access Control address (MAC address) which is a 12-character unique identifier assigned to the network adapter of your Wi-Fi device.

It would however still be difficult to run Facebook parallel on two devices. Each Facebook account is associated with unique MAC (Media access control) address. If anyone changes their device (MAC address also changes), and they would be requested to re-verify their Facebook account. This means you cannot access same Facebook account from two devices. To re-verify, they would need the confirmation code from your target’s phone. This code would be sent to the target’s phone number as part of the Facebook configuration process. The hacker would again have to physically get hold of Molao and Amon’s cellularphone handsets to get the verification codes. This makes the hacking story sound very improbable and the fact that their alleged conversation took place after Facebook hack proofed its system makes their hacking story unbelievable.


Read this week's paper