IN 10 SIMPLE STEPS: HACK SAFARICOM M-PESA AND BONGA ACCOUNTS AND GET AWAY WITH ALL BONGA POINTS AND 1.5GB DATA BUNDLES (WORTH KSH 1,000) MULTIPLE TIMES
............................................................................
A wide range of technical and nontechnical issues associated with the use of Safaricom M-PESA provide both opportunity and threats to most Kenyans of all ages. The issue span the full spectrum-from not being able to use the system and secure PIN numbers, to complying with laws on collecting data on customers by M-PESA agents, to violation of privacy. If you become an M-PESA user you will likely be gumbling the safety of your money with the "world". As a user of information systems, it is your own self interest to become well versed on these issues. You need to know how to avoid or recover from technology crimes, fraud, privacy invasion and other potential problems.

In 10 simple steps here, Digital Signal Kenya shows you how possible it is to breach your M-PESA and BONGA accounts and how to keep safe.

"When I say hacking 1.5GB data bundle I mean 1500MBs; think of this.. 1500MBs plus all his/her bonga points? In a minute without a sweat?

Safaricom - no doupt is one of the IT powehouses in Kenya - with millions of customers you expect it to have the best engineers to guaranty security to your data and money. But in the technology world anything created can be hacked and cracked; now when I say hacking people start to thing of a complex process involving multiple super machine systems and millions of computer codes doing some unimaginable things (the kinds u see in movies). Hacking can be a simple process, like stealing somebody's PIN number and using it to sambaza their credit to your phone or even simply reading their txt messages; yea.. that is hacking.

At digital Signals Kenya, I discovered a loop hole in the Safaricom M-pesa and bonga modules that can earn you free data and bonga points through the following 10 simple steps:

1. Gain access to the ID number of ua target (the person whose m-pesa account and bonga points u want to hack). If u cant get this physically then u will need some bits of social engineering skills (We discuss this another day).

2. Gain acess to the target's mobile number (Now this is easy;tell them u want to play game, transfer music etc. Most people are generouse in giving out there cell phones: that is our weakness, so long as u don't read their text messages they'll be fine)

3. Using their cell phone dial: *126*5*1#.

4. Safaricom will prompt you to enter the persons ID number. Enter the ID number in the text field given and press the OK button.

4. Safaricom will then propt you to enter the last direct top up amout. Now here u will need to use what we techies call brute force or u can call it gues work. Most people top up bamba 20 so start with this if it fails try 10, 50 or 100 depending on the persons financial rank - u can do this, right? The main point of using brute force (gues work) here is because having used social engineering to know the ID number in step 1 above using it again here might raise questions.

5. After a successful gues in step 4 above, Safaricom will then request you to "Please enter new bonga PIN". Enter any 4 digit PIN u of your choice but be sure to memorize it for future use (For example 0000) and press OK. Confirm the PIN number again and Press OK.

7.Now Safaricome will confirm the new PIN and tell you to keep it safe; please do so.

8. Now armed with the new four digit bonga pin, dial *544*2# and in payment option select:
2. M-PESA
9. Enter the bonga PIN obtained in step 5 above. Safaricom will then prompt you to choose receipient: Enter your phone number e.g 0712345678

10. Here the choice is all yours, just remember the Swahili saying: "Ukitaka kula nguruwe, .............."

1. 40MB (at Ksh 50)
2. 80MB (at Ksh 100)
3. 200MB (at Ksh 250)
4. 500MB (at Ksh 500)
5. 1.5GB{1500MB} (at Ksh1000)

NOTE
............
As long as there is lots of dosh in that M-PESA account, you can repeat this procedure multiple times.

Experiment and master the procedure well with your phone first before you prey on your target (speed matter)

You can also use the same PIN number to transfer bonga points to your number by dialing *126*4# and following the instructions.

Make sure not to leave any footprints because those guys people from my vilage call POLIS could be coming for you after the hack (Contact me on how to do this or simply wait for my next article)

This article is purely for safety education purposes an the author shall not be responsible for any violations thereafter.

If you succeed in your mission; please dial *544*98*13# alaf unisambazie MBs kias (haha.... just kiding)

~~~~~~NICE TIME TECHIE~~~~~