Unmasking TVO

An investigation reveals who really is behind Facebook character

How do you track a character who is hell-bent on hiding their identity on the online social networking service, Facebook? That is the task several individuals and intelligence institutions in Uganda have sought to answer as they sought to unmask a Facebook character called Tom Voltaire Okwalinga (TVO). Pseudo names associated with this character include Maverick Blutaski, General Shaka, Rtd Gen. Maverick, and Poliko. The only real person name associated with the character is a 41-year old man called Shaka Robert Kananura.

Shaka’s name was officially linked to TVO for the first time when he was arrested in February 2015 and charged in June 2015 with violating the Computer Misuse Act as a suspect for writing under the name Tom Voltaire Okwalinga or TVO. He denied the charge. He was in the same month released on bail.

But is Shaka really TVO?

On the face of it, this question should be easy to answer. But surprisingly, the Museveni administration has proved exceptionally incompetent in managing ICT issues but even worse when it comes to the management of social media.

Consequently, while the government has spent millions of dollars trying to know who TVO is and gotten little or nothing, it takes even an amateur to establish his identity. It could boil down to either corruption, incompetence, profiteering by insiders in the system preferring not to establish truths. Among its major attempts was a government request to Facebook to release the identity of TVO. Facebook refused.

Meanwhile TVO has continued unleashing sensational information.

On December 30th 2016 at 8:16am, TVO posted on his page: “HUGE BREAKING NEWS IN 10 MINUTES”.

Then later he posted: “1st. Jan. a covert and clandestine campaign to quickly uproot the illegitimate regime begins. This will target (President Yoweri) Museveni, his family members (who are part of the oppression machine), their business interests and anything and anybody associated with them will be targeted by people. They will not see or know who they are. The very ground on which this illegitimate regime is standing will be more shaky than ever before.”

But the events that have exposed the identity of TVO had started a few days earlier, on December 26, 2016.

On that day, at 12.36am, a group of hackers claiming to be Albanian hacked into the websites of several government departments and ministries including that of Finance, Education, President’s Office, Uganda National Examinations Board, the Inspectorate of Government, the National Agriculture Research Organisation, Judicial Service Commission, Post Bank, Ministry of Foreign Affairs and embassies/consulates in Bujumbura, Pretoria, and Mombasa etc.

After this, they sent an electronic message to TVO on Facebook.

“Hello. Is this TVO? We are an Albanian hacker group with anonymous. We are working on hacking Uganda government and we came across you. We are wondering if you want to buy some information we have hacked from websites and server about government and president of Uganda. Uganda Website security is very bad and the administrators are very stupid. We have a lot of information from a lot of websites from finance.go.ug, education.go.ug, parliament.go.ug and plenty more. We also have a lot of Uganda top stories. If you want them we would like to talk to you about working with you and taking out the corrupt government.”

Now TVO is a smart internet junkie. He instinctively feared this could be a trap to unmask him. So he did not take the bait easily.

Instead, over the next 34 hours, he sought to authenticate the identity of this hacker group. There is something in the hacking community called “The Dark Net.” It is a hidden secretive place on the World Wide Web where hackers meet to do business and share information.

Hackers created software called “Wire”; an encrypted instant messaging app which deletes messages automatically after the recipient has read it. However, Wire automatically uploads your contacts to its service by default and this information remains on the Wire server. During the next 34 hours, TVO communicated with this hacker group on Wire and requested for screenshots of the hacking work they had done. They sent it to him.

After verifying and authenticating they were a real hacker group, he replied to their email on December 27, 2016 at 10.11am.

TVO wrote: “We would be very interested in taking data off you. If you have anything on Yoweri Museveni and his family and anything that would bring down any corrupt officials in power down to their knees. I am sure you have been reading the Facebook page we have; we are growing and growing daily and a lot of people are now following us and passing around the documents that get leaked. We would be very interested in the information from finance.go.ug, education.go.ug and the others… If you can show proof of the stuff that you have, we will certainly reward you for your time and we would like to work with you on future things. If you have any information on Molly Kamukama, Keith Muhakanizi, Godfrey Kazinda, Janet Museveni and Edwin Karugire we would also reward you greatly. Thank you.”

On December 30, 2016, TVO posted on his page: EXCLUSIVE BREAKING NEWS; “Ministry of Finance website and entire banking system hacked. Billions stolen. Regime Behind the theft”.

These two events: the huge hack into government departments and ministries and the TVO involvement made electronic identification of TVO’s character more exciting for other hackers.

Now, remember Wire, the software TVO was communicating on, does not delete information from its server. It was, therefore, a strategic mistake for TVO to make that communication on Wire because now, the TVO account could be hacked and his identity revealed.

That is how other hackers whom this newspaper knows went to work. They hacked into TVO’s account. That is how the above communication was got.

Not only that; even the so-called Albanian hackers deleted conversations on Wire were retrieved by the TVO hackers. There, the hackers had claimed the work they did hacking government of Uganda websites was only possible because they bought a custom-made software or script called Remote File Inclusion (RFI), which cost them $75,000.

RFI allows one to embed any document or photograph or video into a website or server and it enters like a virus. It may look small is size yet it is “pregnant.” Inside the website or server it acts like a virus, appearing like an original part of the website or server. It works exactly like the HIV virus. If you try to back-up your website or server, the files get corrupted. The hackers into the Ministry of Finance had targeted the entire Electronic Communication system of the ministry perhaps to follow government payments.

Anyone who knows how to do this knows that printing the entire footprint of the hacking cannot be understood by the ordinary reader. But now there was 100% electronic proof that TVO is actually Robert Shaka.

Although this is the first time that this is being definitely proved by experts, we have said many times that all indications are that Robert Shaka Kananura is TVO.

This is mainly because although TVO, who has been a social media junkie for a couple of years, has been passing off as a mystery, the founder of that account is Robert Shaka. And he has made many mistakes that reveal his identity.

Shaka’s ego is too big to hide and consequently he has not only left many clues about his true identity in many of his posts as TVO, but he openly brags about him being TVO, especially to the many women he is interested in.

To understand who TVO is, even without hacking into his Facebook, you need to follow him over time. He leaves a lot of hints, perhaps deliberately or may be carelessly in his posts, his travel calendar and associates. But most recklessly, he likes to brag, especially before women, that he is the TVO whom government is hunting for. Indeed the first person to expose him was his ex-girlfriend called Irene Bigungi Mahoro after their affair went sour.

Let us begin with the clues: on November 25th, 2011 TVO posted on his Facebook page: “Happy thanks giving to all my friends and especially my workmates who toil every day to save the lives of many and make a difference in their lives.”

There is no office in Uganda that celebrates Thanks Giving except the US embassy. The first clue is that whoever is TVO works with the US embassy directly or its many other arms. When TVO said: “who toil every day to save lives” – he is giving away a hint that this is someone working in the medical field of the US embassy activities. That zeros any investigator to CDC. In 2011 Shaka was part of a team (working as a computer management specialist) of CDC in Tororo under a project that was distributing ARVs.

The second line of investigation is Shaka’s travel calendar and that of TVO. ON February 8, 2012, TVO posted on his page about a Public Accounts Committee (PAC) meeting at a hotel in Entebbe which had criticised central bank governor, Emmanuel Tumusiime-Mutebile. On his page it showed he was posting from Cambridge, UK. At the same time, according to the records at Entebbe Airport, Shaka had travelled to the UK. On July 26th 2013, TVO posted that he had travelled. Records at Entebbe Airport Immigration show that Shaka too had travelled. The list of Shaka’s travels coinciding with TVO’s travels is too long to enumerate here.

The third line of investigation in the link between Shaka and TVO is the Facebook page itself. On May 30th, 2013, Maverick Blutasky, the other account for Shaka, posted on his page saying: RIP [rest in peace] mama. In the comments below this message, TVO also posted saying “RIP mama. You left after planting many grains of wheat that have germinated to continue the struggle for social justice.” This means that TVO is a sibling of Maverick Blutasky. Or it is the same person. But then how is Maverick Blutasky connected to Robert Shaka?

On Facebook you can change your name but keep your account details and posts the same. Shaka has changed his Facebook account name a couple of times from General Maverick, to Retired General Maverick to Maverick Blutasky. If you go deep into the Facebook browser, Maverick Blutasky is on https://www.facebook.com/rshaka. Secondly when you forget your password and want to change it, you can use your telephone number or email address to get a new code. Facebook gives you a hint of your number or email by revealing the first and last figures of your email or number. On TVOs page the hints are: m****a@yahoo.com and t****a@yahoo.com’ which is for MaverickShaka@yahoo.com and TomOkwalinga@yahoo.com.

Before his arrest, the post of Maverick Blutasky and those of TVO would be the same; and if you searched the URL of Maverick Blutasky would appear above the post of TVO. The link became obvious: the birthdays of Shaka were shared by TVO; the mother’s death was mourned on the same day. And each time Shaka travelled out of the country TVO also posted that he was traveling out of the country.

In November 2016, Shaka gave a Skype Interview to the technology magazine `Wired’.

The magazine described him as a quiet, middle-class father of two young boys and a baby girl, who can stay indoors for days on end reading, playing games on his PlayStation and watching news and political debates on television.

An IT specialist, who the Magazine says worked diligently for the U.S embassy for 15 years, Shaka “is anything but revolutionary and far from a radical figure. He supports equality, liberty and freedom of expression”.

The magazine continues: “Shaka has a big personality and a theatrical manner, and pays close attention to intricate details when he tells a story. But he can also come across as a quiet guy who got caught up in a paranoid government’s obsession with a controversial online character. Shaka never imagined that his arrest would become symbolic of how repressive states throughout the region are clamping down on freedom of expression online”.

So Shaka is not an eccentric with an agenda seeking to bring down a government anonymously. Instead, a brief profile of TVO/Robert Shaka immediately reveals someone with a desire to be known by the public.

TVO is a Facebook account created and managed by Robert Shaka, helped by his brother Henry Lugasira and Abbey Semuwemba.

Soon after he was granted bail, Shaka flew to the U.S. where, it appears, he plans on staying. He rents a small room in the apartment of one Aminah Kwatampora on 13923 Castle BLVD, Apartment 32, Silver Spring Maryland, 20904-4946. He says he works with the U.S. insurance company, GEICO.

In the late 2000s he was working with the US embassy in Kampala under the Center for Disease Control (CDC) as an ICT specialist. His work colleagues say he has good ICT skills and possesses a passion for social media. He has a couple of friends in the security services, his father having fought in the NRA where he died. He claims to have been a child soldier but there is no proof of that and feels aggrieved that he has not been a beneficiary of government largesse. He also has an OB in the Presidential Guard Brigade (PGB) who used to supply him tips from the inside.

****

amwenda@independent.co.ug

****

editor@independent.co.ug

Tweet