Mistaken Identity or Impersonation? Interrogation of Liberia Hacker Unveils Key Suspect

Monrovia – Under interrogation by British Crime National Agency, on May 18, 2017, Mr. Daniel Kaye, 30, the British national who recently pleaded guilty to two offenses under the Computer Misuse Act and one charge of possessing criminal property, sought to clarify the confusion over the identity of the individual who paid him to overwhelmed the Liberia Cellular giant, Lonestar’s computer network.

Until now, the mystery of the identity of the individual has been unknown with supporters believed to be from the Lone Star Cellular network taking out their angst against Mr. Avi Zaidenberg, the former chairman of the board of Cellcom and Manager with organized protests against Mr. Zaidenberg.

Kaye, who has been sentenced to 32 months in prison for the cyberattack that briefly knocked out telecommunications services in Liberia, told British investigators that the employee of Lonestar rival, Cellcom who paid him to launch a distributed denial of service attack on Liberian phone and internet provider Lonestar was Mr. Avishai Marziano.

Hacker: “When I say Avi, I mean Avishai Marziano”

During the interrogation, an investigator asked Kaye the following: 

“I would like to follow up on yesterday’s interview: Please explain the role of Avishai Marziano more precisely. To what extent did he know the details of what you intended  to do to Lonestar? Did he task you in general with damaging Lonestar or did he specifically order a DDoS attack?”

Kaye’s response: “When I say Avi, I mean Avishai Marziano. Avi knew the basic technical details of the procedure. He also has a certain amount of technical background knowledge and was previously the CTO of Cellcom, as far as I know. His order had several goals. Firstly, I was to carry out a DDoS attack. I also discussed parts of the intended basis of this with Avi. For example, the discussion about 5m IP cameras seen yesterday as a screenshot relates to this. This was a theoretical discussion about how that could be done. He also gave me the order to infiltrate the Lonestar network. He suspected there was corruption between the Liberian government and Lonestar and I was supposed to find evidence in the Lonestar files. He was also interested in customer data, databases regarding telephone numbers and the like. A while later, we also spoke about damaging Lonestar’s reputation by publishing the abstracted data.”

Investigators documented that at the beginning of the interview on 18 May 2017, Kaye declared for the record that he intended to correct the information he had provided as to the persons “Avi” and “Ran”. He said that he had not mentioned the full names/details of those persons because he feared that in particular “Avi” would inflict damage on his family.”

The contacts extract from his mobile phone was then presented to KAYE. Kaye confirmed that this was the initiator of the DDOS attack against the Liberian mobile Telecoms Provided, Cellcom, whom he had named as “Avi. Furthermore, an extract from the Facebook profile of “Ran Polani” was presented to KAYE to the interview on 18 May 2017. He confirmed that his was the full name of the contact person he had designated as “Ran”.

Kaye’s revelation is crucial to the ongoing confusion between Mr. Avishai Marziano and Mr. Avi Zaidenberg, former board chair of Cellcom and the current manager of the Liberia International Shipping Registry (LISCR).

Orange Points to Marziano

On January 15, 2019, Orange which purchased Cellcom in 2016, issued a statement for the first time addressing the matter and naming Marziano.

The Orange statement reads: 

Orange has been made aware of the reports of [DDOS/CYBER] attacks carried out against Lonestar in or around 2015 and 2017 and the alleged involvement of Avishai Marziano in such attacks.

Mr. Marziano previously performed certain roles in the operation of Cellcom Liberia prior to Orange acquiring control of Cellcom Liberia in April 2016. He continued to provide services to Orange Liberia for a transitional period after Orange acquired control of the company. Mr. Marziano has not had any role or involvement with Orange Liberia since February 2017. Orange takes these matters seriously and is carrying out an investigation.”

Further review of the investigation notes reveal that Mr. Marziano presented himself to the hacker Kaye as Avi Zaidenberg.

Investigators swept through the cellphones of both Mr. Marziano and Mr. Kaye which led them to the conclusion that Mr. Marziano authorized the hacking and Mr. Kaye implemented.

Investigators also concluded that the Liberian mobile telecoms number xxxxxxxxxxxxx is stored in the directory of the smartphone under “A”. As confirmed by Kaye in the interview on 18 May 2017, the holder of that phone number is Avishai Marziano. Moreover, the email address is saved in the memory of Mr. Marziano’s phone.

Investigators noted that the conversation between Marziano and Kaye were held in English. “The individual parts of the conversations do not allow for a direct inclusion as a relevance to the proceedings. However, according to Kaye’s statement, Marziano is the initiator of the DDoS attack against the Liberian mobile telecoms provider Lonestar-Cell.”

Investigators further concluded: “The communication on 26 August 216 gives rise to the conclusion that Kaye and Marziano stayed in the same town or so at that point in time and intended to meet on the next day. Marziano cancelled that meeting, however, because he wanted to pass the time “with the children”. He stated that, moreover, the next day was the “last day before the flight on Monday”, ie 29 August 2016. Kaye several times proposes a meeting, but it cannot be seen from the communication whether this takes place. But it is also mentioned several times that they communicated via the Threema messenger, so that further conversations may have been held via that service; these, however, are not available here. At Threema, Marziano used the name “Apoper”.

In another chat with the contact Rotem Kemer, Investigators noted, Kaye explains on 21 August 2016 that he would fly to Crete in order to meet the client: “I’ll be in Crete on the 28th again before the client leaves and then I’ll know more.” Kaye describes this client with the words “a major client for years already… it gives confidence.

Hence, investigators noted: “It is to be assumed that Marziano among others met in Crete in August 2016 according to Kaye, further meetings took place in London.”

Afraid of “Avi”

In the interview on 18 May 2017, Kaye stated that he was afraid of “Avi” and that the latter might inflict damage upon his family. 

Noted investigators: “The conversation between Kaye and Marziano as well as statements about Marziano made the communication take place on a friendly level. They give the impression that the communication takes place on a friendly level. Moreover, numerous screenshots and photos were found on the smartphone that are not embedded in a thread of communication, but according to Kaye were exchanged between him and Marziano. As a rule, a relationship can be established here to the DDoS attack on the Liberian telecoms provider Lonestar-Cell commissioned by Marziano and carried out by Kaye.”

When questioned about his connection with Lonestar-Cell, Mr. Kaye said: “Me personally, nothing, but a person put me in contact with a third person who ordered these attacks. The person who arranged the contact is someone called “Avi”, who worked for the Liberian Shipping Company, “LISCR” as CTO or regional manager.”

Kaye told investigators that he could not provide Avi’s surname but said: “I have known him for several years. I first met him two, three years ago. That was in London. At that time, he was working for LISCR. At least that was what he told me about himself. Later, he worked for a mobile telecom provider in Guinea and as far as I know, he later had a position at a provider in Liberia; which one precisely, I don’t know.”

Marziano left Cellcom in 20xx to take up management of the company’s Guinea operation.

Kaye describes “Avi” as a 40-years-old man. “Maybe a bit older, and he did bodybuilding. You could see that, but he also talked about it himself. At the time he put me in contact with this third person, Avi was working for a telecommunication provider in Liberia, a competitor of Lonestar-Cell. I think the company is called Cellcom, they have a red logo, in any case.”

Avi Zaidenberg is believed to be in his 60s.

Avi Zaidenberg

Investigators: Hacking ‘Commissioned by Marziano’

Kaye further explained that in the two to three years he has known Avishai, they’ve cooperated professionally on various things. 

“I have done jobs in the field of cybersecurity Avi worked for. In 2015, or 2016, there was a change in government in Guinea, and Avi’s company tasked me with finding a solution for how to secure the company data in the event of an assault by the new government. The solution I implemented envisaged the company data being encrypted, similar to ransomware. This could be triggered by SMS or via a login. I believe I already talked about another project on how to provide free access to certain services. In order to do this, I had developed a proxy solution. I had also performed penetrating testing for Avi’s three companies.”

Asked whether he would describe the business relationship between he and Avishai as continuous and as one of your main clients, Kaye told investigators: “This is very difficult to decide. Sometimes there was more work, sometimes less. In work phases, we communicated very frequently.”

In their conclusions, British investigators concluded that there was no evidence connecting Cellcom to the hacking but rather the two individuals: “We deemed Kaye’s testimony regarding the persons Avishai Marziano and Ran Polani to be plausible. The personal data were confirmed by way of an analysis of the court exhibit and open source research. Further personal data, such as the dates of birth and nationalities are currently not known. It is striking that the communication between Kay and Marziano or Polani took place in English although all of them are likely to have a relation to Israel and, thus, the Hebrew language. Daniel Kaye was commissioned by Avishai Marziano to perform DDoS attack on the Liberian mobile telecoms provider Lonestar-Cell. Ran Polani served as a middleman. Kaye installed a botnet or expanded the already existing bodnet#14 in order to be able to implement this commission. As a result, a failure of approx.. 1.200.000 telcom routers in Germany occurred on 27/28 November 2018.”