Iran Election Guide

Donate to EAWV





Or, click to learn more

Search

Thursday
Jan062011

Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)

Danny O'Brien of the Committee to Protect Journalists writes:

The Tunisian government has been a notorious censor for many years, for journalists online and off. In the wake of widespread domestic protests in December, however, the authorities appear to have turned to even more repressive tactics to silence reporting. In the case of Internet bloggers, this includes what seems a remarkably invasive and technically sophisticated plan to steal passwords from the country's own citizens, in order to spy on private communications and squelch online speech.

Based on reports of users in the country, Tunisian authorities appear to be modifying web pages on the fly to steal usernames and passwords for sites such as Facebook, Google and Yahoo. Unknown parties have subsequently logged onto these sites using these stolen credentials, and used them to delete Facebook groups, pages, and accounts, including Facebook pages administrated by Sofiene Chourabi, a reporter with Al-Tariq al-Jadid, and the account of local online video journalist Haythem El Mekki. Local bloggers have told CPJ that their accounts and pictures of recent protests have been deleted or otherwise compromised.

Usually in such hacking attacks, it's hard to pin responsibility, except circumstantially, on local governments. Those conducting this particular attack, however, needed an extraordinary amount of privileged access to Tunisia's network infrastructure. Looking at the clues left by the attack, I'm among those who think all the evidence points to a state- controlled operation.

Here's how it worked, as uncovered by the online news site The Tech Herald: When Tunisians visit, say, Facebook, the page they receive has 10 extra lines of code, as compared to the normal login page originally sent by Facebook itself.

When Tunisians hit the Facebook "login" button, this extra code takes their user names and passwords, scrambles them, and then calls for another Web page, with the scrambled data included in the new Web address it requests. Tunisians don't see this new page, but their browser still attempts to load it, sending their private credentials across the Net.

How did these extra 10 lines get there? It's possible that they could be inserted by local viruses or malware, but widespread accounts from Tunisians strongly suggest these lines are being dropped into the Facebook page by the state-run Internet service provider, the Tunisia Internet Agency.

Where is the private username and password being secretly sent? The extra code within the Facebook page doesn't send the password data to another rogue Internet server, as you'd expect if this code was inserted by criminal hackers. Instead, the user's browser attempts to load a non-existent page on Facebook's own site, called "http://www.facebook.com/wo0dh3ad".

A page access like that would normally only reveal your user name and password to Facebook itself. Unless that is, the Tunisian Internet Agency is logging all web addresses visited by its customers, and keeping a record of visits to this particular address. Such logs are not difficult for an ISP to create or maintain. Indeed, if you were building a local censorship system, you could easily generate such a log as a side effect of your filtering systems.

From every piece of evidence CPJ has seen, this looks nothing like a criminal hacking attack, and everything like a state-run attempt to gain access to private online accounts. Certainly, it explains the rash of hacking attacks on activists and reporters in the region.

What can be done? Fortunately, because the fake "wo0dh3ad" page accessed was on their site, Facebook may well have a log of everyone whose account was compromised and can take steps to warn and protect their Tunisian users. As we have previously advised, Internet companies should deploy encrypted "https" versions of their sites, which prevent intermediaries from meddling with their data in transit. And Internet infrastructure providers and foreign governments should publicly demand an explanation from the Tunisian Internet Agency for their violation of every principle of Internet management, as well as their own citizen's right to privacy and a free, uncensored online press.

PrintView Printer Friendly Version

EmailEmail Article to Friend

« Tunisia Cyber-Special: "Anonymous" Takes Down the Government | Main | EA Appeal: Save the Vulture (Who is Not, In Fact, an Israeli Spy) »

References (20)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Just Released
    Today, I went to the beachfront with my kids. I found a sea shell and gave it to my 4 year old daughter and said "You can hear the ocean if you put this to your ear." She placed the shell to her ear and screamed. There was a hermit crab ...
  • Response
    Response: hack facebook
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien),あなたはここに情報を表示することができます関連の記事を見たい場合は、この記事は、しかし正確に書かれていた:Louis Vuitton Outlet,
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    Response: browse around here
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    Response: Free FIFA 14 coins
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    Response: any games hacks
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    Response: centralhacks
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)
  • Response
    Response: comprar un ebook
    EA WorldView - Home - Tunisia Cyber-Special: Authorities "Invade" Facebook to Monitor Activists (O'Brien)

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>