• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture

February 10, 2011

Views: 14,201

We have mentioned Facebook plenty of times, they have had their fair share of security issues and we have mentioned Tunisia once way back in regards to Internet Repression.

It seems like the government of Tunisia have been basically phishing their users with fake versions of login pages for Facebook, Gmail and Yahoo!. It only works for users that aren’t using the https:// AKA SSL version of the sites, but then again who knows how much coverage FireSheep got in the Tunisian media.

It seems Tunisia has their own version of the Great Firewall of China to censor the content served up to its citizens and this system was used to inject the malicious JavaScript.

Malicious code injected into Tunisian versions of Facebook, Gmail, and Yahoo! stole login credentials of users critical of the North African nation’s authoritarian government, according to security experts and news reports.

The rogue JavaScript, which was individually customized to steal passwords for each site, worked when users tried to login without availing themselves of the secure sockets layer protection designed to prevent man-in-the-middle attacks. It was found injected into Tunisian versions of Facebook, Gmail, and Yahoo! in late December, around the same time that protestors began demanding the ouster of Zine el-Abidine Ben Ali, the president who ruled the country from 1987 until his ouster 10 days ago.

Danny O’Brien, internet advocacy coordinator for the Committee to Protect Journalists, told The Register that the script was most likely planted using an internet censorship system that’s long been in place to control which pages Tunisian citizens can view. Under this theory, people inside Tunisian borders were led to pages that were perfect facsimiles of the targeted sites except that they included about 40 extra lines that siphoned users’ login credentials.

It seems to be a very wide-spread attack (which effects the whole country) when in fact the targets of the attack are only a select group (anti-government protesters and organizations).

The ‘unknown parties’ which have carried out this attack have used the stolen Facebook credentials to shut down groups, block page and group administrators and delete/block pages administered by Journalists and Anti-government networks such as TAKRIZ.

It’s a pretty interesting twist on things, we’ve heard of governments blocking sites like Facebook an we’ve heard of cyber-terrorism where governments target other countries….but this is the first case I’ve read about a government essentially hacking it’s own citizens!

“Because it seems to be a perfect copy of the Facebook page, the first thing you assume is the Tunisian government has very cleverly injected the JavaScript as the data went through,” he said.

He said similar phishing attempts targeting Tunisian protestors date back to June, and possibly much earlier.

Although The Tech Herald reported on the rogue scripts three weeks ago, the revelations escaped wide notice until now. On Monday, members of the anti-Tunisian TAKRIZ network warned supporters to stop relying on its Facebook page (at facebook.com/takrizo) after discovering on Friday that all administrative access to it had been suspended.

This is consistent with Danny O’Brien’s findings from earlier this month, which said that unknown parties have used the pilfered credentials “to delete Facebook groups, pages, and accounts, including Facebook pages administrated by Sofiene Chourabi, a reporter with Al-Tariq al-Jadid, and the account of local online video journalist Haythem El Mekki.”

Also on Monday, The Atlantic reported that members of Facebook’s security team first became aware of the mass credential slurp in the days immediately following Christmas, when they began receiving similar reports of mass deletions of Tunisian dissidents’ pages.

There was enough reports to alert Facebook themselves to the problem and they began investigating the issue around Christmas. It was them who realized something very bad was going on amidst one of the worst political upheavals in decades.

By January 5th Facebook found it pretty clear that an entire country’s worth of passwords were in the process of being stolen, they promptly forced all users from Tunisia to SSL connections to mitigate the problem.

Of course the ISP can still downgrade the connection request from SSL to a normal http:// connection, but so far Facebook states they haven’t seen that happen. Also, being the government Tunisia can issue valid, signed SSL certificates and make any site it wants https://.

Source: The Register

Share
Tweet
Share13
Buffer
WhatsApp
Email
13 Shares

Filed Under: Legal Issues, Networking Hacking Tools, Privacy Tagged With: facebook, facebook security, facebook-privacy, Legal Issues, Privacy



Reader Interactions

Comments

  1. DEVIL'S BLOG says

    February 11, 2011 at 2:26 pm

    This news is not fairly good

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AI-Powered Malware - The Next Evolution in Cyber Threats

AI-Powered Malware – The Next Evolution in Cyber Threats

Views: 266

Introduction Artificial Intelligence (AI) is reshaping cybersecurity on both sides of the … ...More about AI-Powered Malware – The Next Evolution in Cyber Threats

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 375

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 684

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 602

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 643

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 485

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (230)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,299,612)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,113)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,648)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,695)
  • Password List Download Best Word List – Most Common Passwords (933,536)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,181)
  • Hack Tools/Exploits (673,304)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,196)

Search

Recent Posts

  • AI-Powered Malware – The Next Evolution in Cyber Threats May 21, 2025
  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy