{"id":3038,"date":"2011-02-10T14:26:31","date_gmt":"2011-02-10T14:26:31","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3038"},"modified":"2015-09-09T19:37:18","modified_gmt":"2015-09-09T11:37:18","slug":"tunisia-running-country-wide-facebook-gmail-yahoo-password-capture","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/02\/tunisia-running-country-wide-facebook-gmail-yahoo-password-capture\/","title":{"rendered":"Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture"},"content":{"rendered":"

We have mentioned Facebook<\/a> plenty of times, they have had their fair share of security issues and we have mentioned Tunisia once way back in regards to Internet Repression<\/a>.<\/p>\n

It seems like the government of Tunisia have been basically phishing<\/a> their users with fake versions of login pages for Facebook, Gmail and Yahoo!. It only works for users that aren’t<\/strong> using the https:\/\/ AKA SSL version of the sites, but then again who knows how much coverage FireSheep<\/a> got in the Tunisian media.<\/p>\n

It seems Tunisia has their own version of the Great Firewall of China to censor the content served up to its citizens and this system was used to inject the malicious JavaScript.<\/p>\n

Malicious code injected into Tunisian versions of Facebook, Gmail, and Yahoo! stole login credentials of users critical of the North African nation’s authoritarian government, according to security experts and news reports.<\/p>\n

The rogue JavaScript, which was individually customized to steal passwords for each site, worked when users tried to login without availing themselves of the secure sockets layer protection designed to prevent man-in-the-middle attacks. It was found injected into Tunisian versions of Facebook, Gmail, and Yahoo! in late December, around the same time that protestors began demanding the ouster of Zine el-Abidine Ben Ali, the president who ruled the country from 1987 until his ouster 10 days ago.<\/p>\n

Danny O’Brien, internet advocacy coordinator for the Committee to Protect Journalists, told The Register that the script was most likely planted using an internet censorship system that’s long been in place to control which pages Tunisian citizens can view. Under this theory, people inside Tunisian borders were led to pages that were perfect facsimiles of the targeted sites except that they included about 40 extra lines that siphoned users’ login credentials.<\/p><\/blockquote>\n

It seems to be a very wide-spread attack (which effects the whole country) when in fact the targets of the attack are only a select group (anti-government protesters and organizations).<\/p>\n

The ‘unknown parties’ which have carried out this attack have used the stolen Facebook<\/a> credentials to shut down groups, block page and group administrators and delete\/block pages administered by Journalists and Anti-government networks such as TAKRIZ<\/a>.<\/p>\n

It’s a pretty interesting twist on things, we’ve heard of governments blocking sites like Facebook an we’ve heard of cyber-terrorism<\/a> where governments target other countries….but this is the first case I’ve read about a government essentially hacking it’s own citizens!<\/p>\n