Hacking opposition accounts on Facebook, Gmail and Yahoo

    Tunisian authorities set an example of how to effectively deal with opposition on the Internet. Instead of filtering traffic, they simply delete hostile accounts .

    A local edition of The Tech Herald reveals a hacking technique . For users in Tunisia, Facebook, Gmail and Yahoo pages when connecting via HTTP instead of HTTPS come with an “addition” of 10 lines of code. This JavaScript is used to collect logins and passwords. Here are samples of modified Gmail , Yahoo, and Facebook pages . Obviously, the script is being implemented at the ISP level.

    Perhaps the opposition’s password collection started back in July 2010, when the local monopolist provider first blocked the HTTPS protocol.for users within the country.

    Security experts from independent companies confirmed the maliciousness of the script and tried to explain the mechanism of its operation. After receiving the authorization data, he encrypts it with a weak cryptographic algorithm and places it in the URL, adding five random characters, so that an address like www.google.com/wo0dh3ad is obtained . A GET request is sent to it from the browser, which is intercepted at the national ISP level.

    Next, you only need to decrypt the received data and use it at the right time to enter other people's accounts.

    In fact, the involvement of the Tunisian government in this hacker attack has not been proven, but experts believe that it is unlikely that some extraneous attackers could compromise the entire network Internet infrastructure of the country. Moreover, the state-owned monopolist provider Tunisian Internet Agency (owned by the Ministry of Communications) was previously caught in filtering traffic: in April 2010, they blocked access from Tunisia to the Flickr, YouTube and Vimeo sites.

    Mass riots in Tunisia began on December 17 to protest unemployment and unsatisfactory social conditions. According to various estimates, from 23 to 100 people were killed and hundreds injured during the month from clashes with the police. Last weekend, the situation worsened significantly and the authorities were forced to send troops into the capital.

    The Anonymous grouping has already launched the operation “Tunisia” , has collapsed the Tunisian Internet Agency website for more than a day, and recommends that local users install an extension to the browser that cuts out the malicious script from the pages.

    On the topic:
    December 19, 2010 the Belarusian monopolist provider Beltelecom also blocked HTTPS (more precisely, port 443) for users within the country.

    Also popular now: