Malicious code inserted into Tunisian versions of Facebook, Gmail, and Yahoo! stole login credentials of users critical of the North African nation's authoritarian government, according to security experts and news reports.
The rogue JavaScript, which was individually customized to steal passwords for each site, worked when users tried to login without using secure sockets layer protection designed to prevent such "man-in-the-middle" attacks. It was found injected into Tunisian versions of Facebook, Gmail, and Yahoo! in late December-- around the same time that protestors began demanding the ouster of Zine el-Abidine Ben Ali, the president who ruled the country from 1987 until his ouster in mid-January.
According to Danny O'Brien, internet advocacy coordinator for the Committee to Protect Journalists, the script was most likely planted using an internet censorship system that's long been in place to control which internet pages Tunisian citizens can view. Under this theory, people inside Tunisian borders were directed to phony pages that were perfect facsimiles of the targeted sites except that they included the extra forty extra lines of code that stole users' login credentials.
He said similar phishing attempts targeting Tunisian protestors date back to June, and possibly much earlier.
No comments:
Post a Comment