Facebook vs. Tunisian ISPs

[Ron2K]

Interesting (and slightly terrifying) story here - with the recent activism in Tunisia, a lot of their citizens used social media as an outlet; long story short, the Tunisian ISPs then began man-in-the-middle attacks to get hold of their citizen's FB passwords...

It was on Christmas Day that Facebook's Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia. Reports started to trickle in that political-protest pages were being hacked. "We were getting anecdotal reports saying, 'It looks like someone logged into my account and deleted it,'" Sullivan said.

For Tunisians, it was another run-in with Ammar, the nickname they've given to the authorities that censor the country's Internet. They'd come to expect it.

In the days after the holiday, Sullivan's security team started to take a closer look at the data, but it wasn't entirely clear what was happening. In the US, they could look to see if different IP addresses, which identify particular nodes on the network, were accessing the same account. But in Tunisia, the addresses are commonly reassigned. The evidence that accounts were being hacked remained anecdotal. Facebook's security team couldn't prove something was wrong in the data. It wasn't until after the new year that the shocking truth emerged:

Ammar was in the process of stealing an entire country's worth of passwords.

Full article (well worth the read)

[Bladerunner]

Why not just hash the passwords before you send them across? They can be directly compared with the hashes in the database on the other side.

[Anakha56]

Thanks Ron will read it now .

[Anakha56]

Very, very scary but surely DPI can do the same thing?

[jee]

Slight highjack....

latest updates on the ongoing Egyptian Internet blackout, including some trace-based analysis and a few words about neighboring countries.

Confirming what a few have reported this evening: in an action unprecedented in Internet history, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. Critical European-Asian fiber-optic routes through Egypt appear to be unaffected for now. But every Egyptian provider, every business, bank, Internet cafe, website, school, embassy, and government office that relied on the big four Egyptian ISPs for their Internet connectivity is now cut off from the rest of the world. Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr, and all their customers and partners are, for the moment, off the air

We've also been asked repeatedly whether other countries in the region are readying a "kill switch," and whether there are already outages in, for example, Syria. The answer, for now, is no. Syria's Internet connectivity appears to have been quite stable, as have other countries in the region, and nobody else has significant Internet connectivity problems so far.

I predict that Egypt's "kill switch" experiment will serve as a cautionary tale: the economic and reputational costs of the shutdown far exceed the benefits of regaining total information control.

We would also note that there appear to have been no significant disruptions to other countries' traffic passing through Egypt on fiberoptic cables such as SMW-4 and FLAG FEA.

http://renesys.com/blog/2011/01/egypt-l ... rnet.shtml

This from SANS:

So how is access denied to a whole country? BGPMON (http://bgpmon.net/blog/?p=450) reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet. Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government.