nationwide interception of Facebook & webmail login credentials in Tunisia

Tony Naggs tony.naggs at
Tue Jan 25 10:04:03 GMT 2011

It appears that since June 2010 in Tunisia the government authorities
systematically intercepted access to at least Facebook, Gmail, Yahoo
mail and stole usernames & passwords. Then during the recent protests
these stolen credentials were then used to disable or discredit
accounts or groups of protestors using online services to organise

Report at The Register -
Excerpt below:

Tunisia plants country-wide keystroke logger on Facebook
Gmail and Yahoo! too
By Dan Goodin in San Francisco

Malicious code injected into Tunisian versions of Facebook, Gmail, and
Yahoo! stole login credentials of users critical of the North African
nation's authoritarian government, according to security experts and
news reports.

The rogue JavaScript, which was individually customized to steal
passwords for each site, worked when users tried to login without
availing themselves of the secure sockets layer protection designed to
prevent man-in-the-middle attacks. It was found injected into Tunisian
versions of Facebook, Gmail, and Yahoo! in late December, around the
same time that protestors began demanding the ouster of Zine
el-Abidine Ben Ali, the president who ruled the country from 1987
until his ouster 10 days ago.

Danny O'Brien, internet advocacy coordinator for the Committee to
Protect Journalists, told The Register that the script was most likely
planted using an internet censorship system that's long been in place
to control which pages Tunisian citizens can view. Under this theory,
people inside Tunisian borders were led to pages that were perfect
facsimiles of the targeted sites except that they included about 40
extra lines that siphoned users' login credentials.


More information about the ukcrypto mailing list