Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

May 6th, 2011, 11:01 GMT · By

Syrian Government Launches Facebook Man-in-the-Middle Attacks

SHARE:

Adjust text size:


Syrian activists targeted in nation-wide man-in-the-middle attacks
Enlarge picture
The Syrian government is trying to identify activists who use social media to coordinate protests by orchestrating nation-wide man-in-the-middle attacks.

The Electronic Frontier Foundation (EFF) has received several reports from Syrian users who spotted SSL  errors when trying to access Facebook over HTTPS.

The errors were caused by a fake digital certificate served to users, which the EFF has managed to obtain.

All this is indicative of a so-called man-in-the-middle attack, where the attacker is positioned between the victim and the Internet and can alter their traffic.

Man-in-the-middle attacks can occur at local network level, at Internet service provider level or at national level, in countries where the government controls perimeter gateways.

An example of such nation-wide abuse was observed in Tunisia during the pro-democracy protests earlier this year, when the country's telecommunications authority used its power to launch mass phishing attacks against Gmail, Facebook, Yahoo! and Hotmail users.

There is a strong indication that the same is happening now Syria, because the SSL errors were seen by people using different Internet service providers.

"This is very much an amateur attempt at attacking Facebook's HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users' web browsers," notes Peter Eckersley, a senior staff technologist for the EFF.

Unfortunately, because some websites regularly use self-signed certificates, users might be familiar with such errors and might be tempted to click through them.

Since the Syrian Telecom Ministry is attacking the HTTPS version of Facebook, it is sensible to assume that the plain-HTTP version is also targeted and so are probably other social media websites like Twitter, YouTube or even webmail services.

Syria is trying to enforce a media blackout by banning journalists from covering the unrest in the country. Under these circumstances, news outlets rely on amateur footage and images uploaded online by activists, something which the government likely wants to prevent.

TELL US WHAT YOU THINK:

1,381 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Microsoft Disables Always-On HTTPS Option in Hotmail for Many Countries
EFF Asks US Internet Giants to Help Tunisian Activists
Government-Run Countrywide Phishing Attacks Reported in Tunisia

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use