An Entire Country’s Worth of Facebook Passwords Stolen During Tunisia’s Political Upheaval

Posted on Jan 24, 2011 in Global & National News, Social Networking

Source: The Atlantic


Facebook’s security team opens up, shedding light on a revolution that could become a parable for Internet activism. Quoting: ‘After more than ten days of intensive investigation and study, Facebook’s security team realized something very, very bad was going on. The country’s Internet service providers were running a malicious piece of code that was recording users’ login information when they went to sites like Facebook. By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades. Sullivan and his team decided they needed a country-level solution — and fast. Though Sullivan said Facebook has encountered a wide variety of security problems and been involved in various political situations, they’d never seen anything like what was happening in Tunisia.’


More of the story:

It was on Christmas Day that Facebook’s Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia. Reports started to trickle in that political-protest pages were being hacked. “We were getting anecdotal reports saying, ‘It looks like someone logged into my account and deleted it,’” Sullivan said.

For Tunisians, it was another run-in with Ammar, the nickname they’ve given to the authorities that censor the country’s Internet. They’d come to expect it.

In the days after the holiday, Sullivan’s security team started to take a closer look at the data, but it wasn’t entirely clear what was happening. In the US, they could look to see if different IP addresses, which identify particular nodes on the network, were accessing the same account. But in Tunisia, the addresses are commonly reassigned. The evidence that accounts were being hacked remained anecdotal. Facebook’s security team couldn’t prove something was wrong in the data.  It wasn’t until after the new year that the shocking truth emerged:

Ammar was in the process of stealing an entire country’s worth of passwords.

Here’s what’s at stake. December of 2010 saw the most substantial civil unrest in Tunisia in the reign of Zine El Abidine Ben Ali, which began with a bloodless coup in November 1987. Beginning with street protests in the country’s poor interior region of Sidi Bouzid, the calls for change were soon echoed by more powerful civil society organizations, notably the country’s only labor union, the UGTT. But despite the turmoil, it wasn’t clear what exactly might happen.

“It is too early to know if these protests signal the beginning of the end for Ben Ali,” wrote Christopher Alexander in Foreign Policy on January 3. “However, Tunisia’s current political scene looks a bit like it did in 1975 and 1976, the beginning of the long slide for Ben Ali’s predecessor, Habib Bourguiba.”

That is to say, even expert analysts of the country couldn’t tell if Ben Ali would remain in power for a few more weeks or a decade. It did not feel inevitable that Ben Ali would be deposed. People had protested in the streets before. Revolution had been in the air. It wasn’t clear that this time would be different.

There has been a lot of debate about whether Twitter helped unleash the massive changes that led Ben Ali to leave office on January 14, but Facebook appears to have played a more important role in spreading dissent. 

“I think Facebook played a bigger role in this case,” said Jillian York of the Berkman Center for the Internet and Society, who has been tracking the Tunisian situation closely. “There are a lot more Facebook users than Twitter users. Facebook allows for strong ties in a way that Twitter doesn’t. You’re not just conversing.”

One early sign that Tunisians felt Facebook could be useful: Back in July, bloggers Photoshopped a picture of Mark Zuckerberg to show him holding up a sign that read, “Sayeb Sala7, ya 3ammar,” the slogan for a freedom of expression campaign late in 2010. Later, Zuckerberg popped up on a sign outside the Saudi Arabian embassy carried by Tunisian protesters demanding the arrest of Ben Ali.

See also: Tunisia Central Bank Admits it is Missing 1.5 Tons of Gold, Taken by Former Leader Ben Ali and his Wife

Tiny URL for this post: