Hacking opposition accounts on Facebook, Gmail and Yahoo
Tunisian authorities set an example of how to effectively deal with the opposition on the Internet. Instead of filtering traffic, they simply delete hostile accounts .
The local edition of The Tech Herald reveals hacking technique . For users in Tunisia, Facebook, Gmail and Yahoo pages, when connected via HTTP instead of HTTPS, come with an “addition” of 10 lines of code. This javascript serves to collect logins and passwords. Here are samples of modified Gmail , Yahoo and Facebook pages . Obviously, the script is implemented at the ISP level.
It is possible that the collection of passwords from the opposition began in July 2010, when a local monopolist provider for the first time blocked the HTTPS protocol for users inside the country.
Security experts from independent companies confirmed the harmfulness of the script and tried to explain the mechanism of its work. After receiving the data for authorization, he encrypts it with a weak cryptoalgorithm and places it in the URL by adding five random characters, so that an address like www.google.com/wo0dh3ad is obtained. A GET request is sent to it from the browser, which is intercepted at the national ISP level.
')
Then you only need to decrypt the data and use them at the right time to enter other people's accounts.
Actually, the involvement of the Tunisian government in this hacker attack has not been proven, but experts believe that it is unlikely that any outside attackers could compromise the entire Internet network infrastructure of the country. Moreover, the state-owned monopoly provider Tunisian Internet Agency (owned by the Ministry of Communications) had previously been caught filtering traffic: in April 2010, they blocked access from Tunisia to the Flickr, YouTube and Vimeo sites.
The riots in Tunisia began on December 17 in protest against unemployment and poor social conditions. A month from clashes with the police died, according to various estimates, from 23 to 100 people, several hundred were injured. Last weekend, the situation worsened considerably and the authorities were forced to send troops into the capital.
The Anonymous grouping has already launched Operation Tunisia , collapsed the Tunisian Internet Agency website for more than a day and recommends that local users install an extension to the browser that cuts out a malicious script from the pages.
On this topic:
On December 19, 2010, the Belarusian provider-monopolist Beltelecom also blocked HTTPS (more precisely, port 443) for users inside the country.
The local edition of The Tech Herald reveals hacking technique . For users in Tunisia, Facebook, Gmail and Yahoo pages, when connected via HTTP instead of HTTPS, come with an “addition” of 10 lines of code. This javascript serves to collect logins and passwords. Here are samples of modified Gmail , Yahoo and Facebook pages . Obviously, the script is implemented at the ISP level.
It is possible that the collection of passwords from the opposition began in July 2010, when a local monopolist provider for the first time blocked the HTTPS protocol for users inside the country.
Security experts from independent companies confirmed the harmfulness of the script and tried to explain the mechanism of its work. After receiving the data for authorization, he encrypts it with a weak cryptoalgorithm and places it in the URL by adding five random characters, so that an address like www.google.com/wo0dh3ad is obtained. A GET request is sent to it from the browser, which is intercepted at the national ISP level.
')
Then you only need to decrypt the data and use them at the right time to enter other people's accounts.
Actually, the involvement of the Tunisian government in this hacker attack has not been proven, but experts believe that it is unlikely that any outside attackers could compromise the entire Internet network infrastructure of the country. Moreover, the state-owned monopoly provider Tunisian Internet Agency (owned by the Ministry of Communications) had previously been caught filtering traffic: in April 2010, they blocked access from Tunisia to the Flickr, YouTube and Vimeo sites.
The riots in Tunisia began on December 17 in protest against unemployment and poor social conditions. A month from clashes with the police died, according to various estimates, from 23 to 100 people, several hundred were injured. Last weekend, the situation worsened considerably and the authorities were forced to send troops into the capital.
The Anonymous grouping has already launched Operation Tunisia , collapsed the Tunisian Internet Agency website for more than a day and recommends that local users install an extension to the browser that cuts out a malicious script from the pages.
On this topic:
On December 19, 2010, the Belarusian provider-monopolist Beltelecom also blocked HTTPS (more precisely, port 443) for users inside the country.
Source: https://habr.com/ru/post/111759/
All Articles