Massive riots and protests have rocked Tunisia this past month. After a 26-year-old street vendor named Mohammed Bouazizi attempted to kill himself by self-immolation (he survived and later died of his burns), hundreds of thousands took to the North African nation’s streets. The protesters complain of unemployment, economic woes, and an omnipresent dictatorship. Tunisia’s government has stumbled upon a new method of combating the protesters: hacking into their social media accounts.

According to a report by the Committee

to Protect Journalists, the Tunisian government appears to be

breaking

into the Facebook, Google, and Yahoo accounts of dissidents and

journalists. Hackers with unusual levels of access to Tunisia’s state-control network infrastructure have managed to gain access to Facebook accounts

belonging to individuals such as journalists Sofiene Chourabi of al-Tariq

al-Jadid (New

Path; a newspaper affiliated

with the opposition Movement

Ettajdid party) and independent video journalist Haythem

El Mekki, while gaining the passwords of others. Hack targets found that Facebook groups they founded

were deleted, as were pictures of protests. In CPJ’s words, “Their

accounts and pictures of recent protests have been deleted or

otherwise compromised.” Blogs hosted on Blogspot and elsewhere are

also being targeted. Here is an excerpt

from a post by Lina Ben Mhenni of the A Tunisian Girl

blog:

Well, I can understand … No I can’t understand that some stupid person

has hacked my e-mail then, my Facebook account. This stupid person

has also deleted some pages in which I am an administrator. Pages

like that of 7ellblog (launch a blog) which has been largely

promoted even by official media , the page of the Tunisian singer

Amel Mathlouthi , Reading Books is Better than Staring at others (yes they hate reading and culture uin my country), the Tunisian

blogosphere, and may be a page against censorship ‘ la censure nuit

à l ‘image de mon pays’ (I don’t have the confirmation yet) and

many other pages were deleted. What happened is so shameful because

the internet police is again confirming its stupidity and useless

stubbornness. Sofiene Chourabi and Azyz Amami are experiencing the

same problem now. They have been hacked.

Already,

in-depth information is surfacing on how

the hacks were committed. It appears that the Agence tunisienne

d’Internet, a government agency which supervises all of Tunisia’s

ISPs, or someone with access to the agency committed them. Tunisian

ISPs are running a Java script that siphons off login credentials

from users of Facebook, Yahoo and Gmail. According to the Tech

Herald’s Steve Ragan:

Daniel

Crowley, Technical Specialist for Core Security, and Rapid7’s Josh

Abraham, broke the code down further. Crowley explained that the

JavaScript is customized for each site’s login form. It will pull

the username and password, and encode it with a weak crypto

algorithm. The newly encrypted data is placed into the URL, and a

randomly generated five character key is added. The randomly

generated key is meaningless, but it is assumed that it’s there to

add a false sense of legitimacy to the URL. The random characters and

encrypted user information are delivered in the form of a GET request

to a non working URL.

The

code only targeted users accessing HTTP sites instead of HTTPS, which

appears to be why Facebook was so heavily ravaged by the hack plan.

Facebook users default to using HTTP to access the site.

Much of this

information has been released to the public by the quasi-4Chan allied

Anonymous group, which has launched an anti-Tunisian government

hacker campaign called Operation:

Tunisia.