Faced with the Tunisian government’s efforts to hack the Facebook accounts of protesters, Facebook’s security team stepped up its use of social authentication to help secure protester’s accounts. 

A new account of the role of the Facebook in aiding widespread protests against the regime in Tunisia reports that the social network’s security team took steps to secure the accounts of its Tunisian users against government efforts to compromise and disable the accounts of protesters. 

The story, by Atlantic reporter Alexis Madrigal, paints a picture of a grass roots political uprising against a the regime of Tunisian dictator Zine El Abidine Ben Ali that was fueled, in part, by Facebook. The uprising, which began in December, 2010, succeeded in toppling one of the Arab world’s most repressive regimes within weeks, as thousands of protesters took to the streets of Tunis to confront government security forces. 

According to Madrigal, Facebook played a key role in spreading word of the protests despite heavy government censorship of traditional media outlets. Facebook users shared videos of protests and violent retaliation against protesters, and helped organize rallies online. At the same time, Tunisia’s government waged an all out campaign to cut off access to the social network, including what Madrigal claims was a large scale effort to capture the e-mail and Facebook credentials of users and to shut down the accounts of protestors. 

Academics regularly debate the question of whether social networks like Facebook and Twitter will become tools of social and political dissent, or facilitate the efforts of oppressive regimes to better keep tabs on the thoughts and speech of citizens. Madrigal’s account in The Atlantic suggests that they may do both, making it difficult for the private firms behind the networks to stay neutral. 

In the case of the Tunisia revolts, it was Facebook’s security team that found itself suddenly caught up in a popular revolution happening thousands of miles away. The story describes the company’s first inkling that the government in Tunisia was targeting its users – anecdotal reports of account hijacking and political protest pages being removed from the network. That was soon followed by evidence of a large scale campaign that the Tunisian security services were “in the process of stealing an entire country’s worth of passwords.” 

According to the story, ISPs within the country were carrying out what appear to be wide scale man in the middle attacks against Facebook and e-mail users. According to Joe Sullivan, Facebook’s security chief, the company looked at the activity as akin to any other account takeover attempt and took steps to secure the accounts of its Tunisian users from the government. That inlcuded routing all requests out of Tunisia to an HTTPS server that would encrypt the session and prevent snooping. Users who had logged out of an existing session were also prompted to use Facebook’s social authentication feature: identifying the faces of friends in their network as an additional “factor” needed to gain access to an account.

Social authentication was just one of the improved security features that Facebook has said it would employ to help secure users accounts from compromise. 

 Read the full account here

Categories: Government, Malware, Social Engineering, Web Security