Related Links

  • Facebook
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


Facebook ramps up security to beat Tunisian government hacking

26 January 2011

Facebook has quietly ramped up security on Tunisian-based accounts on its social networking sites, forcing users, whether verified or not, to use its CAPTCHA security interface.

Although most Facebook users rarely get to see a CAPTCHA security screen once their account details have been verified, usually by adding a mobile phone number to their account, Infosecurity notes that casual users of the service can often see a CAPTCHA challenge screen if the system detects users carrying out unusual or repetitive actions.

According to security forum reports, it seems that Facebook has triggered CAPTCHA screens for all actions on Tunisian accounts, in order to help prevent the government there from annexing accounts it has reportedly hijacked.

Reporting on this interesting turn of events, Softpedia says that, after YouTube and other video-sharing sites were blocked by the Tunisian internet agency – which controls the country's externally facing connections – activists moved to Facebook.

The social networking site, says Lucian Constantine of the IT security wire, "quickly became the primary place for sharing videos of the protests, posting calls to action and relaying the latest news from the streets."

But the Tunisian government, he says, launched a massive Facebook hijacking exercise.

"People were systematically redirected to phishing sites, HTTPS connections were blocked, and password stealing code was injected into the login pages of major websites", he said.

Then, he added, after Tunisian bloggers began being arrested, the Electronic Frontier Foundation requested that Facebook, Google and Yahoo should help to keep Tunisian accounts secure.

Softpedia quotes Joe Sullivan, Facebook's CSO, as saying: "In this case, we were confronted by ISPs that were doing something unprecedented in that they were being very active in their attempts to intercept user information."

To counter the problem, Facebook's security team then started rerouting all requests from Tunisian IP addresses to the HTTPS version of the site, forcing users to use encrypted connections.

"In addition, all Tunisian users were asked to verify their account when logging back in after a known attack. The process involved solving so-called social CAPTCHAs, where people have to identify their friends in photographs," noted Constantin.

This article is featured in:
Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×