Facebook users in Syria are being targeted by online attacks, presumably launched by the Syrian government, aimed at monitoring and intercepting their social networking communications.
The Electronic Frontier Foundation (EFF) warned Syrian Facebook users yesterday (May 5) that the attacks are using forged, invalid security certificates and occurring on the secure, HTTPS-encrypted Facebook site.
Although the perpetrators could not be identified, The Register reported that recent reports from Syrian users indicate that the Syrian Telecom Ministry, currently "cracking down on a popular uprising against the autocratic rule of the al-Assad dynasty," is behind the attacks.
In these "man-in-the-middle" attacks, the perpetrators use a fake security certificate to trick users into logging on to what they believe to be a securely encrypted Facebook page. Once the users access the site, their communications can be monitored and censored.
In these particular instances in Syria, the invalid security certificate used by the attackers causes a warning to pop up on users' Web browsers, but "because users see these warnings for many operational reasons that are not man-in-the-middle attacks, they have often learned to click through them reflexively."
The EFF is urging Syrian Facebook users to use proxy connections to access Facebook, or to login via Tor, software that allows for anonymous Internet connections and freedom from surveillance.
Unfortunately, this is by no means the first time an oppressive government – Egypt, Libya, Bahrain – has attempted to keep a citizen rebellion at bay by targeting the people's social networking freedoms.
And in criminal online circles, phony security certificates are prized weapons; they allow hackers to carry out attacks under a cloak of legitimacy while raising no red flags.
In late March, the IT firm Comodo suffered a breach that resulted in the theft of nine such certificates, sparking several companies, including Microsoft, Mozilla and Google, to quickly issue security updates to fend off the fraudulent certificates.
What's particularly frightening is that many countries have control over the companies that authenticate security certificates, the EFF said, meaning that some governments have the power to launch attacks that don't "raise any errors or warnings."