EFF Calls for Immediate Action to Defend Tunisian Activists Against Government Cyberattacks
Under that title, the Electronic Frontier Foundation writes this week:
Demonstrations and protests over unemployment and poor living conditions have been ongoing in Tunisia since the beginning of December, but last week the Tunisian government turned up the heat on bloggers, activists, and dissidents by launching a JavaScript injection attack that siphoned off the usernames and passwords of Tunisians logging in to Google, Yahoo, and Facebook. The Tunisian government has used these stolen credentials to log in to Tunisians email and Facebook accounts, presumably downloading their messages, emails, and social graphs for further analysis, and then deleting the accounts entirely.It is very likely that the WikiLeaks revelations helped to spark this uprising, and now that the Tunisians are using the Internet to organized, communicate, and get news out, the government is not only attempting to block Internet access to many sites from within Tunisia, but also using illegal methods to gather information on activists who use the Internet and then arresting them. unspeakable first blogged about this in his diary last week, now that campaign has been stepped up. This episode stands as one more example of why we must demand that all governments, including our own, should keep their dirty hands off the Internet.
In a letter I received from EFF this morning, they say:
By late last week, the Tunisian government had started arresting and detaining bloggers. Websites should take concrete steps as quickly as possible to protect their Tunisian users.Which prompts this EMERGENCY BLOG. As the EFF article points out, the most basic measure Tunisians can use to protect their online privacy from the Tunisian government snoops is to use HTTPS to login to sites securely because it will encrypt their login name and password. BTW this is why the Obama Admin will soon introduce legislation to prevent anyone from logging into a site in such a way that our government can't read their login info. Right now DailyKos doesn't appear to allow secure login. When I attempt to go to https://www.dailykos.com/login I get "Unable to connect." Google and Yahoo logins already default to HTTPS, DKos should follow suit.
This needs to change ASAP. As a matter generally of protecting people's on line privacy, DailyKos and all social/political websites should implement secure login. I don't know if any of the posts the DailyKos has received about Tunisia are from Tunisia but the DKos must act now to protect their identities from government snooping. I don't think it an exaggeration to say it is a question of life and death for these activists.
The EFF article goes on to say:
Among the compromised accounts are Facebook pages administered by a reporter with Al-Tariq ad-Jadid, Sofiene Chourabi, video journalist Haythem El Mekki, and activist Lina Ben Khenni. Unsatisfied with merely quelling online freedom of expression, the Tunisian government has used the information it obtained to locate bloggers and their networks of contacts. By late last week, the Tunisian government had started arresting and detaining bloggers, including blogger Hamadi Kaloutcha, and cyberactivist Slim Ammamou, who alerted the world to his whereabouts at the Tunisian Ministry of the Interior using Google Latitude. This weekend, Tunisian citizens began to report on Twitter and in blogs that troops were using live ammunition on unarmed citizens and started communicating with one another to establish the numbers of dead and injured.This also means the DailyKos. My expertise is available if the DailyKos website administrators need assistance in doing this.
Most notably, Tunisians have been posting videos of the protests, including the dead and wounded on Facebook, the only video-sharing site which is not currently being blocked by the Tunisian government, which makes access to Facebook especially important for the protest movement.
Because of the Tunisian governments attacks on citizens login credentials, Tunisians should take the following steps to protect themselves:
* If HTTPS is available, use HTTPS to login to Facebook, Google, and Yahoo. If you are using Firefox, EFFs HTTPS Everywhere plug-in will do this for you automatically.
* EFF has received reports that the Tunisian government is periodically blocking HTTPS access to Facebook, Google, and Yahoo. If that is the case and you must login over HTTP, install the following Greasemonkey script to strip out the JavaScript which the Tunisian government has inserted to steal your login credentials.
* If you have logged in to Facebook, Google, or Yahoo recently over HTTP, login using HTTPS and change your password.
Additionally, EFF calls on Google, Yahoo, and Facebook to take action to protect the privacy of its users by alerting them of the potential compromise of their accounts and encouraging them to take the above steps.
Finally, Facebook has reported that is in the process of taking technical steps to protect the privacy of their users. We hope that they include the following:
* Make Facebook logins default to HTTPS, if only in Tunisia, where accounts are especially vulnerable at this time. Google and Yahoo logins already default to HTTPS.
* Consider allowing pseudonymous accounts for users in authoritarian regimes, where political speech under your real name is dangerous and potentially deadly. Many Tunisian activists are unable to reinstate Facebook accounts that have been erased by the Tunisian government because they were not using their real names.
Websites providing services to Tunisian citizens cannot afford to sit on the sidelines while the Tunisian government launches malicious attacks on the privacy of users and censors free expression. Facebook, Google, and Yahoo should take these concrete steps as quickly as possible to inform and better protect their users.
More on the WikiLeaks connection and the Hacker communities response to the Tunisia situation:
Allegations of the corruption, long suspected by the populace, were enhanced by the recent cable releases by Wikileaks. The cables are critical of Ben Alis executive policy decisions, cover the First Ladys actions, and discuss the non-governmental control that Ben Alis family exerts over the country.Way ta go Anonymous. You make me proud to call myself a hacker. They brought down the official Tunisian government website. Now the website is back up but the president has been taken down.
Compounding the situation was the Tunisian Governments decision to block its citizens access to Wikileaks. Members of Anonymous, the loosely organized network of hackers, have launched attacks at Tunisian Government web sites in retaliation.
While Anonymous limited itself to DDOS attacks against Visa, MC and PayPal, they have been more aggressive in the case of Tunisia. For example, they cracked and then posted this to the Tunisian Prime Minister's website (courtesy WL Central) [click to enlarge]:
On a related story. The FBI has begun a probe into the Anonymous attacks on PayPal because of their censorship of Wikileaks. You can read the FBI affidavit here.
Update: ANONYMOUS - OPERATION TUNISIA - A Press Release
There is a list of Tunisia proxies:
Proxy List Free: Proxies in country Tunisia - domain .TN. AliveProxy WEB SSL VPN Anonymous Secured.
Would the U.S. government use it's Internet spying to inform other government's? Just a thought.
Here is a recap of my other DKos diaries on this subject:
Free Software & Internet Show Communism is Possible
BREAKING - Digital Sit-Ins: The Internet Strikes Back!
Cyber War Report: New Front Opens Against Internet Coup d'état
Operation PayBack: 1st Cyber War Begins over WikiLeaks
The Internet Takeover: Why Google is Next
BREAKING: Goodbye Internet Freedom as Wikileaks is Taken Down
BREAKING NEWS: Obama Admin Takes Control of Internet Domains!
Things Even Keith Olbermann Won't Cover - UPDATE: VICTORY!!!
Stop Internet Blacklist Bill Now!
Sweet Victory on Internet Censorship: Senate Backs Off!
Internet Engineers tell the Senate to Back Off!
Why is Net Neutrality advocate Free Press MIA?
Obama's Internet Coup d'état
Julian Assange on Threat to Internet Freedom
FCC Net Neutrality's Trojan Horse
Free Press: Country Codes for the Internet?
The Mountain comes to Mohammad
Keith Olbermann's Deception
Court rules -> Google Must Be Evil & Maximize Profits
EFF on the Google\Verizon Net Neutrality Proposal
Google-Verizon: What is the Free Press Agenda?
End of the Internet As We Know It!
Free Press would make this Illegal!
Google Verizon Announce Terms of Deal
No comments:
Post a Comment