It was on Christmas Day that Facebook’s Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia. Reports started to trickle in that political-protest pages were being hacked. “We were getting anecdotal reports saying, ‘It looks like someone logged into my account and deleted it,'” Sullivan said.
For Tunisians, it was another run-in with Ammar, the nickname they’ve given to the authorities that censor the country’s Internet. They’d come to expect it.
In the days after the holiday, Sullivan’s security team started to take a closer look at the data, but it wasn’t entirely clear what was happening. In the US, they could look to see if different IP addresses, which identify particular nodes on the network, were accessing the same account. But in Tunisia, the addresses are commonly reassigned. The evidence that accounts were being hacked remained anecdotal. Facebook’s security team couldn’t prove something was wrong in the data. It wasn’t until after the new year that the shocking truth emerged:
Ammar was in the process of stealing an entire country’s worth of passwords.
Read more in The Atlantic.
Facebook did an important – and terrific – thing here and they deserve tremendous credit for this.
The high praise they’ve been earning is not totally uncritical, however. Security researcher Chris Soghoian, noted:
Facebook deployed https by default for users in tunisia. Waiting for US users to get similar security protection.