The “Facebook revolution” line has been used endlessly in the Middle East. However, things in Syria are taking a more sinister turn–think Facebook cyberwarfare. Within a 24-hour period, Facebook shut down the Syrian military’s official page, and Syrian Facebook users began encountering a primitive certificate-forging scam seemingly carried out by the government. Syria’s now encountering a novel variant on cyberwar–the battle for information supremacy, Facebook style.
On May 10, Facebook removed an official government fan page called the Syrian Electronic Army from the site. According to the highly influential “We Are Khaled Said” Facebook group of Egyptian revolutionary fame, the page contained a mix of pro-government propaganda and calls for Syrians to spam opposition Facebook pages. The Syrian Electronic Army had more than 60,000 “likes” on Facebook.
Syrian authorities promised retribution against Facebook almost immediately. The country’s state-run Al-Thawra newspaper ran a piece in which unnamed figures threatened to attack Facebook. While little noticed outside of Syria, the news eventually made it into the pan-Arab daily Asharq Al-Aswaq (Arabic-language article). According to Egyptian paper Al-Masry Al-Youm:
Al-Thawra, one of Syria’s three main state-run papers, accused Facebook of having “double-standards” and of “collusion with the alleged Syrian revolution.” It denounced the closure of the military’s page, which had more than 60,000 members, without prior notification. […] Al-Thawra quoted the administrator of the Syrian military Facebook page as saying that a surprise is being prepared for Facebook in coordination with a number of programmers and engineering students. Further details were not given.
All this talk of a “surprise” occurred at exactly the same time as a primitive new cyberattack was launched against Syrian Facebook users. A pseudonymous Syrian Tumblr user named Ana Souri (“I Am Syrian”) claimed that the Syrian Telecom Ministry was faking Facebook security certificates for Facebook’s HTTPS site. The certificate weirdness appears to be a classic man-in-the-middle attack.
The forged security certificate, if accepted, allows outsiders access to passwords and otherwise-secure personal information. However, the scam is primitively executed. Most browsers generate warning messages almost immediately; man-in-the-middle attacks generally draw in only the most inexperienced Internet users. The Electronic Frontier Foundation notes:
The attack is not extremely sophisticated: the certificate is invalid in user’s browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users’ only line of defense.
It is important to note that despite the Tumblr page’s allegations that the Syrian Telecom Ministry is behind the man-in-the-middle attacks, no conclusive evidence can be found connecting the two. However, Arabic-language Twitter messages report hundreds of similar Facebook certificate fraud scams emanating from Syria within the past week, indicating that whoever was behind the attack was perpetrating it on a nationwide scale. Credible reports that Syrian secret police have been torturing pro-democracy activists to find out their Facebook passwords have also surfaced.