Facebook's login system is being hijacked by China's Great Firewall - technology blog

Breaking

Wednesday 29 April 2015

Facebook's login system is being hijacked by China's Great Firewall

For the last three days, China's Great Firewall has been intercepting the Javascript module from Facebook's login feature, Facebook Connect, which allows third-party sites to authorize users through their Facebook login. First reported on Sunday, the attack causes sites using Facebook Connect to redirect to a third-party page. Readers have confirmed to The Verge that the redirection attack is still under way, and sites using Facebook Connect are automatically redirecting when accessed without a VPN or a Javascript blocker. Local media in Beijing has also reported on the problem. Facebook did not immediately respond to a request for comment.
Facebook Connect communicates login information from Facebook, allowing a Facebook login to extend to third party sites through a Javascript applet. The applet is enabled on thousands of sites across the web, including The Verge. On Sunday, the Great Firewall started intercepting that applet in transit and replacing it with a new single-line redirection code from two third-party sites. The result is that, for non-VPN users in China, any page with a Facebook Connect button has been redirecting to two sites: wpkg.org orptraveler.com, an open-source software project and a personal travel blog respectively. It's unclear why the Chinese government would want to send users to these sites, although ptraveler.com seems to have been brought down by the flood of traffic.
RESEARCHERS HAVE NAMED THE CAPABILITY "THE GREAT CANNON"
It's not the first time China has performed this kind of traffic interception. In March, a similar redirection was used to perform a denial-of-service attack on GitHub, apparently in retaliation for dissident content posted through the service. Since the new code is injected as content passes through China's national web filters, there's little doubt that the Chinese government is responsible for the attacks. The research group Citizen Lab has named the capability "The Great Cannon," a play on the Great Firewall censorship filter.
It's difficult to say why Facebook Connect is being targeted, since the net effect for most users is simply to redirect the browser to an unrelated homepage. Facebook itself is officially blocked in China, although the block has been relaxed in recent years. Some have speculated that an injection attack like this could be used to spoof a Facebook login, but if such an attack is being carried out, it's likely targeted to only a handful of users and effectively invisible on the network scale. It's likely both sites have seen a huge uptick in traffic, but there's no clear reason why these sites would be targets for the Great Cannon, or why Facebook would be the conduit for that attack.

No comments:

Post a Comment