Tunisian cyberspace as a terrain of struggle

Excerpted from a detailed report by Nate Anderson in Wired:

“Here’s a guide to the part of this battle fought in cyberspace over the last month.

* Web blocking: Soon after the protests began, Tunisia ramped up its attempts at controlling the internet. These started simply enough, with straight-up site blocking. In an open letter to the Tunisian government, the Committee to Protect Journalists outlined the online repression:

We are troubled to learn that your government’s practice of blocking websites — including CPJ Web pages on Tunisia — has recently intensified. Local journalists told CPJ that additional news websites, as well as numerous Facebook pages carrying critical content, blogs, and journalists’ e-mail accounts have been blocked by the state-run Tunisian Internet Agency since protests erupted on December 17. Regional and international media have reported that numerous local and international news websites covering the street protests were blocked in Tunisia. One report placed your country, along with Saudi Arabia, as the worst in the region regarding Internet censorship. A 2009 CPJ study found Tunisia to be one of the 10 worst countries worldwide to be a blogger, in part for the same reasons.

* We’ll take that Facebook password, please: It soon got much worse. The Committee to Protect Journalists said its own research found that “the [state-run] Tunisian Internet Agency is harvesting passwords and usernames of bloggers, reporters, political activists and protesters by injecting hidden JavaScript” into many popular site login pages.

This extended to sites like Facebook, where the main login page mysteriously had 10 additional lines of code inserted when it arrived at Tunisian computers. (Such code injection is technically simple using various pieces of deep-packet inspection gear, and it was made easier by the fact that the Tunisian government would periodically block secure HTTPS connections.)

That code grabbed the username and password, embedded them into a bogus Facebook URL, and then attempted to load the nonexistent page. It’s unclear why this was done, though speculation is that the hack was a simple way to grab passwords. The Tunisian Internet Agency could simply log all attempts to hit the bogus Facebook link without the liability of listing one of its servers in the code itself.

CPJ noted in a separate report that “unknown parties have subsequently logged onto these sites using these stolen credentials, and used them to delete Facebook groups, pages and accounts, including Facebook pages administrated by Sofiene Chourabi, a reporter with Al-Tariq al-Jadid, and the account of local online video journalist Haythem El Mekki. Local bloggers have told CPJ that their accounts and pictures of recent protests have been deleted or otherwise compromised.”

Al-Jazeera interviewed an anonymous source who had crafted a Greasemonkey script that could strip this additional code from login pages. On January 6, it had already been installed over 1,500 times.

On January 11, the Electronic Frontier Foundation publicized the Greasemonkey script but also asked Facebook in particular to consider a few technical changes:

Make Facebook logins default to HTTPS, if only in Tunisia, where accounts are especially vulnerable at this time. Google and Yahoo logins already default to HTTPS.

Consider allowing pseudonymous accounts for users in authoritarian regimes, where political speech under your real name is dangerous and potentially deadly. Many Tunisian activists are unable to reinstate Facebook accounts that have been erased by the Tunisian government because they were not using their real names.

* Finding bloggers, pirates: The Tunisian government, not content to simply grab account information and delete the offending material, also began hauling bloggers into police custody.

On January 7, Reporters Without Borders had at least five confirmed cases of bloggers and online activists being arrested. Here’s one:

Four or five police plainclothes officers arrested the blogger and activist Hamadi Kaloutcha at his home at around 6 am, seizing a computer and a central processing unit. They told his wife they were taking him to the nearest police station and “just have a few questions for him,” and “that will only take a few hours.” There has been no news of him since.

Several of those arrested, including Kaloutcha, were members of the Pirate Party of Tunisia; the Pirate Party U.K. later issued several statements deploring the disappearances.

“Pirate Parties around the world condemn these acts against freedom of expression, human rights and democracy, and call upon governments take firm action against Tunisia for these recent events,” one said. A later note said that one detainee had been beaten, and it said that several of the bloggers were accused of “degradation of state property on account of anonymous DDoS attacks.”

And who specializes in anonymous distributed denial of service (DDoS) attacks against unfriendly websites? That’s right, it’s …

* Anonymous: The internet’s many-headed hydra, Anonymous, launched “Operation Tunisia,” trying to attack the Tunisian government instead of the copyright holders which have been its targets for the last few months.

Al-Jazeera checked in with some of the activists, one of whom explained that Anonymous first got involved when the Tunisian government tried to block access to Wikileaks.

“We did initially take an interest in Tunisia because of WikiLeaks, but as more Tunisians have joined they care more about the general internet censorship there, so that’s what it has become,” another Anon said.

It is hard to generalize the Anons’ diverse range of motivations and ever-changing targets, but most appear to share an outrage over the Tunisian government’s censorship and phishing activities, and a sense of solidarity with Tunisian web users.

Attacking government-linked websites is much more dangerous for those living within Tunisia, they noted, who risk arrest if they are identified by the authorities.

“Although many Tunisians understandably do not feel comfortable participating in this operation out of precaution, I estimate there [were] about 50 Tunisians participating, to whom we provide the means and knowledge to properly secure their online behavior from exposure to their government,” one Anon activist wrote via email.

* Wikileaks and pet tigers: Why would the Wikileaks revelations of recent months matter to a country like Tunisia? Because of some exceptionally frank dispatches from Robert Godec, the U.S. Ambassador to Tunisia.

In one of the cables, Godec reports on a private dinner he had with Mohammad Sakher El-Materi, the president’s son-in-law and a very wealthy man. Given the public dissatisfaction with a regime built on cronyism and suffused with corruption, Godec’s report fueled public anger at the regime when it appeared late in 2010.”

5 Comments Tunisian cyberspace as a terrain of struggle

  1. AvatarStefanMz

    Yeh, but he said, that he feels the duty to help reconstructing the country (»Parce que c’est mon devoir, parce que je veux être en contact avec le gouvernement, participer à la reconstruction du pays. C’est une excellente opportunité. Je crois au dialogue.«).

    It’s always a difficult balance, isn’t it? 😉

  2. AvatarStefanMz

    [Off topic: You really could let comments directly to be published once a commenter has been moderated for the first time. This is an option on the comments option page in WordPress]

Leave A Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.