Readers respond to Counter-Twitter Operations …From TPM Reader WC …
As a technologist, the technical explanation doesn’t seem quite right — Facebook, like all other websites, already uses https for logins, so the passwords will be encrypted and it would be impossible for the ISPs to intercept them and do keystroke logging once the passwords have gone out on the wire, so something else must be going on. However, it’s clear that something was happening.
Late Update: Other readers say it’s much easier than WC suggests to intercept passwords for Facebook or even mimic Facebook, especially when you’re operating at the government level. The key seems to be the certificate authorities. TPM Reader IB sends in the following …
WRT your technologist reader, unfortunately he’s wrong that HTTPS offers much in the way of security against a nation state attacker.
The key to HTTPS security is the raft of trusted root “certificate authorities” (encryption information, including keys and whatnot) that are preinstalled in every browser and computer. Roughly, a website running HTTPS gets an encryption certificate from one of these authorities, and this certificate is digitally signed by the authority. Then when a browser asks to communicate with the website, the site provides the certificate as proof that the site is who it claims it is, and the browser verifies that this is accurate by checking that the certificate was signed by one of its trusted authorities. After identity has been verified, then it uses encryption information from the certificate to encrypt the data before sending it to the site.
This means that anyone who obtains or compromises any of the trusted root CAs (see the list included, for ex, in Firefox at http://www.mozilla.org/projects/security/certs/included/ ) can intercept HTTP traffic by using something called a Man-in-the-Middle attack (roughly, they intercept the traffic between you and Facebook and impersonate Facebook by signing their “pretend facebook” encryption certificate with the compromised CA). Such a thing is beyond the reach of most hackers, but certainly not beyond the reach of a nation state (see Stuxnet and its use of stolen digital certificates from hardware manufacturers, for example).
The Egyptian government, by the way, runs its own certificate authority through the government agency ITIDA, and the CA is probably pre-installed in many computers in Egypt. If so, they don’t even need to compromise a trusted root CA; they already have one.
Meanwhile, TPM Reader JP points to this post which suggests the Internet has been close to totally taken down in Egypt.
12:49 AM: TPM Reader MS sends along another network analysis showing most of the “Egyptian Internet” has been taken offline.