Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site. The attack is ongoing and has been seen by users of multiple Syrian ISPs. We cannot confirm the identity of the perpetrators.
The attack is not extremely sophisticated: the certificate is invalid in user’s browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users’ only line of defense.
EFF is very interested in collecting TLS/SSL certificates. Our SSL Observatory project has collected millions of them by scanning the public Internet. Thanks to the assistance of a Syrian citizen named Mohammad, we can also provide a copy of the fake Syrian Facebook certificate. Interested readers can find a copy in human readable and PEM encoded form.1
This is very much an amateur attempt at attacking Facebook’s HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users’ web browsers. Unfortunately, Certificate Authorities are under the direct or indirect control of numerous governments, and many governments therefore have the capability to perform versions of this attack that do not raise any errors or warnings.
Time Sunday, April 24 at 5:00am - August 23 at 8:00am
Created ByKevin M. Allan
More InfoI call all Facebook peeps to demand Mark Zuckerberg 1) address the security issues present on Facebook 2) prove the real number of users presently on Facebook 3) return money earned via deceptive marketing practices.
You will see that there are other movements to take this action but they are now overrun with spam bots and not safe to join. Please view this video for an overview. http://www.youtube.com/wat ch?v=W4nEPy-FZwU F…eel free to call or e-mail me for more info! MUCH LOVE FRIENDS! PLEASE BE SAFE!YOU CAN VIEW OTHER VIDEOS RELATED TO THE MATTER ON MY YOU-TUBE CHANNEL HERE http://www.youtube.com/user/onlyathought1?feature=mhum
FRIENDS AFTER MORE EVIDENCE I MUST INCORPORATE TWITTER IN THIS MOVEMENT!
in recent days more clues have arisen and i feel we all are inequal or greater danger if we are also on twitter. In fairness to mr. zukkerfukker i must include twitter in the demands. i ask you post your damands here and i will make a list. if your anonymous then e-mail me and ill leave profile out!! my word is all i have. thank you all for your support.
Mark Zuckerberg rambles on during video excerpts from the interview, watch the young CEO collapse under intense questioning and sweat over Facebook privacy issues.
Dozens of Facebook accounts with a political orientation have been removed or suspended in the last day, according to British activists.
Many of the pages are associated with UK Uncut, which has been at the forefront of protests against both draconian cuts by the British government and tax avoidance by major corporations. The group is known for its use of Facebook, Twitter, and other social networking services to organize its actions.
Guy Aitchison, who blogs at openDemocracy, told the Guardian, “I woke up this morning to find that a lot of the groups we’d been using for anti-cuts activity had disappeared. The timing of it seems suspicious given a general political crackdown because of the royal wedding.”
“There appears to be a political purge of Facebook taking place,” Aitchison wrote at his own blog on Friday. “Profiles are being deleted without warning or explanation. In the last 12 hours, Facebook has deleted over 50 sites. It may well be that these groups are technically in violation of Facebook’s terms of agreement … but the timing – on the royal wedding and May day weekend – is deeply suspicious. We don’t know for certain, but this purge of online organising groups could be linked to the wider crackdown on protest by authorities in Britain.”
The crackdown to which he referred included the arrest on Friday of a professor and a street theater group who had planned a “zombie wedding” and a mock execution to coincide with the royal nuptials.
Facebook has since responded to the activist groups with an email stating that “Facebook profiles are intended to represent individual people only. It is a violation of Facebook’s Statement of Rights and Responsibilities to use a profile to represent a brand, business, group, or organization. If you would like to continue representing your organization on Facebook, we can convert your profile to a Page.”
Commenters at Aitchison’s blog, however, remained convinced that Facebook’s action was “definitely a selective culling because there are still plenty of Facebook profile being used by groups” and because “they were all taken down at once with no explanation or warning.”
DemandProgress.org has launched a campaign linking the latest incident to the recent blocking of the Facebook page of technology news website Ars Technica and calling on Facebook to “stop censoring political content right away.”
The Ars Technica page, which was taken down for an alleged copyright violation, has since been restored, but without any clear explanation from Facebook.
DETROIT — Federal investigators in Detroit have taken the rare step of obtaining search warrants that give them access to Facebook accounts of suspected criminals.
The warrants let investigators view photographs, email addresses, cell phone numbers, lists of friends who might double as partners in crime, and see GPS locations that could help disprove alibis.
There have been a few dozen search warrants for Facebook accounts nationwide since May 2009, including three approved recently by a federal magistrate judge in Detroit, according to a Detroit News analysis of publicly available federal court records.
The trend raises privacy and evidentiary concerns in a rapidly evolving digital age and illustrates the potential law-enforcement value of social media, experts said.
Locally, Facebook accounts have been seized by the Bureau of Alcohol, Tobacco, Firearms and Explosives and FBI to investigate more than a dozen gang members and accused bank robber Anthony Wilson of Detroit.
“To be honest with you, it bothers me,” said Wilson, 25, who was indicted Tuesday on bank robbery charges after the FBI compared Facebook photos with images taken from a bank surveillance video. “Facebook could have let me know what was going on. Instead, I got my door kicked down, and all of a sudden I’m in handcuffs.”
Federal investigators defend the practice. “With technology today, we would be crazy not to look at every avenue,” said Special Agent Donald Dawkins, spokesman with the ATF in Detroit.
The FBI suspected Wilson was behind a string of bank robberies across Metro Detroit that netted more than $6,300. Special Agent Juan Herrera said an informant told the FBI about Wilson’s Facebook account. It was registered under the name “Anthony Mrshowoff Wilson.”
In several photos on Facebook, Wilson was wearing a blue baseball hat and blue hooded sweatshirt, both featuring a Polo emblem. That’s the same outfit the FBI said the suspect wore when he stole $390 from a Bank of America Branch in Grosse Pointe Woods on Nov. 26, according to federal court records.
His Facebook photos also included one in which Wilson wore a red Philadelphia Phillies baseball hat, which the FBI said Wilson donned while robbing $1,363 from a PNC Bank branch in St. Clair Shores on Dec. 21, according to court records.
On Jan. 26, U.S. Magistrate Judge Virginia Morgan gave approval for the FBI to seize information from Wilson’s Facebook account. The warrant was executed within four hours.
Facebook gave the FBI Wilson’s contact information, including birth date, cell phone number, friends, incoming and outgoing messages, and photos.
Wilson was charged in a criminal complaint Feb. 7 and indicted Tuesday on five bank robbery charges. He is free on a $10,000 unsecured bond.
“I’m innocent until proven guilty,” Wilson told The Detroit News. “They’re basically going off my clothes. Ralph Lauren is a popular clothing line.”
He’s since updated his Facebook photo. Wilson swapped the blue Polo hat and blue Polo sweatshirt for white ones featuring the iconic Polo horse.
Despite the search warrants, his Facebook information page was still public Thursday.
Morgan, the federal magistrate judge, also approved two search warrant requests from the ATF late last year and in February to search the accounts of at least 16 people suspected of belonging to a Detroit area gang. The affidavit justifying the search remains sealed in federal court.
Even with the access, investigators are having a hard time keeping up with high-tech crooks. In February, an FBI official testified before a House subcommittee about the difficulty accessing electronic communications on social media sites and email even with court approval.
“The FBI and other government agencies are facing a potentially widening gap between our legal authority to intercept electronic communications pursuant to court order and our practical ability to actually intercept those communications,” FBI General Counsel Valerie Caproni testified.
Monitoring real-time Web-based conversations is particularly difficult, she said.
The FBI uses the term “Going Dark” to label the gap between having the authority to access electronic communications and the Internet service providers’ capability to gather the information. “This gap poses a growing threat to public safety,” Caproni testified.
Concerns over privacy
Information gleaned from the Internet raises constitutional and evidentiary issues that must be considered, including privacy and the right against unreasonable searches and seizures, said Chief U.S. District Judge Gerald E. Rosen, who also is an evidence professor at Wayne State University. Evidence obtained from the Internet and social media sites also raises issues about whether the information can be authenticated, he said.
“The Internet is the next frontier for the development of Fourth Amendment law,” Rosen said, referring to the amendment protecting against unreasonable searches and seizures.
A Facebook spokesman said the company receives a “significant volume of third-party data requests” that are reviewed individually for “legal sufficiency.”
“We do not comment publicly on data requests, even when we disclose the request to the user. We have this policy to respect privacy and avoid the risk that even acknowledging the existence of a request could wrongly harm the reputation of an individual,” said Andrew Noyes, Facebook manager of public policy communications. “We never turn over ’content’ records in response to U.S. legal process unless that process is a search warrant reviewed by a judge. We are required to regularly push back against overbroad requests for user records, but in most cases we are able to convince the party issuing legal process to withdraw the overbroad request, but if they do not, we fight the matter in court (and have a history of success in those cases.)”
Spokeswomen for the U.S. Attorney’s Office and FBI declined to discuss techniques used by investigators.
It is unclear exactly how many search warrants have been executed for Facebook accounts. But requests - in Maryland , New York , North Carolina , Virginia , California , Pennsylvania , Montana and Alabama - come amid a backlash from users who complained too much of their personal information was being disclosed .
The San Francisco-based Electronic Frontier Foundation , a digital civil liberties organization based in San Francisco, launched a campaign recently to encourage Facebook and others to disclose when and how often law-enforcement agencies request user account information.
“The US government may start issuing terror alerts using Facebook and Twitter, which were thrust again in the spotlight recently as lifelines in Japan. An AP report Thursday, based on a 19-page draft of the plan that the news service obtained, said DHS is working to overhaul the current color-coded terror alert system. ‘The new terror alerts would … be published online using Facebook and Twitter ‘when appropriate,’ the AP reports, ‘but only after federal, state and local government leaders have already been notified.’ Zeus Kerravala, an analyst at the Yankee Group, said the government entrusting something as critical as terrorist alerts to Facebook and Twitter shows how important social networking sites have become to people’s lives. ‘There are hundreds of millions of people using Facebook and Twitter. For many of them, it’s their primary communication tool,’ Kerravala said. ‘That means it’s a great way to get information to a massive number of people. Maybe the best.’”
A web-search box was recently seen at the top of a Facebook page, indicating that the world’s most popular social-networking giant is preparing to encroach into Web search giant Google’s jurisdiction.
According to many, the web-search box at the top of a Facebook page is part of a beta testing of a new search feature.
But, Facebook has denied that it was testing a new search feature. Instead, it warned that those Facebook users who see the concerned web-search box might be infected with malware.
A representative for Facebook, said, “We believe the second search field or `Search the Web’ box appeared on people’s accounts as the result of unknown actions by a third party targeting the browser, potentially a browser plug-in or malware, unrelated to facebook.”
The social network is already involved in search business to some extent. Previous fall, the company hit a deal with Microsoft to allow its Bing search engine to crawl its network for some results.
Saerch engine startup Blekko also uses Facebook’s “likes” and other activities to produce some search results. But so far, Facebook is not involved in making searches itself.
Funny or Real? - You decide! :P
Facebook’s 120 million users are being targeted by a virus designed to get hold of sensitive information like credit card details.
‘Koobface’ spreads by sending a message to people’s inboxes, pretending to be from a Facebook friend.
It says “you look funny in this new video” or “you look just awesome in this new video”.
By clicking on the link provided they’re then asked to watch a “secret video by Tom”.
When users try and play the video they’re asked to download the latest version of Adobe Flash Player.
If they do, that’s when the virus takes hold and attacks the computer.
Guy Bunker works for Norton AntiVirus and says there are two ways Koobface gets people’s credit card details.
“It can either wait for you to buy something online and just remember the details you type in on your keyboard.
“Otherwise it can search your computer for any cookies you might have from when you’ve bought something in the past, and take them from there.”
MySpace was targeted by Koobface in August this year.
The 2008 version of this guide was previously released by Cryptome. One notable difference between the previously available 2008 version and the newer 2010 version is the inclusion of Session Cookie in the list of IP log information that may be requested by law enforcement.
Facebook Law Enforcement Guidelines
- 5 pages
- © Facebook, Inc. 2010
Facebook Law Enforcement Guidelines
- 11 pages
- Law Enforcement Use Only
- © Facebook, Inc. 2009
Facebook Subpoena / Search Warrant Guidelines
- 5 pages
- Law Enforcement Use Only
- © Facebook, Inc. 2008
Facebook Subpoena / Search Warrant Guidelines
- 5 pages
- Law Enforcement Use Only
- © Facebook, Inc. 2007
Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving.
The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise shocking videos about such things as the real ingredients of Coca Cola. Instead, they are forced into registering their approval of the videos using Facebook’s “Like” button.
“As more and more criminals discover how successful attacks via Facebook can be, we can expect the tried-and-trusted techniques of the English-speaking world to be cloned elsewhere around the globe,” Sophos researcher Paul Baccas writes.
Clickjacking is a term that was coined in 2008 by web-application security gurus Jeremiah Grossman and Robert “RSnake” Hansen. It describes attacks that allow malicious website publishers, or their users, to control the links visitors click on. They are typically pulled off by superimposing an invisible iframe over a button or link. Virtually every browser is vulnerable, although many come with safeguards that can make exploitation harder.
The No-Script extension for Firefox also provides some protection, although not always: users are often forced to allow Twitter and other websites to run Flash and other scripts in order to avail themselves of basic features. The functionality often gives attacks all they need to carry out the attacks.
The latest round of attacks, which Sophos said are also being seen in Japanese and Cryillic, are similar to clickjacking exploits unleashed last year on Facebook that forced users to share content without their express approval.
The contract calls for the development of “Persona Management Software” which would help the user create and manage a variety of distinct fake profiles online. The job listing was discussed in recently leaked emails from the private security firm HBGary after an attack by internet activist last week.
According to the contract, the software would “protect the identity of government agencies” by employing a number of false signals to convince users that the poster is in fact a real person. A single user could manage unique background information and status updates for up to 10 fake people from a single computer.
The software enables the government to shield its identity through a number of different methods including the ability to assign unique IP addresses to each persona and the ability to make it appear as though the user is posting from other locations around the world.
Included in HBGary’s leaked emails was a government proposal for the government contract. The document describes how they would ‘friend’ real people on Facebook as a way to convey government messages. The document reads:
- “Those names can be cross-referenced across Facebook, twitter, MySpace, and other social media services to collect information on each individual. Once enough information is collected this information can be used to gain access to these individuals social circles.
- Even the most restrictive and security conscious of persons can be exploited. Through the targeting and information reconnaissance phase, a person’s hometown and high school will be revealed. An adversary can create a classmates.com account at the same high school and year and find out people you went to high school with that do not have Facebook accounts, then create the account and send a friend request. Under the mutual friend decision, which is where most people can be exploited, an adversary can look at a targets friend list if it is exposed and find a targets most socially promiscuous friends, the ones that have over 300-500 friends, friend them to develop mutual friends before sending a friend request to the target. To that end friend’s accounts can be compromised and used to post malicious material to a targets wall. When choosing to participate in social media an individual is only as protected as his/her weakest friend.”
Other documents in the leaked emails include quotes from HBGary CEO Aaron Barr saying, “There are a variety of social media tricks we can use to add a level of realness to all fictitious personas… Using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example.”
Additional emails between HBGary employees, usually originating from Barr, discuss the vulnerability social networking causes.
One employee wrote, “and now social networks are closing the gap between attacker and victim, to the point I just found (via linked-in) 112 females, wives of service men, all stationed at Hurlbert Field FL - in case you don’t know this is where the CIA flies all their “private” airlines out of. What a damn joke - the U.S. is no longer the super power in cyber, and probably won’t be in other areas soon.”
Barr also predicted a steady rise in clandestine or secret government operations to stem the flow of sensitive information. “I would say there is going to be a resurgence of black ops in the coming year as decision makers settle with our inadequacies… Critical infrastructure, finance, defense industrial base, and government have rivers of unauthorized communications flowing from them and there are no real efforts to stop it.”
The creation of internet propoganda software is only one of HBGary’s controversial activities. According to Wikileaks competetor and occasional collaborator Cryptome.org, several other progressive organizations were intended to be targeted including anti-war activist, anti-torture organizations and groups opposed to the US Chamber of Commerce.
The emails also include a number of other embarrasing entries including the purchase of the book “The Multi-Orgasmic Man: Sexual Secrets Every Man Should Know” from Amazon for $6.76.
Continue reading on Examiner.com: US Gov. Software Creates ‘Fake People’ on Social Networks to Promote Propoganda - National Social Media | Examiner.com http://www.examiner.com/social-media-in-national/us-gov-software-creates-fake-people-on-social-networks-to-promote-propoganda#ixzz1EUwy7ZTG
In the case of both Google and Facebook, three talented students in their 20’s came out of obscurity to establish multi-billion dollar enterprises. Do you suppose they had some help?
BY SANDEEP PARWAGA
There used to be a saying: ”No one makes a name for himself without giving something up”
As a youngster, I was awed by people who ”made it to the top” by creating and innovating corporations, technologies, or simply establishing themselves through sports, music, entertainment, etc. thus becoming millionaires.
Now as I have grown older, I realize how illusory this paradigm really is. I came to the conclusion that if you want to reach the ”top’,’ you have to give up your soul.
Take Mark Zuckerberg for example. He is one of the most ”successful entrepreneurs” in the last decade. Having made a fortune through his Facebook empire, he reaches more than 500 million people worldwide. It seems like a fairytale. A student creates a new interface to connect the people throughout the world. Well, it sounds great doesn’t it? It would, if we were true.
Here is a good video that demonstrates that Facebook was indirectly funded by the CIA with the goal of learning and storing everything there is to know about you. Why? To monitor and ultimately control.
Again, the people have been totally duped by the Facebook-mania and can only see what they are told to see. As my friends say: ”It is to connect people and share information”. In the wake of the recent crisis in Egypt, we might add that Facebook has become not just a data-mining operation, but also a soft power proxy for crisis-creation.
Let’s look at headlines that should cast no doubt about the true character of CIAbook:
Facebook’s Zuckerberg Says The Age of Privacy is Over -
Facebook’s Mark Zuckerberg says privacy is no longer a ‘social norm’
Facebook - the CIA conspiracy
The Face of Facebook - (Pay particular notice to the IMs that got leaked and confirmed to be true by the New Yorker)
Facebook & Social Media: A Convenient Cover For Spying -
US spies invest in internet monitoring technology - Quoted from this article: ”In an attempt to sift through the blizzard of information, the investment arm of the CIA, In-Q-Tel, has invested in a software firm that monitors social media.”
Nihilists of The World Unite: Wikileaks Is The “Cognitive Infiltration” Operation Demanded by Cass Sunstein -
TIME Mag Person of the Year 2010 - This link is just a mere reminder of past history and the perversion of ”honoring”those who don’t deserve it. Would you like to share this front cover with Hitler, Stalin, Kissinger, etc.? I sure wouldn’t. Obviously Zuckerberg has done something ”great”. Just my 2 cents about this garbage.
Google has come under scrutiny over its attempt to eliminate competing search engines and block ”controversial” sites and people, but the biggest controversy came over its alleged ties to the CIA and NSA.
Google founders Sergey M. Brin and Lawrence E. Page are portrayed as average folks, Stanford University students, who teamed up to create a ”superior search engine”. Their attempt to do just that turned out to be so successful that they started to get funding from big players, for example Sun Microsystems. (http://en.wikipedia.org/wiki/Sergey_Brin#Search_engine_development)
It can be assumed that the CIA and NSA funded them as well. As in the above example of Facebook, don’t forget the Google scandal connected to China last year, where Google simply evaded censorship laws by moving to Hong Kong.
The CIA might have used Google as a soft power proxy in China as well for destabilization operations. Here are a few issues that made the news regarding Google:
Tarpley: US Gov uses Google proxy to attack China - (Vid)
Google-NSA collaboration draws alarm -
YouTube’s Parent Google is a Corporate Member of the Council on Foreign Relations -
Ex-Agent: CIA Seed Money Helped Launch Google -
The Google-NSA Alliance: Questions and Answers -
I admit I have Facebook. I am not particularly happy about it, but it does facilitate being connected with friends from other places. I try to keep a low profile. Don’t reveal anything or don’t click on trivial buttons, for example the ”Likes”.
Use alternatives to make contact if you can, e.g. email or other messengers. If you have Facebook, you have probably realized how people have literally sold their lives over to it.
Every time I see people revealing things to the finest detail, they don’t think about any consequences, or let’s say, they are not smart enough to care. The scientific dictatorship has done a ”good” job in brainwashing and manipulating the masses. Don’t be fooled by the deceit. The mainstream media has been very reluctant to cover the disturbing Google/Facebook ties as it would expose important assets for the Big Brother machine and its secret use to destabilize.
Zuckerberg or the Google founders would never have gotten the publicity, wealth and success without a CIA or NSA connection. To elaborate on the opening quote, I assume they have been initiated into the Illuminati Order and sold their soul.