Tunisian government harvesting usernames and passwords

The Tunisian Internet Agency (Agence tunisienne d'Internet or ATI) is being blamed for the presence of injected JavaScript that captures usernames and passwords. The code has been discovered on login pages for Gmail, Yahoo, and Facebook, and said to be the reason for the recent rash of account hijackings reported by Tunisian protesters.


ATI is run by the Tunisian Ministry of Communications. They supply all of the privately held Tunisian ISPs, making them the main source of Internet access in the country. They’ve been under scrutiny for years, due to the fact that they make use of their authority to regulate the entire national network
. Last April, ATI earned international attention by blocking access to sites such as Flickr, YouTube
, and Vimeo.


According to Reporters Without Borders, authorities claim to target only pornographic or terrorist websites. “However, censorship applies above all to political opposition, independent news, and human rights websites.”


“When an Internet user attempts to access a prohibited website, the following automatic error message appears: “Error 404: page not found,” without displaying the familiar “Error 403” more typical of a blocked site...This strategy equates to a disguised form of censorship.”



As for the JavaScript itself, The Tech Herald has seen examples of the embedded script during live surfing sessions with sources in Tunisia, and in posted source code made available to the Web. The source for the GMail injection is here, the Yahoo injection is here, and Facebook is Read more »