Tweeting Tyrants Out of Tunisia: Global Internet at Its Best

Even yesterday, it would have been too much to say that blogger, tweeters, Facebook users, Anonymous and Wikileaks had “brought down” the Tunisian government, but with today’s news that the country’s president Zine El Abidine Ben Ali has fled the country, it becomes a more plausible claim to make.

Of course there was more to such demonstrations than some new technology. An individual act of desperation set off the last month of rioting, as a college-educated young man set himself on fire after police confiscated his unlicensed fruit and vegetable cart. Tunisia’s high unemployment rate, rampant corruption and rising food prices added to the anger at Ben Ali’s 20-plus-year rule.

People risked their lives in the street, with some getting a bullet for their troubles, but the internet played a significant role in organizing these protests and in disseminating news and pictures of them to the world.

After the worst unrest in his reign, Ben Ali this week promised not to run for “election” again and to give the country a free press and the right to assemble. He fired his cabinet. It wasn’t enough. Protestors sensed weakness, and today they forced Ben Ali from Tunisia. He fled ignominiously with his family for any state that would have him.

Here’s a guide to the part of this battle fought in cyberspace over the last month.

Web blocking: Soon after the protests began, Tunisia ramped up its attempts at controlling the internet. These started simply enough, with straight-up site blocking. In an open letter to the Tunisian government, the Committee to Protect Journalists outlined the online repression:

We are troubled to learn that your government’s practice of blocking websites — including CPJ Web pages on Tunisia — has recently intensified. Local journalists told CPJ that additional news websites, as well as numerous Facebook pages carrying critical content, blogs, and journalists’ e-mail accounts have been blocked by the state-run Tunisian Internet Agency since protests erupted on December 17. Regional and international media have reported that numerous local and international news websites covering the street protests were blocked in Tunisia. One report placed your country, along with Saudi Arabia, as the worst in the region regarding Internet censorship. A 2009 CPJ study found Tunisia to be one of the 10 worst countries worldwide to be a blogger, in part for the same reasons.

We’ll take that Facebook password, please: It soon got much worse. The Committee to Protect Journalists said its own research found that “the [state-run] Tunisian Internet Agency is harvesting passwords and usernames of bloggers, reporters, political activists and protesters by injecting hidden JavaScript” into many popular site login pages.

This extended to sites like Facebook, where the main login page mysteriously had 10 additional lines of code inserted when it arrived at Tunisian computers. (Such code injection is technically simple using various pieces of deep-packet inspection gear, and it was made easier by the fact that the Tunisian government would periodically block secure HTTPS connections.)

That code grabbed the username and password, embedded them into a bogus Facebook URL, and then attempted to load the nonexistent page. It’s unclear why this was done, though speculation is that the hack was a simple way to grab passwords. The Tunisian Internet Agency could simply log all attempts to hit the bogus Facebook link without the liability of listing one of its servers in the code itself.

CPJ noted in a separate report that “unknown parties have subsequently logged onto these sites using these stolen credentials, and used them to delete Facebook groups, pages and accounts, including Facebook pages administrated by Sofiene Chourabi, a reporter with Al-Tariq al-Jadid, and the account of local online video journalist Haythem El Mekki. Local bloggers have told CPJ that their accounts and pictures of recent protests have been deleted or otherwise compromised.”

Al-Jazeera interviewed an anonymous source who had crafted a Greasemonkey script that could strip this additional code from login pages. On January 6, it had already been installed over 1,500 times.

On January 11, the Electronic Frontier Foundation publicized the Greasemonkey script but also asked Facebook in particular to consider a few technical changes:

Make Facebook logins default to HTTPS, if only in Tunisia, where accounts are especially vulnerable at this time. Google and Yahoo logins already default to HTTPS.

Consider allowing pseudonymous accounts for users in authoritarian regimes, where political speech under your real name is dangerous and potentially deadly. Many Tunisian activists are unable to reinstate Facebook accounts that have been erased by the Tunisian government because they were not using their real names.

Finding bloggers, pirates: The Tunisian government, not content to simply grab account information and delete the offending material, also began hauling bloggers into police custody.

On January 7, Reporters Without Borders had at least five confirmed cases of bloggers and online activists being arrested. Here’s one:

Four or five police plainclothes officers arrested the blogger and activist Hamadi Kaloutcha at his home at around 6 am, seizing a computer and a central processing unit. They told his wife they were taking him to the nearest police station and “just have a few questions for him,” and “that will only take a few hours.” There has been no news of him since.

Several of those arrested, including Kaloutcha, were members of the Pirate Party of Tunisia; the Pirate Party U.K. later issued several statements deploring the disappearances.

“Pirate Parties around the world condemn these acts against freedom of expression, human rights and democracy, and call upon governments take firm action against Tunisia for these recent events,” one said. A later note said that one detainee had been beaten, and it said that several of the bloggers were accused of “degradation of state property on account of anonymous DDoS attacks.”

And who specializes in anonymous distributed denial of service (DDoS) attacks against unfriendly websites? That’s right, it’s …