{"id":635,"date":"2011-01-28T17:44:23","date_gmt":"2011-01-28T16:44:23","guid":{"rendered":"http:\/\/viewsdesk.com\/?p=635"},"modified":"2011-03-14T13:10:10","modified_gmt":"2011-03-14T12:10:10","slug":"tunisian-hackers-code-surprising","status":"publish","type":"post","link":"https:\/\/viewsdesk.com\/?p=635","title":{"rendered":"Tunisian Hacker\u2019s Code Surprising"},"content":{"rendered":"<p><a href=\"https:\/\/viewsdesk.com\/wp-content\/uploads\/2011\/02\/1337.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-637\" title=\"1337\" src=\"https:\/\/viewsdesk.com\/wp-content\/uploads\/2011\/02\/1337.jpg\" alt=\"\" width=\"463\" height=\"302\" srcset=\"https:\/\/viewsdesk.com\/wp-content\/uploads\/2011\/02\/1337.jpg 463w, https:\/\/viewsdesk.com\/wp-content\/uploads\/2011\/02\/1337-300x195.jpg 300w\" sizes=\"auto, (max-width: 463px) 100vw, 463px\" \/><\/a><\/p>\n<p>The Tunisian manipulation of the login forms on some of the world\u2019s biggest sites could be a much needed wakeup call for more a more security aware approach to internet-based communication. The hack, if that\u2019s an appropriate word in this context, potentially allowed the Tunisian government to get access to the private communication of hundreds of thousands of users \u2013 in the midst of violent nationwide protests.<\/p>\n<p>One of the worst things that can happen to people protesting against an oppressive regime is to have their adversaries spying on them. Some information is by nature public, such as twitter feeds \u2013 and nobody should be surprised that governments are monitoring that information. But, there\u2019s also tons of private correspondence, where the sender might be less careful with keeping their identity hidden. Think email, Facebook messages and closed groups.<\/p>\n<p>The Tunisian case is, as far as I know, the only example we have where we have actual code to analyze. But without doubt, the method has been used before by other entities: whoever has control over a network, can insert malicious scripts as easily as child\u2019s play. If you target the attack to only affect a smaller number of people \u2013 or even one specific individual \u2013 the chances of getting caught are very, very slim.<\/p>\n<p>Most seem to be agreeing that the government instigated the Tunisian hack. The timing would certainly suggest so. The code however, bears no mark of a bureaucratic pen. Quite the opposite, actually.<\/p>\n<p>The script that was inserted has some interesting traits. For some reason, the developer chose to name the functions using Leetspeak. We can find <em>hAAAQ3d<\/em> (hacked), <em>wo0dh3ad<\/em> (woodhead), <em>us3r<\/em> (user), <em>pa55<\/em> (pass), <em>h6h<\/em> (hash) and <em>inv0k<\/em> (invoke) in right there <a href=\"http:\/\/qem.se\/jonathan\/share\/5b947e5a9ed5fdfb5c56484ee66b1250.png\">in the code<\/a>.<\/p>\n<p><a href=\"http:\/\/www.urbandictionary.com\/define.php?term=leetspeak\">Leetspeak<\/a>, the habit of replacing some characters with a digit (or other symbol), is a clich\u00e9 of the hacker community. One of the first things you do, if you want to be taken seriously in the hacker underground, is to not speak leet. Yet, for some reason, leet pops up in this of all places.<\/p>\n<p>The only reason I find to explain it is if the Tunisian government was trying to conceal its involvement and overcompensated. Big time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Tunisian manipulation of the login forms on some of the world\u2019s biggest sites could be a much needed wakeup call for more a more security aware approach to internet-based communication. The hack, if that\u2019s an appropriate word in this context, potentially allowed the Tunisian government to get access to the private communication of hundreds [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[2,11],"tags":[12,42,41],"class_list":["post-635","post","type-post","status-publish","format-standard","hentry","category-censorship","category-free-speech","tag-censorship-2","tag-hack","tag-tunisia"],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/posts\/635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=635"}],"version-history":[{"count":12,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/posts\/635\/revisions"}],"predecessor-version":[{"id":762,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=\/wp\/v2\/posts\/635\/revisions\/762"}],"wp:attachment":[{"href":"https:\/\/viewsdesk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/viewsdesk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}