The Syrian Telecom Ministry earlier this week launched a man-in-the-middle attack against the HTTPS version of the Facebook site, according to Electronic Frontier Foundation.
Also known as bucket-brigade attack or Janus attack, this form of online eavesdropping allows a hacker to insert himself between two communicating parties. While both parties believe they are talking to each other, the attacker can delete or modify the communications at will.
“The attack is not extremely sophisticated: The certificate is invalid in users’ browsers, and raises a security warning,” EFF’s Peter Eckersley wrote on EFF’s Deeplinks Blog.
Because users see these warnings for many operational reasons, they often ignore them and through them reflexively. However, doing so will allow the attackers access to and control of victims’ Facebook accounts.
Calling it “very much an amateur attempt at attacking Facebook’s HTTPS site,” Eckersley said the certificate was not signed by a Certificate Authority that was trusted by users’ web browsers.