China HIjacks 'Facebook Connect' Plugin
From past few days, Internet Users in China are dealing with a weird redirection of traffic nationwide while accessing any website that makes use of connect.facebook.net resource.

Great Firewall of China, which is infamous for the Internet censorship by Chinese government, believes to be intercepting the JavaScript module used by Facebook Connect Login, which is meant to allow third-party websites to authorize users through Facebook infrastructure.

Chinese Internet users are complaining that when they visit any website that contain "Login with Facebook" or "Connect with Facebook" buttons (which is being used by a vast number of sites), they automatically redirect to unrelated websites.
Cybersecurity

The two websites to which the traffic is being redirected:
  • wpkg.org — A website for open source automated software deployment, upgrade, and removal program for Windows.
  • ptraveler.com — A personal travel blog authored by a young couple of Poland.
"This behavior is occurring locally and beyond the reach of our servers," a spokesperson from Facebook told The Verge. "We are investigating the situation."
Is Chinese Government responsible for the attack?

At the moment, it isn't clear if Facebook traffic intercepting is backed by Chinese government or it's the result of some organized cyber attack, although ptraveler.com appears to have been brought down by the flood of redirected traffic.

However, this tactic sounds very similar to the one that the Chinese officials recently used against the popular code sharing website Github, so there is doubt that the Chinese government is responsible for the cyber attack.

At the end of last month, similar redirection was used to launch a massive distributed denial of service (DDoS) attack against Github, apparently in response to dissident content posted by the open source service.

The Great Cannon:

The current attack is also intercepting a line of JavaScript from the Facebook Connect plugin and injecting a new line of code to redirect Chinese users to unrelated sites as the content passes through China's national web filters.

The Citizen Lab researchers have named this capability "The Great Cannon," a unique cyber attack tool capable of hijacking Internet traffic at the national level and redirect that traffic to targeted networks the attackers want to knock offline.

It is still unclear why these two sites would be a target for the Great Cannon and why Facebook is chosen to conduct the attack, which has been banned in China for years, and most immigrants in the country use a VPN to access Facebook.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.