The inside story of how Facebook responded to Tunisian hacks →

It was on Christmas Day that Facebook’s Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia. Reports started to trickle in that political-protest pages were being hacked. “We were getting anecdotal reports saying, ‘It looks like someone logged into my account and deleted it,’” Sullivan said. […]

After more than ten days of intensive investigation and study, Facebook’s security team realized something very, very bad was going on. The country’s Internet service providers were running a malicious piece of code that was recording users’ login information when they went to sites like Facebook.

By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades. Sullivan and his team decided they needed a country-level solution — and fast.

Though Sullivan said Facebook has encountered a wide variety of security problems and been involved in various political situations, they’d never seen anything like what was happening in Tunisia.

“We’ve had to deal with ISPs in the past who have tried to filter or block our site,” Sullivan said. “In this case, we were confronted by ISPs that were doing something unprecedented in that they were being very active in their attempts to intercept user information.”

(Source: guillee)