Skip to main content

Facebook's login system is being hijacked by China's Great Firewall

Facebook's login system is being hijacked by China's Great Firewall

Share this story

For the last three days, China's Great Firewall has been intercepting the Javascript module from Facebook Login, which allows third-party sites to authorize users through Facebook infrastructure. First reported on Sunday, the attack causes sites using Facebook Login to redirect to a third-party page for many web users in China. "This behavior is occurring locally and beyond the reach of our servers," a Facebook spokesperson told The Verge. "We are investigating the situation."

Because the code is intercepted within China's national telecom infrastructure, only users located in China (and accessing the web without a VPN) will be affected. The attack can also be avoided by disabling Javascript, since the inserted code runs as a Javascript applet. Readers in China have confirmed to The Verge that the redirection attack was still under way as of this morning. Local media in Beijing has also reported on the problem.

Researchers have named the capability "The Great Cannon"

The Great Firewall began intercepting the Facebook Login applet on Sunday, replacing it with a new single-line redirection code from two third-party sites. The result is that, for non-VPN users in China, any page with a Facebook Login button has been redirecting to two sites: wpkg.org or ptraveler.com, an open-source software project and a personal travel blog respectively. It's unclear why the Chinese government would want to send users to these sites, although ptraveler.com seems to have been brought down by the flood of traffic.

It's not the first time China has performed this kind of traffic interception. In March, a similar redirection was used to perform a denial-of-service attack on GitHub, apparently in retaliation for dissident content posted through the service. Since the new code is injected as content passes through China's national web filters, there's little doubt that the Chinese government is responsible for the attacks. The research group Citizen Lab has named the capability "The Great Cannon," a play on the Great Firewall censorship filter.

It's difficult to say why Facebook Login is being targeted, since the net effect for most users is simply to redirect the browser to an unrelated homepage. Facebook itself is officially blocked in China, although the block has been relaxed in recent years. Some have speculated that an injection attack like this could be used to spoof a Facebook login, but if such an attack is being carried out, it's likely targeted to only a handful of users and effectively invisible on the network scale. It's likely both sites have seen a huge uptick in traffic, but there's no clear reason why these sites would be targets for the Great Cannon, or why Facebook would be the conduit for that attack.

4/28 3:33pm ET: Updated with Facebook comment, and to clarify that Facebook Login is the name of the affected login service. The initial piece had referred to it as Facebook Connect.