Freegate and Facebook: A Cautionary Tale for Iranians Using Circumvention Tools

By ASL19

Freegate, one of the most popular circumvention tools used by Iranian Internet users, was reportedly compromised by a phishing attack this weekend. When Freegate users tried to access Facebook, they were taken to the following link instead: www.facebook.com.gos.saveinter.net.

According the Freegate, this incident was caused when the company tried to test a new proxy server. They claim that although it looked like an phishing attempt, it was not. Despite the fact that Freegate maintains a sizeable Iranian user base, Iranians were given no warning that this would occur and the company only notified its users on its company homepage, in Chinese. The translation of the Chinese announcement is as follows:  “We tested a new proxy service. www.facebook.com may be accessed through www.facebook.com.gos.saveinter.net. ”

Rumors that the website had been compromised quickly circulated and a report was made to Phishtank. Other Freegate users outside Iran also reported the problem. One Chinese user posted a step-by-step explanation of the situation here: http://www.hacking-tutorial.com/hacking-news/facebook-phishing-using-freegate/

It is unclear why Freegate would choose to use a low security proxy server with an http connection. While Freegate maintains that this was not a phishing attack, it is a type of phishing that allows the company to access information such as a user’s username and password. Once users connect to Freegate, they should not need a proxy to connect to individual sites such as Facebook. A regular connection to Facebook uses https coding that encrypts information like one’s username and password. Why Freegate chose to create an additional proxy in conjunction with http unknown.

News of the Facebook link spread like wildfire, as many users feared this to be an attempt at surveillance by the Iranian government. It was quickly refuted when it became known that Freegate users outside of Iran were also being redirected. Freegate has since removed the proxy page, but the incident serves as a reminder of the dangers that persist when using circumvention tools. Users in countries such as Iran often see the government as their main online adversary and voluntarily compromise their security to circumvention tool providers. While what Freegate intended by creating the unencrypted Facebook proxy is not known, unsuspecting users could have voluntarily revealed their usernames and passwords to Freegate servers. Internet users in countries that filter content online should know that their online security can be compromised by those other than their government. Users must rid themselves of the false sense of security that circumvention software provides and remember to always use security precautions online.