IT Crate Tutorial, Tips, Technology NewsWebsite Design and Development Company

It’s apparently possible to hack into someone’s Facebook account without even meaning to, as a Georgia family recently discovered. After signing on through a cellphone using their own names and passwords, they were given access to an account belonging to a complete stranger. It’s possible the error was due to a carrier routing problem, and it’s just one more way online information can go astray.

A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: Strangers’ accounts with full access to troves of private information.

The glitch — the result of a routing problem at the family’s wireless carrier, AT&T (NYSE: T) — revealed a little known security flaw with far-reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information — from mundane data to dark secrets — can go awry.

Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It’s not clear whether such episodes are rare or simply not reported. However, experts said such flaws could occur on email services, for instance, and that something similar could happen on a PC, not just a phone.

“The fact that it did happen is proof that it could potentially happen again and with something a lot more important than Facebook,” said Nathan Hamiel, founder of the Hexagon Security Group, a research organization.

Hey Facebook, That’s Not My Face

Candace Sawyer, 26, says she immediately suspected something was wrong when she tried to visit her Facebook page Saturday morning.

After typing Facebook.com into her Nokia (NYSE: NOK) smartphone, she was taken into the site without being asked for her user name or password. She was in an account that didn’t look like hers. She had fewer friend requests than she remembered. Then she found a picture of the page’s owner.

“He’s white — I’m not,” she said with a laugh.

Sawyer logged off and asked her sister, Mari, 31, her partner in a dessert catering company, and their mother, Fran, 57, to see whether they had the same problem on their phones.

Mari landed inside another woman’s page.

Fran’s phone — which had never been used to access Facebook before — took her inside yet another stranger’s page, one belonging to a young woman from Indiana. They sent an email to one of their own accounts to prove it.

They were dumbfounded.

“I thought it was the phone — ‘Maybe this phone is just weird and does magical, horrible things and I have to get rid of it,’” said Candace Sawyer.

The women, who live together in East Point, Ga., outside Atlanta, had recently upgraded to the same model of phone and all used the same carrier, AT&T.

Sawyer contacted The Associated Press after reporting the problem to Facebook and AT&T.

Trouble in Transit

The problem wasn’t in the phones. It was a flaw in the infrastructure connecting the phones to the Internet.

That illuminates a grave problem.

Generally Web sites and computers are compromised from within. A hacker can get a Web page or computers to run programming code that they shouldn’t. However, in this case, it was a security gap between the phone and the Web site that exposed strangers’ Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers’ phones to Facebook and back.

Fortunately, Hamiel said, the vulnerability would be of limited use to a hacker interested in pulling off widespread mayhem, because this hole would let him access only one account at a time. To do more damage, the criminal would have to pull off the unlikely feat of gaining full control of the piece of equipment that routes Internet traffic to individual users.

AT&T spokesperson Michael Coe said its wireless customers have landed in the wrong Facebook pages in “a limited number of instances” and that a network problem behind those episodes is being fixed.

The Sawyers experienced a different glitch. Coe said an investigation points to a “misdirected cookie.” A cookie is a file some Web sites place on computers to store identifying information — including the user name that Facebook members would enter to access their pages. Coe said technicians couldn’t figure out how the cookie had been routed to the wrong phone, leading it into the wrong Facebook account.

He also said AT&T could confirm only that the problem occurred on one of the Sawyers’ phones, possibly because they had logged off Facebook on the other two before reporting the incident.

Facebook declined to comment and referred questions to AT&T.

Not Universal

Some Web sites would be immune from this kind of mix-up, particularly those that use encryption. A Web browser would have trouble deciphering the encryption on a page that a computer user didn’t actually seek, said Chris Wysopal, cofounder of Veracode, a security company.

Sensitive sites and those used for banking and e-commerce generally use encryption. However, most other sites, including some Web-based email services, don’t use it. One way of checking: The Web addresses of encrypted sites begin with “https” rather than “http.” Facebook uses encryption when user names and passwords are entered, to cloak the sign-on from snoops, but after the credentials are entered the encryption is dropped.

It’s unclear how many people were affected by the problem the Sawyers discovered, and whether it was limited to Facebook.

The reason all three women experienced the glitch is a function of the way cellular networks are designed. In some cases, all the mobile Internet traffic for a particular area is routed through the same piece of networking equipment. If that piece of equipment is misbehaving or set up incorrectly, strange things happen when computers down the line receive the data.

Usually that means a Web site simply won’t load, said Alberto Solino, director of security consulting services for Core Security Technologies. In the Sawyers’ case, “somehow they got the wrong user but they could keep using that account for a long period of time. That’s what’s strange,” he said.

Odd Connections

The AP tried to contact two of the people whose Facebook pages were exposed to the Sawyers, but the calls and emails were not returned. It’s unclear whether they are also AT&T customers, though security experts said that’s likely the case.

Indeed, it was the case in a similar incident in November.

Stephen Simburg, 25, who works in marketing , was home for Thanksgiving in Vancouver, Wash., when he logged onto Facebook from his cellphone. He didn’t recognize the people who had written him messages.

“I thought I had gotten really popular all of a sudden, or something was wrong,” he said. Then he saw the picture of the account owner: A young woman.

He got her email address from the site, logged off and wrote the woman a message. He asked whether he had met her at some point and she had borrowed his phone to check her Facebook account.

“No,” she wrote back, “but I was just telling my family that I ended up in your profile!”

Simburg and the woman figured out they were both using AT&T to access Facebook on their phones. (AT&T had no comment because the incident wasn’t reported to the company.)

“I felt like I had been let down by the phone company and by Facebook,” he said.

He says he has put the incident behind him. But one piece of it remains: He and the young woman are now Facebook friends.

Blaming online agitators for riots that happened months ago, the Chinese government has blocked Internet access, text service and international phone calls in the entire region of Xinjiang since last summer. Some residents — many of whom run businesses that cannot continue without the Web — must regularly journey hundreds of miles to towns outside the blackout zone simply to check their email.

They arrive at this gritty desert crossroads weary from a 13-hour train ride but determined. The promised land lies just across the railway station plaza: a large, white sign that says “Easy Connection Internet Cafe.”

The visitors are Internet refugees from China’s western Xinjiang region, whose 20 million people have been without links to the outside world since the government blocked virtually all online access, text messages and international phone calls after ethnic riots in July. It’s the largest and longest such blackout in the world, observers say.

Every weekend, dozens of people pile off the train in Liuyuan, a sandswept town on the ancient Silk Road that’s the first train stop outside Xinjiang, 400 miles (650 kilometers) east of Urumqi, the regional capital.

“We must get online! We must!” said Zhao Yan, a petite, ponytailed businesswoman from Xinjiang’s capital, Urumqi. She has rented the same private booth in the Internet cafe every weekend since August in an uphill battle to keep her small trading business going.

“If this goes on another couple of months, I’ll have to give up,” Zhao said. “I can’t keep up with the outside world, and I’m losing money.”

Traveling Far and Wide

Xinjiang residents are without Internet links unless they flee to farflung places like Liuyuan. One customer had traveled 750 miles (1,200 kilometers) just to get online.

Authorities unplugged Xinjiang, a sprawling area three times the size of Texas, in an attempt to prevent a repeat of the ethnic rioting between the Han Chinese majority and the mainly Muslim Uighur minority that the government says left almost 200 dead. China’s government blamed overseas activists for the riots, saying they stirred up resentment in the Uighur community through Web sites and e-mails.

For many, it feels like being thrown back in time 30 years.

Xinjiang now has no e-mail. No blogs. No instant messaging. The government this month promised Internet access would resume “gradually,” but it also said the same thing in July and not much has changed. So far, only four restricted Web sites, half of them state-run media, have returned.

No country has shut down an information infrastructure so widely for so long, said the Open Net Initiative, a Harvard-linked partnership that monitors Internet restrictions around the world. Some former Soviet Union countries have done it during sensitive elections, but “the blackout only lasted for hours or days at most,” said Rafal Rohozinski, the group’s principal investigator.

The normal Internet in China is already among the world’s most restricted.

“The fact that the Chinese authorities had to resort to shutting down and cutting off the entire infrastructure … is indicative of the difficulty they are having in controlling cyberspace,” Rohozinski said.

“You can look at news or movies. That’s it. It’s all one-way,” said a 23-year-old from Urumqi, who sat a few screens away from Zhao and was clicking between an e-mail account and a Russian-language Web site. He’d been online for 11 hours. He didn’t give his name because he’s half Uighur and was worried about retribution from authorities.

‘It’s Like a Social Experiment’

Liuyuan has little more to offer the Xinjiang refugees besides its Internet connection and its steady supply of cross-country trains. “You don’t want to stay here,” said the desk clerk at the Liutie Hotel, the only guesthouse in town. Most people who get off the train are headed for the famous oasis of Dunhuang, two hours to the south.

On Sunday, most of the Xinjiang customers bolted back home after hearing word that mobile phone text-messaging services had finally resumed. The region’s mobile phone users sent 42.84 million text messages the first day of service alone, the state-run Xinhua News Agency reported.

Users are still limited to no more than 20 texts per day, with no international service. International calls from Xinjiang were blocked, but the official Xinhua News Service reported that they were now allowed, starting Wednesday.

One Xinjiang woman who wanted to chat with her American husband finally took an overnight bus to neighboring Kazakhstan to get online.

“It’s like a social experiment — what would happen if we take away the Internet?” said the husband, Kevin Komoroski, who lives in Missouri. He said their work on her U.S. visa application has slowed to a crawl and now relies on air mail. “No one at any sort of level knows when it will end.”

An international scientific conference was relocated outside the region. A board member of an international academic association travels regularly to Beijing, 1,800 miles from Urumqi, to check her e-mail. The Federal Express office in Urumqi tells customers to check orders by phone instead.

Laptop-Toting Refugees

The Xinjiang government has said foreign investment and tourism were “seriously” affected last year, though it points to the July violence alone. Import-export business fell 38.8 percent in the first nine months of last year, dropping almost 18 percentage points more than the rest of China, it said in a report this month.

“We’re like deaf people now,” said Wei Chengzhi, who works in the online service office of Xinjiang Wind Energy. “We’re working on a joint project with a partner company in Shanghai. We can’t communicate with them. Nor can we do any online research.”

Xinjiang’s commerce department says it now offers Internet access to companies that can get approval from the local foreign trade or foreign investment office, but only on weekdays.

One business owner couldn’t wait. Just after the riots, Ma Hui and her husband took off on a three-day road trip east to Beijing to keep their dried fruit company going. Since then, her husband has lived in the capital to deal with online orders, while Ma lives in Urumqi and handles the product.

“We’ve been married three years and we’ve never lived apart before,” she said. “We don’t know when to expect the Internet to come back to normal.”

One person who doesn’t mind the blackout is the owner of Liuyuan’s Easy Connection Internet Cafe, who wouldn’t give his name but said he was quite happy with the increased business.

As night fell in Liuyuan, Zhao sighed and returned to her work online. She had three more hours before taking the overnight train home to Urumqi, but she expected to be back and online Saturday morning.

It’s easy to recognize her fellow refugees by their computer bags, Zhao said.

“You should go to Jiuquan,” the next major stop east along the railway, she said. “It’s a bigger city, and even more people go there. They check into the hotels and use the broadband.”

A faster connection — another 200 miles (320 kilometers) away.

BEIJING – China’s e-commerce giant Alibaba turned on major shareholder Yahoo Inc. on Saturday, calling the American company’s support of Google in its standoff with China “reckless.”

Google has promised to stop censoring its search results in China, threatening to pull out of the country altogether if it can’t operate an unfiltered search engine. Yahoo has said it was “aligned” with Google’s position, though it’s not clear what that means.

“Alibaba Group has communicated to Yahoo! that Yahoo’s statement that it is ‘aligned’ with the position Google took last week was reckless given the lack of facts in evidence,” Alibaba spokesman John Spelich said Saturday. “Alibaba doesn’t share this view.”

Yahoo closed its own offices in China several years ago when it sold much of its business there to the Alibaba Group. Yahoo retains a 39 percent stake in Alibaba that represents one of Yahoo’s most valuable assets.

Yahoo spokeswoman Nina Blackwell has declined to say whether the company would consider selling its holdings.

Google hopes it can persuade the Chinese government to agree to changes that would enable its China-based Google.cn site to show uncensored search results.

A Google spokeswoman, Jessica Powell, said by e-mail Saturday that Google has not closed its offices in China and that “it’s business as usual.”

Google’s threat to end its China operations has alarmed an Internet-connected public that is the world’s largest at 384 million people.

Beijing requires Internet traffic to pass through government-controlled gateways that block access to material deemed subversive or pornographic. Google’s China-based site excludes from its results any foreign Web sites to which access is blocked.

It once hoped to change China with its search engine, but Google may wind up effecting more change by closing it down.

They are perhaps the most repeated, misunderstood, and beloved three words to ever be associated with Google: “don’t be evil.” Those words, highlighted in the company’s initial public offering in 2004, underscored how differently Google wants to be thought of compared with the average corporation.

This has always been a company with a moral pulse, one that in its early days attracted a certain sort of idealistic engineer who truly believed the world could be made a better place by a responsible corporation that efficiently spread information and technology around the world.

Yet Google is also one of America’s largest and richest public companies, and obsessed with growing even larger. Operating on a global scale can require even the nicest businesses and companies to rub shoulders with governments that don’t share the values of Silicon Valley.

The collision of those two forces led Google into what the company founders may eventually come to consider as its worst decision: to self-censor search results in China for almost four years in hopes of improving overall access to information. The company did an about-face Tuesday, declaring that unless the Chinese government allows it to offer an uncensored search engine inside of China, it will shut down its operations in the country.

Google originally justified its decision to censor results in 2006 as a way of helping the Chinese people. Simply offering Google.com from outside of China made the search engine subject to The Great Firewall of China and hurt performance but didn’t require Google to police itself. Opening an office inside of China would require it to follow local laws regarding the dissemination of information on the Internet, but Google believed it could improve access to information in China just by being present with a fast and comprehensive search engine.

There was also a financial incentive, of course. China has the most Internet users in the world, with stunning growth over the past decade and much more in store, given that only 25 percent of the country is currently using the Internet.

But Google never seemed to be fully comfortable with its decision. Co-founder Sergey Brin told The Guardian in 2007 that Google’s actions resulted in a “net negative,” an engineer’s way of saying that Google had lost more than it had gained in pursuing business opportunities in China.

Google lost the respect of many U.S. and European citizens, who were amazed at the way the company was able to justify compromising its lofty principles in the name of profit. It lost a little of its idealism in deciding that it had to work with a government that many consider one of the largest offenders of human rights on the planet in order to grow its business. And it lost the battle: Google had just 14.1 percent of the search market in China during November 2009, compared with Baidu’s 62.2 percent, according to ComScore.

Saddled with a struggling business and a queasy stomach, Google now hopes to regain the moral high ground. It’s extremely unlikely that the Chinese government will permit an uncensored search engine in China, especially after being so publicly implicated as the force behind the attacks on the accounts of Gmail users whose main offense was speaking out against that government (Google refused to point its finger directly at the Chinese government, but security researchers have linked the most recent attacks with previous attacks on U.S. companies believed to come from agents of that government).

Google’s obligation to censor search results in China was a difficult balancing act for the company, especially around sensitive dates like the 25th anniversary of the Tiananmen Square protests, when Google blocked all results to searches on those words in Chinese.

(Credit: Screenshot by Tom Krazit/CNET)

And after playing defense throughout 2009 against governments and citizens concerned about its growing power, Google has now created a situation where privacy advocates and human-rights activists are applauding the company for taking a principled stand against the Chinese government.

Back in November, CNET asked Google CEO Eric Schmidt about the “don’t be evil” credo and how it applied to Google now that the company has grown into such a large business. He said that “don’t be evil” allows Google employees to stand up and play The Evil Card without repercussions, forcing a discussion about whether Google is choosing the right course of action during tricky decisions.

Without prompting, Schmidt brought up Google’s decision to enter China as an example of how that process works. “Certainly, the China decision, which was very controversial at the time, but I think ultimately, the right one for us, is another example of a tortured internal discussion, which ultimately came to roughly, the right outcome,” he said.

The discovery of cyberattacks originating from China against Google seems to have finally tipped that debate for Google. It’s now clear that Google believes it erred in making the decision to get in bed with the Chinese government back in 2006, regardless of whether that revelation comes from business reasons or moral reasons.

Google has now put American Internet information companies doing business in China in a very difficult position: stay and appear to their home crowd to be agents of the Chinese government after Google’s strong rebuke, or leave and miss out on the land grab that is the Chinese Internet market. And the end result of all this could be that the Chinese government emerges with even stronger control over the Internet if domestic firms with fewer reservations about censorship or surveillance take their place.

Google could have changed the way Internet companies work in China Tuesday. It once hoped for something much more.