Facebook Login System Hijacked by China’s Great Firewall

April 28, 2015 Updated: April 29, 2015

China’s Great Firewall has hijacked the JavaScript applet for Facebook Connect, redirecting its users to third-party websites.

Facebook Connect allows users to be authorized by other websites when logged into Facebook. On Sunday, some Chinese Web users loading webpages with Facebook Connect found that the native JavaScript had been replaced and redirects them to two unrelated websites—wpgk.org or ptraveler.com.

The problem has made it difficult for Chinese Web users to access numerous websites, and has led to a wave of complaints on social media platforms, including reddit.

The interception has sent a flood of traffic to both websites—ptraveler.com is down at the time of this report. 

This is not the first time the Great Firewall has deployed this type of mass-redirect campaign—dubbed “the Great Cannon” by security researchers. It’s typically used to overwhelm and disable sites the Chinese regime wants to censor.

In March, Github was hit with a massive denial-of-service attack. The attack targeted two pages: a mirror of Chinese translations of The New York Times, and the page for Greatfire, an anti-censorship project that aims to make unfiltered Google searches available in China.

It’s unclear why wpgk.org and ptraveler.com—an open software site and a personal travel blog—were targeted by the Great Cannon, and some have speculated that the attack was unintentional.

“The Chinese censors don’t benefit from it, because this caused a huge amount of disruption to Chinese Web surfers on pages that the government doesn’t want to censor,” said Nicholas Weaver, a security researcher at UC Berkeley.

If the attack was an error or an infiltration of the Great Firewall by an outsider, it appears to be worsening. On Tuesday afternoon, a Chinese Web user on reddit complained about redirects to miscellaneous pornographic websites by way of Facebook Connect.

Internet users in China can browse websites with Facebook Connect without being affected by the interception if they use a foreign VPN or an adblocker with wpgk.org and ptraveler.com included in the custom filter, although some users browsing with a VPN were also affected.

The interception was first reported by a local media outlet in Beijing, and later by the Verge.