China's Great Firewall has been intercepting the Javascript module from Facebook Login, which is allows third-party sites to authorize users through Facebook infrastructure.First reported on Sunday, the attack causes sites using Facebook Login to redirect to a third-party page for many web users in China. "This behavior is occurring locally and beyond the reach of our servers
The Great Firewall began intercepting the Facebook Login applet on Sunday, replacing it with a new single-line redirection code from two third-party sites. The result is that, for non-VPN users in China, any page with a Facebook Login button has been redirecting to two sites.
The two websites to which the traffic is being redirected:
wpkg.org : A website for open source automated software deployment, upgrade, and removal program for Windows.
ptraveler.com : A personal travel blog authored by a young couple of Poland.
Still it is not clear if Facebook traffic intercepting is backed by Chinese government or it's the result of some organized cyber attack, although ptraveler.com appears to have been brought down by the flood of redirected traffic.
It's difficult to say why Facebook Login is being targeted, since the net effect for most users is simply to redirect the browser to an unrelated homepage.
According to Krebs Nicholas Weaver, a censorship researcher at the International Computer Science Institute (ICSI) and the University of California, Berkeley, said:
Any page that had a Facebook Connect element on it that was unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org.
In March, a similar redirection was aimed at software repository GitHub, apparently in retaliation for the posting of content on two pages of the site that are banned in China.
