Tuesday, September 06, 2011

  • Tuesday, September 06, 2011
  • Elder of Ziyon
From The Register:
The Google webmail of as many as 300,000 Iranians may have been intercepted using fraudulently issued security certificates made after a hack against Dutch certificate authority outfit DigiNotar, according to the preliminary findings of an official report into the megahack.

Fox-IT, the security consultancy hired to examine the breach against DigiNotar, reveals that DigiNotar was hacked on or around 6 June – a month before hackers begun publishing rogue certificates. Between 10 July and 20 July hackers used compromised access to DigiNotar's systems to issue rogue 531 SSL certificate for Google and other domains, including Skype, Mozilla add-ons, Microsoft update and others. DigiNotar only begun revoking rogue certificates on 19 July and waited more than a month later to go public about the problem. The fake *.google.com certificate – which was valid for code-signing – wasn't revoked until 29 July.

The compromise was used, in part, to spy on Iranian internet users, using the forged Google SSL certificate to run man-in-the-middle attacks.

"The list of domains and the fact that 99 per cent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," [Fox-IT] adds.
In English, this means that Iran apparently forged the certificates that are used to ensure that web traffic to various websites - like Google - is correctly encrypted. This means that Iran was able to spy on email and web traffic that even the most conscientious user would have assumed was safe from prying eyes.

Or, as Israel Hayom describes it:
In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site, or used to monitor communications with the real sites without users noticing.

But in order to pass off a fake certificate, a hacker must be able to steer his target’s Internet traffic through a server that he controls. That is something only an Internet service provider, or a government that commands one, can easily do.

According to AP, technology experts cite a number of reasons to believe the attack is connected to Iran. Notably, several of the certificates contain nationalist slogans in Farsi, the language spoken by most Iranians.

“This, in combination with messages the hacker left behind on DigiNotar’s Web site, definitely suggests that Iran was involved,” Ot van Daalen, director of Bits of Freedom, an online civil liberties group, told AP.


AddToAny

Printfriendly

EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

search eoz

comments

Speaking

translate

E-Book

For $18 donation








Sample Text

EoZ's Most Popular Posts in recent years

Hasbys!

Elder of Ziyon - حـكـيـم صـهـيـون



This blog may be a labor of love for me, but it takes a lot of effort, time and money. For 20 years and 40,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.

Donate!

Donate to fight for Israel!

Monthly subscription:
Payment options


One time donation:

Follow EoZ on Twitter!

Interesting Blogs

Blog Archive