Web certificate fraud bears Iranian fingerprints

March 24, 2011
An Iranian man surfs the Internet at a cafe in Tehran on January 2011. Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

"The incident got close to, but was not quite, an Internet-wide security meltdown," Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group's website.

Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages.

"The attacker was well prepared and knew in advance what he was to try to achieve," Comodo said in an online message regarding the attack. "He seemed to have a list of targets that he knew he wanted to obtain certificates for."

The hacker got "SSL certificates," essentially digital credentials, to pose as mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, global.trustee and login.live.com.

"These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website," the US Computer Emergency Readiness Team warned.

One of the online identities was tested on an Iranian but the others appeared not to have been used, according to Comodo, which said that it revoked the credentials within hours.

Microsoft, Mozilla, and have updated their Web to prevent being duped into trusting bogus websites using the credentials.

"These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of ," Microsoft said in a security advisory.

Whoever was behind the attempt appeared to be out to monitor or intercept email messages or Skype calls.

"This was likely to be a state-driven attack," Comodo said. "The circumstantial evidence suggests that the attack originated in Iran."

Explore further: Experts uncover weakness in Internet security

Related Stories

Experts uncover weakness in Internet security

December 30, 2008

Independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands have found ...

Microsoft fixes browser flaw used in Google breach

January 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Recommended for you

Math reveals unseen worlds of Star Wars

February 10, 2016

Using a new computer program, EPFL researchers offer unusual insight into the universe of Star Wars, which includes more than 20,000 characters spread among 640 communities over a period of 36,000 years.

Twitter lets hot tweets rise to top of timelines

February 10, 2016

Twitter revamped its timeline Wednesday, allowing the "best" tweets to rise to the top, despite warnings of a revolt from members loyal to the real-time flow of the messaging platform.

Tiny diatoms boast enormous strength

February 8, 2016

Diatoms are single-celled algae organisms, around 30 to 100 millionths of a meter in diameter, that are ubiquitous throughout the oceans. These creatures are encased within a hard shell shaped like a wide, flattened cylinder—like ...

Battery technology could charge up water desalination

February 4, 2016

The technology that charges batteries for electronic devices could provide fresh water from salty seas, says a new study by University of Illinois engineers. Electricity running through a salt water-filled battery draws the ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.