Web certificate fraud bears Iranian fingerprints

Mar 24, 2011
An Iranian man surfs the Internet at a cafe in Tehran on January 2011. Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

"The incident got close to, but was not quite, an Internet-wide security meltdown," Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group's website.

Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages.

"The attacker was well prepared and knew in advance what he was to try to achieve," Comodo said in an online message regarding the attack. "He seemed to have a list of targets that he knew he wanted to obtain certificates for."

The hacker got "SSL certificates," essentially digital credentials, to pose as mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, global.trustee and login.live.com.

"These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website," the US Computer Emergency Readiness Team warned.

One of the online identities was tested on an Iranian but the others appeared not to have been used, according to Comodo, which said that it revoked the credentials within hours.

Microsoft, Mozilla, and have updated their Web to prevent being duped into trusting bogus websites using the credentials.

"These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of ," Microsoft said in a security advisory.

Whoever was behind the attempt appeared to be out to monitor or intercept email messages or Skype calls.

"This was likely to be a state-driven attack," Comodo said. "The circumstantial evidence suggests that the attack originated in Iran."

Explore further: New social networks connect cooks and diners

add to favorites email to friend print save as pdf

Related Stories

Microsoft fixes browser flaw used in Google breach

Jan 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Experts uncover weakness in Internet security

Dec 30, 2008

Independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands have found ...

Recommended for you

Brazil passes trailblazing Internet privacy law

11 hours ago

Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US ...

Research shows impact of Facebook unfriending

Apr 22, 2014

Two studies from the University of Colorado Denver are shedding new light on the most common type of `friend' to be unfriended on Facebook and their emotional responses to it.

User comments : 0

More news stories

Amazon Prime wins streaming deal with HBO

Amazon scored a deal Wednesday to distribute old shows from premium cable TV channel HBO to its monthly Prime subscribers, landing a blow on rival Netflix in the streaming video battle.

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...