Web certificate fraud bears Iranian fingerprints

Mar 24, 2011
An Iranian man surfs the Internet at a cafe in Tehran on January 2011. Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

"The incident got close to, but was not quite, an Internet-wide security meltdown," Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group's website.

Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages.

"The attacker was well prepared and knew in advance what he was to try to achieve," Comodo said in an online message regarding the attack. "He seemed to have a list of targets that he knew he wanted to obtain certificates for."

The hacker got "SSL certificates," essentially digital credentials, to pose as mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, global.trustee and login.live.com.

"These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website," the US Computer Emergency Readiness Team warned.

One of the online identities was tested on an Iranian but the others appeared not to have been used, according to Comodo, which said that it revoked the credentials within hours.

Microsoft, Mozilla, and have updated their Web to prevent being duped into trusting bogus websites using the credentials.

"These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of ," Microsoft said in a security advisory.

Whoever was behind the attempt appeared to be out to monitor or intercept email messages or Skype calls.

"This was likely to be a state-driven attack," Comodo said. "The circumstantial evidence suggests that the attack originated in Iran."

Explore further: Study: Social media users shy away from opinions

add to favorites email to friend print save as pdf

Related Stories

Microsoft fixes browser flaw used in Google breach

Jan 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Experts uncover weakness in Internet security

Dec 30, 2008

Independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands have found ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0