Experts suspect Iran involvement in Dutch hacking

Sep 05, 2011 By TOBY STERLING , Associated Press

(AP) -- Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the government said Monday.

Experts say they suspect the hacker - or hackers - operated with the cooperation of the Iranian government.

So far, only a handful of users in Iran are known to have been affected. In addition, the latest versions of browsers such as Microsoft's , Google's Chrome and Mozilla's Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar.

But in a statement Monday, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar first acknowledged last week. The list includes sites operated by Yahoo, , Microsoft, , , AOL, Mozilla, TorProject, and WordPress, as well as spy agencies including the CIA, Israel's Mossad and Britain's MI6.

DigiNotar is one of many companies which sell the security certificates widely used to authenticate websites and guarantee that communications between a user's browser and a website are secure.

In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a website, or used to monitor communications with the real sites without users noticing.

But in order to pass off a fake certificate, a hacker must be able to steer his target's through a server he controls. That's something that only an can easily do - or a government that commands one.

Technology experts cite a number of reasons to believe the hacker - or hackers - were based in Iran and cooperated with the Iranian government, perhaps in attempts to spy on dissidents. Notably, several of the certificates contain nationalist slogans in the Farsi language.

"This, in combination with messages the hacker left behind on DigiNotar's website, definitely suggests that Iran was involved," said Ot van Daalen, director of Bits of Freedom, an online civil liberties group.

The hack of DigiNotar closely resembles one in March of the U.S. Comodo Inc., which was also attributed to an Iranian hacker.

Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian Internet users on Monday to update their browsers, "log out of and back into every email and social media service you have" and change all passwords.

Van Daalen said he believed the DigiNotar incident will ultimately lead to a reform of authentication technology.

Although no users in the Netherlands are known to have been victimized directly by the hack, it has caused a major headache for the Dutch government, which relied on DigiNotar for authentication of most of its websites.

In a pre-dawn press conference Saturday, Justice Minister Piet Hein Donner said the safety of websites including the country's social security agency, police and tax authorities could no longer be guaranteed.

He advised users who wanted to be certain of secure communication with the government to return to using pen and paper.

The Dutch government took over management of DigiNotar, a subsidiary of Chicago-based Vasco Inc., but kept the websites operating as it scrambles to find replacement security providers.

Explore further: Apple helps iTunes users delete free U2 album

1 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Hackers target British anti-crime agency website

Jun 20, 2011

Hackers who have hit the websites of the CIA, US Senate, Sony and others during a month-long rampage claimed on Monday to have knocked the site of Britain's Serious Organized Crime Agency (SOCA) offline.

Dutch police investigate apparent hacker attack

Dec 10, 2010

(AP) -- Police said Friday they are investigating if hackers were responsible for taking down websites of police and prosecutors in the Netherlands after the arrest of a 16-year-old for involvement in a cyberattack on several ...

Recommended for you

A Closer Look: Your (online) life after death

6 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

7 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

14 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

Sep 15, 2014

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

COCO
not rated yet Sep 06, 2011
are they not also the authors of Stuxnet?
frajo
5 / 5 (1) Sep 09, 2011
Notably, several of the certificates contain nationalist slogans in the Farsi language.

Likewise, of course, I would put nationalist slogans in the Greek language into the fake certificates.