Web security certificates stopped over Iranian hacking fears

A major provider of website authentication has stopped issuing new security certificates on fears it may have been hacked as part of a mass spying operation in Iran.

GlobalSign, based in Belgium, took the action after a pseudonymous hacker said he had breached its security.

“ComodoHacker” made the claim in a web posting that also claimed responsibility for a verified attack on DigiNotar, a smaller SSL certificate authority. According to a report prepared for the Dutch government, that security breach exposed the private emails, Facebook messages and more of more than 300,000 Iranians to spying.

SSL certificates are used by websites to validate that the traffic they exchange with users is properly encrypted.

In their attack on DigiNotar, hackers issued themselves with more than 500 forgeries for websites including Google, Facebook, and Twitter, potentially allowing them to read all incoming and outgoing messages.

Analysis of who used the forged certificates strongly indicated the attack targeted Iranian internet users. During the month they were in circulation, DigiNotar, a small certificate authority which mainly authenticates Dutch websites, saw a spike in traffic from Iran.

In a sinister twist, the list of websites for which the hackers issued forged certificates also include those of the CIA, Mossad, and MI6, as well as that of the Tor Project, an organisation that makes software often used by political dissidents. To exploit the forgeries most effectively, the hackers would also have needed control of Iranian telecoms, which has prompted speculation the spying operation was ordered by the government in Tehran.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: