Iranian government may be behind hack of Dutch security firm
The cyberattack, which affected hundreds of thousands of users in Iran, may have been meant to allow the Iranian government to eavesdrop on its citizens via Google, Yahoo, Facebook, and other sites.
Exterior view of the building housing Internet security firm DigiNotar in Beverwijk, north-western Netherlands, Tuesday Sept. 6. Dutch prosecutors say they are investigating DigiNotar for possible criminal negligence after it was slow to disclose a hacking incident that compromised dozens of websites and likely helped the Iranian government spy on dissidents for a month.
Peter Dejong/AP
• A daily summary of global reports on security issues.
Skip to next paragraphRecent posts
-
12.30.11
Israeli general hints at another Gaza campaign -
12.29.11
Unclaimed attack on Islamic school raises tension in Nigeria -
12.28.11
See no evil? Activists doubt credibility of Arab League mission to Syria. -
12.27.11
Arab League observers head to Syria's war-ravaged Homs -
12.26.11
Christmas church bombings put global spotlight on 'Nigerian Taliban' (VIDEO)
Subscribe Today to the Monitor
A hacker's breach of a Dutch online security firm may have allowed the Iranian government to monitor hundreds of thousands of its citizens' e-mail accounts.
According to a statement from the Dutch government on Monday, a hacker broke into Dutch company DigiNotar, which provides security certificates to authenticate websites as safe for Internet users. The hacker then created hundreds of fraudulent certificates for Google, Yahoo, Facebook, and other major communication sites, as well as for the websites of the CIA, MI6, and Mossad.
With the fake certificates, the hacker could eavesdrop on Internet users' communications with these sites by rerouting their traffic through falsely authorized network paths while appearing to be secure.
According to an audit performed for the government by Dutch company Fox-IT, the fake Google certificate was used 300,000 times between Aug. 4 and Aug. 29, almost all of that usage coming from Iran. Al Jazeera writes that technology experts say the evidence suggests that the hackers were working with the Iranian government.
"The list of domains and the fact that 99 per cent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," it concluded.
Roel Schouwenberg of Internet security firm Kaspersky said, "a government operation is the most plausible scenario."
An Iranian hacker claimed responsibility Monday for the DigiNotar breach, reports PC World. "Comodohacker" wrote on Pastebin.com that he attacked DigiNotar to punish the Dutch government, apparently for what he sees as its failure to prevent the death of 8,000 Muslims in Srebrenica during the Bosnian War in 1995.
Comodohacker, who describes himself as a 21-year-old Iranian student, had claimed he was behind an attack earlier this year on another certificate authority, Comodo. Mikko Hypponen of security vendor F-Secure says that it appears likely that Comodohacker was behind both attacks.
Technology news site The Register reports that the hack, which investigators are calling Operation Black Tulip, appeared to be a result of "DigiNotar's shocking ineptness in securing its system, compounded with its failure to come clean on its problems in a timely fashion."
These comments are not screened before publication. Constructive debate about the above story is welcome, but personal attacks are not. Please do not post comments that are commercial in nature or that violate any copyright[s]. Comments that we regard as obscene, defamatory, or intended to incite violence will be removed. If you find a comment offensive, you may flag it.