Iranian government may be behind hack of Dutch security firm
The cyberattack, which affected hundreds of thousands of users in Iran, may have been meant to allow the Iranian government to eavesdrop on its citizens via Google, Yahoo, Facebook, and other sites.
(Page 2 of 2)
The audit reveals a catalogue of security shortcomings at the small and previously obscure Dutch certificate authority that allowed the hack to take place. DigiNotar's servers were running out-of-date software. Its network was poorly segmented, so problems if they arose would not be contained. Passwords in play at the time of the hack might easily have been guessed via brute-force attack. In addition, there was no secure logging and an absence of any server-side anti-virus protection.Skip to next paragraph
Israeli general hints at another Gaza campaign
Unclaimed attack on Islamic school raises tension in Nigeria
See no evil? Activists doubt credibility of Arab League mission to Syria.
Arab League observers head to Syria's war-ravaged Homs
Christmas church bombings put global spotlight on 'Nigerian Taliban' (VIDEO)
Subscribe Today to the Monitor
In response to the attack, the Dutch government revoked all of DigiNotar's certificates, which it had been using for Dutch citizens' online tax filings, and are in the midst of finding an alternative certificate authority. The New York Times notes that the Dutch government is expanding its probe to determine if any of its citizens' private data was compromised.
Mr. Schouwenberg of Kaspersky writes on his blog that while the DigiNotar hack may not be as complex as the Stuxnet attack on Iran's nuclear network, its consequences "will far outweigh those of Stuxnet." In particular, he says that the attack has caused "quite significant" damage to the Dutch government's IT infrastructure, and will "put cyberwar on or near the top of the political agenda of Western governments."
He also adds that the attack will likely drive DigiNotar out of business, and will put pressure on certificate authorities to quickly go public with any future security breaches.
The Amsterdam-based group Arseh Sevom, founded in 2010 to promote civil society in Iran, suggests that the current Internet security regime needs an overhaul. It compares a security certificate from a firm like DigiNotar as a lone guard who can be "bribed, compromised, blackmailed, circumvented, or asleep on the job."
The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals. Today Internet users rely on this system to protect their privacy against nation-states. We doubt it can bear this burden.
But while Google was one of the main sites compromised, it also ultimately provided the clue that alerted others that DigiNotar had been hacked, EFF reports. That's because as of May this year, Google introduced a new feature in its Chrome browser that would override false certificates. An Iranian using Chrome discovered the hack when the browser warned the user of the fraudulent certificate.
Google hard-coded the fingerprints for its own sites’ encryption keys into Chrome, and told the browser to simply ignore contrary information from certificate authorities. That meant that even if an attacker got a hold of a fake certificate for a Google site – as this attacker did – newer versions of the Chrome browser would not be fooled.