Printed from http://www.electronista.com

Hackers issue fake security certificates for CIA, Google

updated 05:00 pm EDT, Mon September 5, 2011

DigiNotar hack tied to Iranian government

A Dutch web security firm that sells security certificates, DigiNotar, was hacked back in July and fake certificates were issued to websites such as the CIA, Google, Microsoft and Twitter. DigiNotar just acknowledged the attack last week. Now, the Dutch government has taken over the company. It's also believed that the hacker or hackers operated with the cooperation of the Iranian government.

The hackers proceeded to issue hundreds of fake security certificates for large organizations such as the CIA, Google, Microsoft and Twitter, among others, the Dutch government revealed early on Monday. The latest browsers from Microsoft, Google and Mozilla reject the certificates from DigiNotar, however. Also on there are sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, and spy agencies like Israel's Mossad and Britain's MI6.

Security certificates are used to authenticate websites and guarantee that communications between a browser and website are secure. Fake certificates can, in theory, be used for phishing attacks or to monitor communications without the user noticing.

A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

Experts made the Iranian tie-up because some of the certificates have embedded nationalist slogans in the Farsi language. Also, messages left on DigiNotar's site suggest the same.

A Mozilla developer cautions Iranian Internet users to update their browsers, log out and change the passwords of their e-mail and social services and accounts.

The Dutch government is looking for a replacement firm. [via The New York Times]



By Electronista Staff
toggle

Comments

  1. gskibum3

    Fresh-Faced Recruit

    Joined: Nov 2006

    0

    comment title

    A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

    Huh? Is there some error in editing here?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Linksys EA6900 AC Router

As AC networking begins to makes its way into more and more devices you may find yourself considering an upgrade for your home network ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Ooma Office small business VoIP

Voice over IP (VoIP) services have been around for a very long time. Only recently has the implementation become a bit more robust, al ...

Sponsor

toggle

Most Commented

 
toggle

Popular News