Printed from http://www.electronista.com

Hackers issue fake security certificates for CIA, Google

updated 05:00 pm EDT, Mon September 5, 2011

DigiNotar hack tied to Iranian government

A Dutch web security firm that sells security certificates, DigiNotar, was hacked back in July and fake certificates were issued to websites such as the CIA, Google, Microsoft and Twitter. DigiNotar just acknowledged the attack last week. Now, the Dutch government has taken over the company. It's also believed that the hacker or hackers operated with the cooperation of the Iranian government.

The hackers proceeded to issue hundreds of fake security certificates for large organizations such as the CIA, Google, Microsoft and Twitter, among others, the Dutch government revealed early on Monday. The latest browsers from Microsoft, Google and Mozilla reject the certificates from DigiNotar, however. Also on there are sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, and spy agencies like Israel's Mossad and Britain's MI6.

Security certificates are used to authenticate websites and guarantee that communications between a browser and website are secure. Fake certificates can, in theory, be used for phishing attacks or to monitor communications without the user noticing.

A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

Experts made the Iranian tie-up because some of the certificates have embedded nationalist slogans in the Farsi language. Also, messages left on DigiNotar's site suggest the same.

A Mozilla developer cautions Iranian Internet users to update their browsers, log out and change the passwords of their e-mail and social services and accounts.

The Dutch government is looking for a replacement firm. [via The New York Times]



By Electronista Staff
toggle

Comments

  1. gskibum3

    Fresh-Faced Recruit

    Joined: Nov 2006

    0

    comment title

    A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

    Huh? Is there some error in editing here?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Samsung Galaxy S6 Edge

The Samsung Galaxy S6 range is a critical component in Samsung's flagging smartphone strategy. With sales of its high-end smartphones ...

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softball ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Advertisement

toggle

Most Commented

 
toggle

Popular News