updated 05:00 pm EDT, Mon September 5, 2011
DigiNotar hack tied to Iranian government
A Dutch web security firm that sells security certificates, DigiNotar, was hacked back in July and fake certificates were issued to websites such as the CIA, Google, Microsoft and Twitter. DigiNotar just acknowledged the attack last week. Now, the Dutch government has taken over the company. It's also believed that the hacker or hackers operated with the cooperation of the Iranian government.
The hackers proceeded to issue hundreds of fake security certificates for large organizations such as the CIA, Google, Microsoft and Twitter, among others, the Dutch government revealed early on Monday. The latest browsers from Microsoft, Google and Mozilla reject the certificates from DigiNotar, however. Also on there are sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, and spy agencies like Israel's Mossad and Britain's MI6.
Security certificates are used to authenticate websites and guarantee that communications between a browser and website are secure. Fake certificates can, in theory, be used for phishing attacks or to monitor communications without the user noticing.
A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.
Experts made the Iranian tie-up because some of the certificates have embedded nationalist slogans in the Farsi language. Also, messages left on DigiNotar's site suggest the same.
A Mozilla developer cautions Iranian Internet users to update their browsers, log out and change the passwords of their e-mail and social services and accounts.
The Dutch government is looking for a replacement firm. [via The New York Times]