Web certificate fraud bears Iranian fingerprints
SAN FRANCISCO – Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.
“The incident got close to, but was not quite, an Internet-wide security meltdown,” Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group’s website.
Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages.
“The attacker was well prepared and knew in advance what he was to try to achieve,” Comodo said in an online message regarding the attack. “He seemed to have a list of targets that he knew he wanted to obtain certificates for.”
The hacker got “SSL certificates,” essentially digital credentials, to pose as mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, global.trustee and login.live.com.
“These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website,” the US Computer Emergency Readiness Team warned.
One of the online identities was tested on an Iranian computer server but the others appeared not to have been used, according to Comodo, which said that it revoked the credentials within hours.
Microsoft, Mozilla, and Google have updated their Web browsing software to prevent being duped into trusting bogus websites using the credentials.
“These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer,” Microsoft said in a security advisory.
Whoever was behind the attempt appeared to be out to monitor or intercept email messages or Skype calls.
“This was likely to be a state-driven attack,” Comodo said. “The circumstantial evidence suggests that the attack originated in Iran.”
Brand new on Raw Story
- CNN’s Wolf Blitzer tells atheist tornado survivor: ‘You gotta thank the Lord’
- Obama does not want Fox News reporter James Rosen prosecuted: spokesman
- Muslim religious leaders meet with Holocaust survivors in Poland
- Rescuers dig for life after tornado rips through Moore, Oklahoma
- Harry Potter book fetches $227,000 at London auction
- Bradley Manning trial to be closed for some testimony: judge
- ACLU condemns prosecution of Florida teen over lesbian relationship
- FBI faces lawsuit over secret surveillance of prominent anti-war website
- NYPD detective allegedly hacked 40 email accounts to spy on ex-girlfriend
- Female gender stereotypes have little impact on voting behavior: study
Commentary
The Orange Couch does Mad Men: S7E8, “The Crash”
By Amanda Marcotte
An open letter to the Center for Inquiry
By Amanda Marcotte
Stop whining about Millennials
By Pando Daily
Raw Exclusives
Featured Video
Follow Us!
