March 24, 2011
According a report posted on Computerworld Iran has been implicated in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web’s biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.
“One of the origins of the attack that we experienced is from Iran,” Abdulhayoglu said in an online statement. “What is being obtained would enable the perpetrator to intercept Web-based email/communication and the only way this could be done is if the perpetrator had access to the country’s DNS infrastructure (and we believe it might be the case here).”
Comodo’s security blog offered more details of the Iranian connection and claimed that at least two Iranian IP addresses and one ISP were involved.
“The IP address of the initial attack … has been determined to be assigned to an ISP in Iran,” said Comodo. “A Web survey revealed one of the certificates [was] deployed on another IP address assigned to an Iranian ISP.”
Comodo echoed Storms’ take on the attack’s implication but speculated that it was a government-backed effort.
“It does not escape [our] notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups,” Comodo said. “The attack comes at a time when many countries in North Africa and the [Persian] Gulf region are facing popular protests.”
The attack and acquisition of the certificates has prompted Google, Microsoft and Mozilla to issue updates so users of their browsers will be warned if they try to reach a site that’s serving up one of the phony certificates.
The Iranian revolutionary guard has openly recruited hackers to do their bidding, and in recent months they have targeted a number of opposition sites. Iran has also instituted wide spread censorship and monitoring of digital communications.