💾 Archived View for gmi.noulin.net › mobileNews › 3359.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

Iranians hit in email hack attack

Up to 300,000 Iranians may have had their Google email monitored using security

certificates stolen from Dutch firm DigiNotar.

The figure came from a report into the breach at DigiNotar which let attackers

generate hundreds of fake certificates.

The report suggests the certificates were used in Iran to eavesdrop on email

accounts.

The list has been passed to Google so it can tell victims they may have come

under government scrutiny.

On 30 August, security firm Fox-IT was called in to analyse the sequence of

events at DigiNotar that led to the security breach. It published its interim

report late on 5 September.

DigiNotar is one of many firms which help to ensure that no-one is

eavesdropping on secure communications between users and the sites they visit.

It does this via security certificates which act as a guarantee of identity so

people can be sure they are connecting to the site they think they are.

Anyone armed with a rogue certificate for a web firm or service can impersonate

that organisation and get at communications that would otherwise be impossible

to read because they are encrypted.

DigiNotar first took action to revoke fake security certificates on 19 July

when it found that hackers had got access to its internal network.

The Fox-IT report suggests that the hackers were able to access those internal

systems for a month before DigiNotar took action.

The first exploration by the hackers took place on 6 June, suggests the report,

and the first rogue certificates were issued on 10 July.

"The network has been severely breached," said the report. It said security

procedures at DigiNotar were clearly lacking because the tools the hackers used

and installed on network computers can be detected by standard anti-virus

software.

All evidence gathered by Fox-IT suggests that the attacks were carried out to

help surveillance of Iranian net users. More than 99% of the 300,000 IP

addresses known to have connected to Google's email service with the help of a

fake security certificate are in Iran.

Fox-IT noted that the use of the fake certificates would also have given

attackers access to small text files known as cookies that Google and many

others use to recognise regular visitors.

As a result, Fox-IT said: "It would be wise for all users in Iran to at least

logout and login but even better change passwords."

DigiNotar has called on the Dutch government to help it recover following the

attack. In its wake Google and many others have issued updates to ensure that

the fake certificates are no longer recognised.

DigiNotar is the second security certificate firm to suffer at the hands of

hackers. In March 2011, Comodo revealed that it had been hit and pointed the

finger at Iran.

Now evidence is emerging that the same hackers were behind both attacks

according to a message posted to the pastebin website. In the message, the

hacker or hackers claim to have access to four other security certificate

firms.