Firm points finger at Iran for SSL certificate theft
Bogus certificates obtained for Google, Microsoft, Skype and Yahoo sites
Computerworld - Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.
The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm.
Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran.
"We believe these are politically motivated, state driven/funded attacks," said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, N.J.-based security company that is also allowed to issue site certificates.
"One of the origins of the attack that we experienced is from Iran," Abdulhayoglu said in an online statement. "What is being obtained would enable the perpetrator to intercept Web-based email/communication and the only way this could be done is if the perpetrator had access to the country's DNS infrastructure (and we believe it might be the case here)."
Comodo's security blog offered more details of the Iranian connection and claimed that at least two Iranian IP addresses and one ISP were involved.
"The IP address of the initial attack ... has been determined to be assigned to an ISP in Iran," said Comodo. "A Web survey revealed one of the certificates [was] deployed on another IP address assigned to an Iranian ISP."
That server went offline shortly after Comodo revoked the certificates.
Fake certificates can be used by attackers to fool users into thinking that they're at a legitimate site when in reality they're not, said Andrew Storms, director of security operations at nCircle Security.
"They would be used in a 'man in the middle' kind of attack," said Storms. "They could use [the bogus certificates] to host a site that looks like one of these real sites, then capture people's log-ins."
Comodo echoed Storms' take on the attack's implication but speculated that it was a government-backed effort.
"It does not escape [our] notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups," Comodo said. "The attack comes at a time when many countries in North Africa and the [Persian] Gulf region are facing popular protests."
According to a Microsoft security advisory published earlier today, the nine fake certificates were issued for login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and Global Trustee.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts