Iran Behind SSL Certificate Theft?

Kara Reeder

TG Daily reports that Iranian hackers are believed to have been behind an attempted security breach of Comodo, a firm that issues Secure Socket Layer (SSL) certificates. If the attack proved successful, the hackers would be able to impersonate Google, Yahoo, Skype, Mozilla and Microsoft.

 

The SSL system uses digital certificates to assure Internet users of websites' authenticity, explains The Wall Street Journal. Comodo says it received requests for nine certificates from fraudulent websites set up in Iran. The company is not sure if the attackers received all nine certificates, but they do know that they definitely received one. Comodo says:

The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him.

Fraser Howard, principal threat researcher at Sophos, says:

Comodo's unfortunate security breach puts many consumers at risk, having opened the door for common and popular web sites visited by billions of people every day to have been spoofed.

Mikko Hypponen, chief research officer of F-Secure, explains the risk:

if you are a government and able to control internet routing within your country, you can reroute all, say, Skype users to fake https://login.skype.com and collect their usernames and passwords, regardless of the SSL encryption seemingly in place. Or you can read their email when they go to Yahoo, Gmail or Hotmail.

According to PCMag.com, Comodo believes the incident was a "state-driven attack" because the attacker would have needed access to critical Web infrastructure in the country.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data