toggle

AAPL Stock: 121.3 ( -1.07 )

Printed from http://www.macnn.com

Hackers issue fake security certificates for CIA, Google

updated 05:00 pm EDT, Mon September 5, 2011

DigiNotar hack tied to Iranian government

A Dutch web security firm that sells security certificates, DigiNotar, was hacked back in July and fake certificates were issued to websites such as the CIA, Google, Microsoft and Twitter. DigiNotar just acknowledged the attack last week. Now, the Dutch government has taken over the company. It's also believed that the hacker or hackers operated with the cooperation of the Iranian government.

The hackers proceeded to issue hundreds of fake security certificates for large organizations such as the CIA, Google, Microsoft and Twitter, among others, the Dutch government revealed early on Monday. The latest browsers from Microsoft, Google and Mozilla reject the certificates from DigiNotar, however. Also on there are sites operated by Yahoo, Facebook, Microsoft, Google, Skype, AOL, Mozilla, TorProject, and WordPress, and spy agencies like Israel's Mossad and Britain's MI6.

Security certificates are used to authenticate websites and guarantee that communications between a browser and website are secure. Fake certificates can, in theory, be used for phishing attacks or to monitor communications without the user noticing.

A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

Experts made the Iranian tie-up because some of the certificates have embedded nationalist slogans in the Farsi language. Also, messages left on DigiNotar's site suggest the same.

A Mozilla developer cautions Iranian Internet users to update their browsers, log out and change the passwords of their e-mail and social services and accounts.

The Dutch government is looking for a replacement firm. [via The New York Times]




by MacNN Staff

toggle

Comments

  1. gskibum3

    Joined: Dec 1969

    0

    comment title

    A hacker needs to guide the target through a server under his control, so only ISPs or governments that control them can easily do so.

    Huh? Is there some error in editing here?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented