Quantcast
Latest Stories
Home > Technology > Columnists > Web certificate fraud bears Iranian fingerprints

Web certificate fraud bears Iranian fingerprints


12:37 pm | Friday, March 25th, 2011

SAN FRANCISCO—Hackers from Iran are suspected of swiping authentication data from a US computer security firm in an attempt to impersonate popular Google or Yahoo! sites.

“The incident got close to, but was not quite, an Internet-wide security meltdown,” Electronic Frontier Foundation senior staff technologist Peter Eckersley said in a message posted at the group’s website.

Hackers using computers with addresses in Iran posed as a European affiliate of New Jersey-based Comodo on March 15 to get digital certificates allowing the creation of imitation Google, Yahoo!, Microsoft or Skype log-in pages.

“The attacker was well prepared and knew in advance what he was to try to achieve,” Comodo said in an online message regarding the attack. “He seemed to have a list of targets that he knew he wanted to obtain certificates for.”

The hacker got “SSL certificates,” essentially digital credentials, to pose as mail.google.com, google.com, login.yahoo.com, login.skype.com, addons.mozilla.org, global.trustee and login.live.com.

“These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website,” the US Computer Emergency Readiness Team warned.

One of the online identities was tested on an Iranian computer server but the others appeared not to have been used, according to Comodo, which said that it revoked the credentials within hours.

Microsoft, Mozilla, and Google have updated their Web browsing software to prevent being duped into trusting bogus websites using the credentials.

“These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer,” Microsoft said in a security advisory.

Whoever was behind the attempt appeared to be out to monitor or intercept email messages or Skype calls.

“This was likely to be a state-driven attack,” Comodo said. “The circumstantial evidence suggests that the attack originated in Iran.”

Follow us on Facebook Follow on Twitter Follow on Twitter




Recent Stories:

US stocks dip despite M&A activity 3 hours elapsed Tornado hits Oklahoma City suburb 3 hours elapsed Gay man’s killing in NYC leads to police increase 3 hours elapsed Asia-Pacific leaders warn of water conflict threat 4 hours elapsed Yahoo! confirms Tumblr deal for $1.1B 4 hours elapsed Mobiles offer financial lifeline to Asian migrants—study 4 hours elapsed Protest rally planned after gay man murdered in Manhattan 6 hours elapsed Fil-Ams voted for 10 of 12 Aquino-backed candidates 6 hours elapsed
Complete stories on our Digital Edition newsstand for tablets, netbooks and mobile phones; 14-issue free trial. About to step out? Get breaking alerts on your mobile.phone. Text ON INQ BREAKING to 4467, for Globe, Smart and Sun subscribers in the Philippines.

Tags: hacking , Internet , Software



Copyright © 2013,
.
To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.
Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:
c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City, Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94
Advertisement
  1. Metro’s traffic situation may now be monitored via smart phones, tablets
  2. Hontiveros shows there’s life outside Senate
  3. Mobiles offer financial lifeline to Asian migrants—study
  4. Yahoo! confirms Tumblr deal for $1.1B
  5. Hong Kong launches first electric taxis
  6. Google snaps Australian couple ‘having sex on road’
  7. Yahoo! to buy blog-maker Tumblr for $1.1B—report
  8. Enrile story goes viral: ‘The audacity,’ that’s our money!
  9. Free Inquirer tablets for lucky INQSnap readers
  10. ‘Hatchet hitchhiker’ arrested in US murder
  1. Hontiveros shows there’s life outside Senate
  2. Gordon’s nickname ‘Dick’ sparks jokes on Twitter
  3. BlackBerry CEO unveils new smartphone
  4. Samsung announces 5G data breakthrough
  5. Smartmatic lets PPCRV examine audit logs
  6. Telcos to Comelec: What weak signal?
  7. Enrile story goes viral: ‘The audacity,’ that’s our money!
  8. Update to address Windows 8 confusion will be free
  9. Facebook and Twitter jump on Google glasses
  10. Big 4 cell-phone carriers unite on anti-texting ads
  1. Hontiveros shows there’s life outside Senate
  2. Gordon’s nickname ‘Dick’ sparks jokes on Twitter
  3. How to organize your busy life with Samsung Galaxy Note 8.0
  4. Multiply.com closes shop
  5. Nokia launches $99 smartphone targeting emerging-market users
  6. Smartphones overtake ‘dumb’ phones worldwide
  7. Samsung announces 5G data breakthrough
  8. How international cyber thieves did it

News

  • Tornado hits Oklahoma City suburb
  • Fugitive Joavan caught in Moalboal resort before he flees to Negros Oriental
  • Davide braces for Capitol payables; meets officials
  • Rama on vacation as ally hits BO-PK on poll protest bid
  • Vietnam rice stocks arrive in Cebu

    • Sports

  • Aces not one and done, says Uytengsu
  • What a class act by Alaska
  • Caluag rules Asian BMX Elite category
  • Emperado claims 2nd GM victim, shares lead
  • Fruitas, Boracay seek semis berths Tuesday

    • Lifestyle

  • Olongapo nurse crowned Miss PH-Earth on second try
  • These dogs can fly– and that includes asPins, too
  • Hair: It doesn’t only reflect your beauty, it also says something about your health
  • Learn ‘the ropes’ to get in shape
  • Can the ability to bilocate be inherited?

    • Entertainment

  • Single Review: ‘Up In The Air’ by 30 Seconds To Mars
  • Arnel Pineda: Journey to go on a hiatus after 2016
  • Heard: Sir Chief on being ‘Papa-ble!’
  • Double victory for Yllanas
  • K-pop’s G Dragon eager for challenge of solo tour

    • Business

  • US stocks dip despite M&A activity
  • MyxTV launches app on Roku
  • Asian shares higher on US gains
  • PH approves three new wind farms
  • BIR exceeds April collection target

    • Technology

  • Yahoo! confirms Tumblr deal for $1.1B
  • Mobiles offer financial lifeline to Asian migrants—study
  • Metro’s traffic situation may now be monitored via smart phones, tablets
  • Yahoo! to buy blog-maker Tumblr for $1.1B—report
  • Free Inquirer tablets for lucky INQSnap readers

    • Opinion

  • Editorial cartoon, May 21, 2013
  • Reliance on remittances
  • Shattered bamboo reeds
  • Ideal worlds
  • The sheer inadequacy of single-factor analyses

    • Global Nation

  • Fil-Ams voted for 10 of 12 Aquino-backed candidates
  • Different versions of letter of apology show insincerity—Taiwan representative
  • Manila, Taipei agree on ‘cooperative’ probe
  • Saudi signs accord to protect PH maids
  • Binay urges Taiwan to protect Filipino workers
    • Marketplace
    Advertisement
    © Copyright 1997-2013 INQUIRER.net | All Rights Reserved