Last Wednesday, Comodo Group, the digital certificate authority and internet security, got hacked. It issued issued nine fraudulent certificates for sites run by Google, Yahoo, Microsoft, Skype and Mozilla. It looks like the hack that got these certificates was run by the same Iranian cyber army that earlier hacked the Voice of America.
In a blog post, Comodo explained that login information for an affiliate was obtained and used to break into the Comodo server and issue the certificates.
According to Comodo’s Philip Hallam-Baker, the attacks came from Iran, though he warns the route may be a false trace.
“The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran. A Web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP. The server in question stopped responding to requests shortly after the certificate was revoked.”
Hallam-Baker rightly points out that seizing entry to such high-traffic consumer sites, all of which are communications properties, would be of particular use to “a government attempting surveillance of Internet use by dissident groups.”
The hackers could, with such access, intercept communications from individual users, plant malware on their accounts, harvest login information and block circumvention addons.
Was it Iran? Or was it a country Iran was helping? Or was it a false trail?
Cyber-warfare is becoming all too common. Iran has done a lot of it. But some of it, like the Stuxnet virus, has been done to Iran. Online connections and nodes are starting to assume the warfare importance radio stations had once upon a time.
Other sources: NYT Bits