Government Trust Certificates Israel

Hackers target Google users with fake SSL certificate

Web giant Google has revealed that hackers have been using a fake security certificate to eavesdrop on users based in Iran.

Secure websites prevent hackers from intercepting messages by using SSL (secure sockets layer) certificates. Issued by various certification authorities (CA), these tell the users' browser that a website can be trusted. Fake certificates can be used to trick users' into thinking a malicious site is legitimate or, in a so-called 'man in the middle' attack, to redirect traffic through a malicious site where it can be intercepted or even changed.

Google says that hackers have been using a fake certificate, issued by a Dutch CA called DigiNotar which "should not issue certificates for Google". The CA has since revoked the certificate, and Google, Microsoft and Firefox-maker Mozilla have all issued patches that mean their browsers will no longer trust DigiNotar's certificates.

DigiNotar has not revealed how or why the false certificate was issued. One possibility is that it was hacked itself – this happened to another CA, Comodo, earlier this year. Comodo said at the time that it had been breach by hackers that appeared to originate in Iran.

Iran is one of the countries embroiled in so-called "cyber warfare". Its government says that the US and Israel were behind Stuxnet virus that infected Iranian nuclear control systems last year, while a group called the Iranian Cyber Army has hit pro-US websites and has been accused of involvement in the Comodo attack.

As with all "cyber war" activities, however, it is difficult to ascertain whether the perpertrators are as they seem or are using a politically plausible cover for their actions.

Rogue web certificate could have been used to attack Iran ...

Security researchers are warning a web certificate is being used that could let hackers steal passwords and data from apparently secure connections to Google sites such as Gmail.

Internet users in Iran are believed to be at particular risk from the rogue SSL certificate, which is used to digitally “sign” HTTPS connections to any google.com site and was issued by a Dutch company called DigiNotar on 10 July. In particular, dissidents who trust Google’s systems for their security may have been targeted in the attack.

DigiNotar – which does not have any direct business relationship with Google – has not said who the certificate was issued to, but the effect would be that someone could think they were logged securely into a site and that their communication would be encrypted; but instead attackers controlling the network could eavesdrop on all their keystrokes, including passwords. This is known as a “man in the middle”, or “MITM”, attack.

The first person to have noticed the rogue certificate appears to be an Iranian user, who posted about it on a Google support forum , asking whether it was an MITM attack. The problem was observed on multiple internet service providers, leading to concerns the government there might be using it to monitor dissidents and steal login details.

The user also noted that connections to google.com seemed to take a longer path than connections to youtube.com, yahoo.com and bing.com. The certificate did not seem to be in constant use: “I see this fake certificate only 30 minutes or one hour per day maybe they just test how sniff their users!”, wrote the discoverer.

Microsoft on Monday night removed the certificate from its list of allowed certificates with its browsers. That should mean users would get an “invalid certificate” warning if they try to log in to a Google site that presents the rogue certificate, in which case they should reject the connection.

Trust, the social virtues and the creation of prosperity

What Is Government?

The Speed of Trust, The One Thing That Changes Everything

Wiki government, how technology can make government better, democracy stronger, and citizens more powerful

The Case for Israel