Topic: Security

Iran linked to Google, Skype and Yahoo attack

Summary: A malicious attacker that appears to be the Iran government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype and other major websites says the security company affected by the breach.

By Declan McCullagh and Elinor Mills , CNET News | March 24, 2011 -- 04:47 GMT (21:47 PDT)

A malicious attacker that appears to be the Iran government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype and other major websites, the security company affected by the breach said on Wednesday. Iran malicious attack

Comodo, a Jersey City, NJ-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft's Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those websites — the ones that are used when encrypted connections are enabled — in some circumstances.

The IP addresses used in the attack are in Tehran, Iran, the firm said, which believes that because of the focus and speed of the attack, it was "state-driven". Spoofing those websites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read email messages and monitor any other activities its citizens performed, even if the connections were protected with SSL encryption.

For more on this story, read Google, Yahoo, Skype targeted in attack linked to Iran on CNET News.

Topics: Security, Browser, Collaboration, Google, Hardware, Processors, Software Development, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments

Log in or register to join the discussion

Nobody should be surprised by this

Given the heavy govt control of the internet over there.

LTV10
24 March, 2011 09:18

Reply Vote
RE: Iran linked to Google, Skype and Yahoo attack

Angry about Stuxnet I suppose.

ESoyke
24 March, 2011 10:03

Reply Vote
What about the US government?

And you don't the your own US government is doing things even more EVIL?

Here's a catchy title: "US government linked to Iran hostilities" for overthrowing a democratically elected leader in early 1950s, thus ushering the era of the vile puppet Shah who was later overthrown by Islamic Fundamentalists.

Ever heard of Echelon & Carnivore? Me thinks you doth protest too much.

maxtheitpro
24 March, 2011 11:59

Reply Vote
- RE: Iran linked to Google, Skype and Yahoo attack
  
  @maxtheitpro - might want to study history a bit better. Dr. Mohammed Mossadeq wasn't democratically elected by the people, rather was voted in by a parliament vote (and not by a majority, but by a large minority). This is quite different. The parliament wasn't democratically voted in either. So calling it an overthrow of one group of mullahs and sheiks and openly and financially supporting another group of mullahs and sheiks who would give the US oil companies back their assets that had been taken away by the good Doctor and his group is a different issue. <br><br>However, with any deal the US does, the people they back are not usually interested in democracy and free speech, just free trade or beneficial trade with the US. So the the Shah was given essentially a blank check with which to use his State Police to brutally crack down on the Iranian people which has since been replaced by a Fundamentalist regime which does the same to the Iranian people.<br><br>The Iranian people, for whom you seem to have concern, have never known democracy or free speech or even the freedom of movement. The attempt to get fake digital certificates to watch over their own people is still part of a long tradition of suppressing the Iranian people. However, it is not very successful in that the information does flow throughout the entire country regardless of how much the government tries to crackdown on preventing the current mullahs and sheiks (who really control Iran) from maintaining control.
  
  jbmetrics
  24 March, 2011 12:24
  
  Reply Vote
  - RE: Iran linked to Google, Skype and Yahoo attack
    
    @jbmetrics - thanks for that response. In no way do I support the mumerous tyrants the US has supported over the past century and a half, and pointing out that other western one non-western governments have done the same throughout recorded history still doesn't make it right, or noble, or good. But lest we forget, although what you say about Iran's repressive regimes, especially in the 3 decades is certainly true, some should recall that Iranians are properly called Persians, as in the Great Persian Empire which ruled most of the known world thousands of years ago. Now, the current citizens of any nation can't be held responsible for atrocities committed long before their time, but if maxtheitpro wants to bring up actions committed by the US decades ago then perhaps he should live by the same motto: "Me thinks he doth protest too much."
    
    xplorer1959
    24 March, 2011 16:21
    
    Reply Vote
  - RE: Iran linked to Google, Skype and Yahoo attack
    
    @jbmetrics large minority???????????????????????? THERE IS NO SUCH
    
    SMOKCHICAGO
    24 March, 2011 16:45
    
    Reply Vote
- What ABOUT the US government?
  
  @maxtheitpro
  Don't tell me. Let me guess. You're one of those moral relativist creeps who justifies invading the US Embassy the taking of 52 American hostages, people who had nothing to do with the early 1950s, and fitting it to your own libtard guilt trip. Either that or you doth wear a dirty towel over your head.
  
  So which is it, pal?
  
  HarryBrown
  25 March, 2011 04:34
  
  Reply Vote