Iran linked to massive net attack

Posted by Emma Woollacott

Iranian hackers are believed to be behind an attempt to hack the internet's Secure Socket Layer (SSL). If successful, it would have allowed the hackers to impersonate Google, Yahoo, Skype, Mozilla and Microsoft.

The SSL system uses digital certificates to guarantee identity, and it appears that the hackers somehow got access to the conmputer systems of Comodo, one of the firms that issues certificates.

"The attacker was well prepared and knew in advance what he was to try to achieve.  He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him," says Comodo.

"Although they requested nine certificates, we do not know if they received all of these certificates. We know that they definitely received one of the certificates."

If the attack was successful, the hacker would have been able to grab passwords, read email messages and monitor any other activities of users.

Comodo says that circumstantial evidence indicates that the attack originated in Iran - and that, given precedents, it was likely to have been state-sponsored. The site in Iran on which the certificate was tested quickly became unavailable, says Comodo.

"Comodo's unfortunate security breach puts many consumers at risk, having opened the door for common and popular web sites visited by billions of people every day to have been spoofed," says Fraser Howard, principal threat researcher at Sophos.

"Users on all platforms should ensure that they’ve got up-to-date certificate revocation data and appropriate browser settings.  From a more long term perspective, let’s hope this incident makes industry players audit, not only their own security systems and policies, but those of their trusted partners as well to protect browsers in the future. "

Microsoft's issued an advisory on the attack, here.