Iran accused in 'dire' net security attack

Mouse and keyboard, Eyewire The attack was run from servers based in Iran, suggests analysis

Related Stories

Hackers in Iran have been accused of trying to subvert one of the net's key security systems.

Analysis in the wake of the thwarted attack suggests it originated and was co-ordinated via servers in Iran.

If it had succeeded, the attackers would have been able to pass themselves off as web giants Google, Yahoo, Skype, Mozilla and Microsoft.

The impersonation would have let attackers trick web users into thinking they were accessing the real service.

Fake identity

The attack was mounted on the widely used online security system known as the Secure Sockets Layer or SSL.

This acts as a guarantee of identity so users can be confident that the site they are visiting is who it claims to be. The guarantee of identity is in the form of a digital passport known as a certificate.

Analysis of the attack reveals that someone got access to the computer systems of one firm that issue certificates. This allowed them to issue bogus certificates that, if they had been used, would have let them impersonate any one of several big net firms.

It appears that the attackers targeted the SSL certificates of several specific net communication services such as Gmail and Skype as well as other popular sites such as Microsoft Live, Yahoo and the Firefox browser.

SSL certificate issuer Comodo published an analysis of the attack which was carried out via the computer systems of one of its regional affiliates.

It said the attack exhibited "clinical accuracy" and that, along with other facets of the attack led it to one conclusion: "this was likely to be a state-driven attack."

It is thought it was carried out by the Iranian authorities to step up scrutiny of opposition groups in the country that use the web to co-ordinate their activity.

The bogus certificates have now been revoked and Comodo said it was looking into ways of improving security at its affiliates.

Browsers have also been updated so anyone visiting a site whose credentials are guaranteed by the bogus certificates will be warned.

Writing on the blog of digital rights lobby group the Electronic Frontier Foundation, Peter Eckersley, said the attack posed a "dire risk to internet security".

"The incident got close to — but was not quite — an internet-wide security meltdown," he said.

"We urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and e-mail systems," said Mr Eckersley.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

Elsewhere on the BBC

  • UnderwaterHidden depths

    How do you explore the bottom of the ocean? BBC Future finds out

Programmes

  • The challenge is to drop a bottle of water within 100 metres of this dummyClick Watch

    The race to get water – transported by drone – to a man stuck in remote Australia

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.