Iranians hit in email hack attack

Iranian women at prayers, AP The fake certificates were used to snoop on messages sent via Google email

Related Stories

Up to 300,000 Iranians may have had their Google email monitored using security certificates stolen from Dutch firm DigiNotar.

The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates.

The report suggests the certificates were used in Iran to eavesdrop on email accounts.

The list has been passed to Google so it can tell victims they may have come under government scrutiny.

On 30 August, security firm Fox-IT was called in to analyse the sequence of events at DigiNotar that led to the security breach. It published its interim report late on 5 September.

DigiNotar is one of many firms which help to ensure that no-one is eavesdropping on secure communications between users and the sites they visit.

It does this via security certificates which act as a guarantee of identity so people can be sure they are connecting to the site they think they are.

Anyone armed with a rogue certificate for a web firm or service can impersonate that organisation and get at communications that would otherwise be impossible to read because they are encrypted.

Start Quote

The network has been severely breached”

End Quote Fox-IT

DigiNotar first took action to revoke fake security certificates on 19 July when it found that hackers had got access to its internal network.

The Fox-IT report suggests that the hackers were able to access those internal systems for a month before DigiNotar took action.

The first exploration by the hackers took place on 6 June, suggests the report, and the first rogue certificates were issued on 10 July.

"The network has been severely breached," said the report. It said security procedures at DigiNotar were clearly lacking because the tools the hackers used and installed on network computers can be detected by standard anti-virus software.

All evidence gathered by Fox-IT suggests that the attacks were carried out to help surveillance of Iranian net users. More than 99% of the 300,000 IP addresses known to have connected to Google's email service with the help of a fake security certificate are in Iran.

Fox-IT noted that the use of the fake certificates would also have given attackers access to small text files known as cookies that Google and many others use to recognise regular visitors.

As a result, Fox-IT said: "It would be wise for all users in Iran to at least logout and login but even better change passwords."

DigiNotar has called on the Dutch government to help it recover following the attack. In its wake Google and many others have issued updates to ensure that the fake certificates are no longer recognised.

DigiNotar is the second security certificate firm to suffer at the hands of hackers. In March 2011, Comodo revealed that it had been hit and pointed the finger at Iran.

Now evidence is emerging that the same hackers were behind both attacks according to a message posted to the pastebin website. In the message, the hacker or hackers claim to have access to four other security certificate firms.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Signposts showing the US and UK flagsAn ocean apart

    How British misunderstanding of the US is growing

  • Before and after shotsPerfect body

    Just how reliable are 'before and after' photos?

  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

  • A cow wearing sunglasses overlaid with the phrase 'Can't touch this'Cow row

    Thousands rally against the ban on beef in India

Elsewhere on the BBC

  • StudentsBull market

    Employers are snapping up students with this desirable degree


  • Former al-Qaeda double agent Aimen DeanHARDtalk Watch

    Islamic State is about revenge says former al-Qaeda member turned spy Aimen Dean

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.