[+] Wayc0de's Blog[+]

07/09/11

Iranian net users hacked after security breach in Holland

Hackers used stolen security certificates to monitor Google visits, social media use and other online activity in Iran


hacker iran
 
Hackers have targeted Iranian web users using security certificates stolen from a Dutch IT firm. Photograph: Getty Images
 
About 300,000 Internet users in Iran were spied on last month by one or several hackers who stole security certificates from a Dutch IT firm, according to a report presented by the Dutch government.

Using certificates stolen from DigiNotar, the hacker – or hackers – monitored people as they visited Google, stole their passwords and obtained access to other services such as Facebook and Twitter, said another IT firm Fox-IT, which wrote the report.

Stolen certificates enable hackers to monitor web surfers without their knowing by pretending they are securely connected.

The report, which interior minister Henk Donner sent to the Dutch parliament, confirmed a statement last week from Google when it said that it had received reports of attacks on Google users and that "the people affected were primarily located in Iran".

"The list of domains and the fact that 99% of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," Fox-IT said.

Social media such as Twitter and YouTube were used during protests in Iran after presidential elections in 2009, and Iranian authorities have been trying to fight opposition on the internet, said Afshin Ellian, who fled Iran in the 1980s and is now a professor at Leiden University's law faculty.

"Tehran wants to be aware of oppositional activities inside and outside Iran. Using that information they can forcefully act against the opposition," Ellian said in his blog on Dutch magazine Elsevier's website.

In April, there were signs Iran was helping Syria crush anti-government protests with advice on monitoring and blocking internet use, a US official said at the time.

Donner told reporters he had not been able confirm that the certificates were hacked by Iranian state authorities.

"The only thing we have been able to establish is that the people who complained were in Iran," Donner said.
The Dutch government said on Sunday that state websites may no longer be safe following the DigiNotar attack and the cabinet was investigating whether they were were hacked by Iran.

The hackers also fabricated certificates for websites belonging to Israel's intelligence service, Mossad, the CIA and Britain's secret intelligence service, MI6, as well as other sites such as AOL and Microsoft, Fox-IT said.

The hackers left their fingerprint with the Persian words '"Janam Fadaye Rahbar", meaning "I will sacrifice my soul for my leader". An identical message was left when IT company Comodo was attacked in March.
DigiNotar's network and procedures had not been "sufficiently secure" to prevent the attack, Fox-IT said.
"The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers," Fox-IT said.

The Dutch government was investigating a hacking case against DigiNotar, and the company was held responsible for possible negligence, Donner said in a letter to parliament.

"We are looking at the criminal and civil responsibility. The company and its US mother company are co-operating," Donner said.

DigiNotar is owned by US.-listed IT firm VASCO Data Security International, which said in a statement earlier on Monday it did not expect the incident to have a significant impact on its future revenue or business plans.

nb : guardian

Tidak ada komentar:

Posting Komentar