Google, Yahoo, Skype targeted in possible ‘state-driven’ hack from Iran
This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.
Possible ‘state-funded’ hackers from Iran may be behind an unsuccessful Web-based attack that almost left Google, Yahoo, Skype and Mozilla open to impersonation, according to an Internet security company.
New Jersey-based Comodo Group Inc. sells and issues digital authentication certificates that guarantee a website is legitimate based on an Internet security protocol called Secure Sockets Layer (SSL). The company said Wednesday that it had sold nine certificates to websites that turned out to be fake.
The March 15 attack was discovered and the certificates were revoked, the company said. A subsequent investigation traced the efforts to an IP address in Iran. Since the fraud targeted communication services, such as Google’s Gmail site and Web-based calling service Skype, and not financial information as a ‘typical cyber criminal might,’ Comodo initially concluded that the attack was a coordinated effort by the Iranian government.
‘The Iranian government has recently attacked other encrypted methods of communication,’ an incident report on the Comodo website said. ‘All of the above leads us to one conclusion only: that this was likely to be a state-driven attack.’
If the attack had been successful, a person in Iran could have logged into his Gmail account, for example, and been redirected to a fraudulent website where his activities could be monitored. News of the website is especially significant given the recent popular uprisings and protests across the Middle East, where Internet-based communications on social media sites such as Facebook played an important role in both citizens’ efforts to stage protests and governments’ attempts to dampen them.
‘It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups,’ Comodo said.
However, the company warned that while ‘the involvement of two IP addresses assigned to Iranian ISPs is suggestive ... this may be the result of an attacker attempting to lay a false trail.’