Hackers spied on 300,000 Iranians using fake Google certificate Investigation reveals month-long, massive Gmail snooping campaign


By Gregg Keizer
September 6, 2011 05:43 AM ET

Computerworld - About 300,000 Iranians had their Gmail accounts compromised and their messages read by hackers, according to a forensics firm that has investigated the theft of hundreds of digital certificates from a Dutch company.

Although the report did not identify the hacker, or hackers, who may have spied on the Iranian users, security researchers have pointed to Iran's government, which has been linked to other attempts to intercept the communications of activists and protesters.

The report was issued Monday by Fox-IT, a digital investigative company retained by the Dutch government after DigiNotar's servers were hacked and more than 500 Secure Socket Layer (SSL) certificates were fabricated by intruders. Among the certificates were several that could be used to impersonate any Google site or service, including Gmail.

SSL certificates are used by websites and browsers to identify a site as legitimate and can be abused to disguise unauthorized domains using "man in the middle" attacks.

Fox-IT said that approximately 300,000 IP addresses, each representing at least one computer and so at least one user, had accessed sites displaying a fake certificate for google.com between July 27 and Aug. 29. Nearly all -- Fox-IT said 99% -- of those IP addresses originated in Iran.

Investigators assumed that the google.com certificate was used primarily to spy on Iranians' Gmail accounts.

"Using this [Gmail authentication] cookie, the hacker is able to log in directly to the Gmail mailbox of the victim and also read the stored emails," said Fox-IT. The hackers could also use the same credentials to log onto other Google services, including Google Docs and Google Latitude -- in the latter case, to identify the exact location of the victim -- and hijack Facebook and Twitter accounts.

The report confirms what Google said last week, when it acknowledged that Gmail users had been attacked and said "the people affected were primarily located in Iran."

Fox-IT posted a simulation of the traffic that went through the fake google.com domain on YouTube to illustrate Iran's dominance.

While Fox-IT did not accuse the Iranian government of conducting or sponsoring the attack, it made clear the motivation behind what it called "Operation Black Tulip."

"The list of domains and the fact that 99% of the users are in Iran suggest that the objective of the hackers is to intercept private information in Iran," the company said in its report.

Some security researchers have suspected that Iran's government was behind the certificate theft and subsequent attack since news broke a week ago. The Fox-IT report only reinforced their beliefs.

"This is the most solid evidence yet that these certificates may have been used by the Iranian government or ISPs to spy on private communications of Iranian Internet users," said Chet Wisniewski, a security researcher at U.K.-based Sophos, in a blog post Monday.

In a letter to the Dutch parliament made public Monday, the ministers of the Interior and Security and Justice said the government was investigating DigiNotar for possible negligence.

Fox-IT's reports painted a bleak picture, saying that DigiNotar was unaware for weeks that hackers controlled its servers, that the server software was outdated and unpatched, and that it was not protected by antivirus software, which would have sounded the alert when the intruders planted malware on the machines.

And the attacks against DigiNotar continue, the report said.

"Current analyses still show hacking attempts on the Web server originating from Iran," Fox-IT said.

http://bit.ly/pAxTQD

Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more