Hackers who broke into a Web security firm issued hundreds of bogus security certificates for spy agency Web sites, including the CIA, as well as for Internet giants, such as Google, Microsoft and Twitter, the Dutch government said on Monday.
Information Technology experts say they suspect the hackers were probably cooperating with the Iranian government and hundreds of thousands of private communications between Iranian Internet users and Google were likely monitored last month.
Roel Schouwenberg of Internet security firm Kaspersky said on Monday night that the incident could have a larger political impact than Stuxnet — a computer worm discovered in July last year which targeted Siemens industrial software and equipment running on Microsoft Windows.
“A government operation is the most plausible scenario,” he said.
The latest versions of browsers such as Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar.
In a statement on Monday, the Dutch government released findings that greatly expand the scope of the hacking attack that DigiNotar first acknowledged last week. External information technology experts reviewing DigiNotar’s computer systems said the hack may have begun in June, not July as DigiNotar had previously said.
The experts said it had affected access not only to Google, but included 531 fake certificates for about 344 domains, including sites operated by Yahoo, Facebook, Microsoft, Skype, AOL, Mozilla, TorProject and WordPress, as well as spy agencies including the CIA, Israel’s Mossad and Britain’s MI6.
DigiNotar is one of many companies that sell the SSL security certificates widely used to authenticate Web sites and guarantee that communications between a user’s browser and a Web site are secure.
In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site or it can be used to monitor communications with the real sites without users noticing.
However, in order to actually pass off a fake certificate, a hacker must be able to steer his target’s Internet traffic through a server he controls. That is something that only an Internet Service Provider (ISP) can easily do — or a government that commands one.
The external review by Fox-IT — a Dutch company, with offices in Aruba and the UK — found that one fake certificate for Google.com was used 300,000 times between its activation on Aug. 4 and when it was revoked on Aug. 29. Almost all usage came from Iran.
“The list of domains and the fact that 99 percent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran,” it said.
The hack of DigiNotar closely resembles one in March of the US security certificate issuer Comodo Inc. The Fox-IT report said that the hackers erased some evidence of their break-in, but purposefully left behind at least one message in one script: “My signature as always, Janam Fadaye Rabhar,” which means: “I will sacrifice my soul for my leader” in the Farsi language spoken by Iranians.
CONFRONTATION: The water cannon attack was the second this month on the Philippine supply boat ‘Unaizah May 4,’ after an incident on March 5 The China Coast Guard yesterday morning blocked a Philippine supply vessel and damaged it with water cannons near a reef off the Southeast Asian country, the Philippines said. The Philippine military released video of what it said was a nearly hour-long attack off the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) in the contested South China Sea, where Chinese ships have unleashed water cannons and collided with Philippine vessels in similar standoffs in the past few months. The China Coast Guard and other vessels “once again harassed, blocked, deployed water cannons, and executed dangerous maneuvers” against a routine rotation and resupply mission to
GLOBAL COMBAT AIR PROGRAM: The potential purchasers would be limited to the 15 nations with which Tokyo has signed defense partnership and equipment transfer deals Japan’s Cabinet yesterday approved a plan to sell future next-generation fighter jets that it is developing with the UK and Italy to other nations, in the latest move away from the country’s post-World War II pacifist principles. The contentious decision to allow international arms sales is expected to help secure Japan’s role in the joint fighter jet project, and is part of a move to build up the Japanese arms industry and bolster its role in global security. The Cabinet also endorsed a revision to Japan’s arms equipment and technology transfer guidelines to allow coproduced lethal weapons to be sold to nations
Thousands of devotees, some in a state of trance, gathered at a Buddhist temple on the outskirts of Bangkok renowned for sacred tattoos known as Sak Yant, paying their respects to a revered monk who mastered the practice and seeking purification. The gathering at Wat Bang Phra Buddhist temple is part of a Thai Wai Khru ritual in which devotees pay homage to Luang Phor Pern, the temple’s formal abbot, who died in 2002. He had a reputation for refining and popularizing the temple’s Sak Yant tattoo style. The idea that tattoos confer magical powers has existed in many parts of Asia
ON ALERT: A Russian cruise missile crossed into Polish airspace for about 40 seconds, the Polish military said, adding that it is constantly monitoring the war to protect its airspace Ukraine’s capital, Kyiv, and the western region of Lviv early yesterday came under a “massive” Russian air attack, officials said, while a Russian cruise missile breached Polish airspace, the Polish military said. Russia and Ukraine have been engaged in a series of deadly aerial attacks, with yesterday’s strikes coming a day after the Russian military said it had seized the Ukrainian village of Ivanivske, west of Bakhmut. A militant attack on a Moscow concert hall on Friday that killed at least 133 people also became a new flash point between the two archrivals. “Explosions in the capital. Air defense is working. Do not