In Iran, new attack escalates ongoing cyberconflict

The attack on Comodo's digital certificates represents a new tactic in a long-running war

By , IDG News Service |  Internet

A cyber-attack linked to Iran this week is the latest in a string of cyber-events that some say represents a new step in a shadowy and long-running war between the Iranian government and those who criticize it on the Internet.

Comodo Group, a seller of digital certificates, said that an unnamed partner was compromised on the evening of March 15. The attack was worrying because the kind of digital Secure Sockets Layer (SSL) certificates that Comodo sells are an important part of the infrastructure used to secure the Internet. These certificates are encrypted files that tell the browser it's securely connecting with the real Gmail.com, for example, and not an imposter site. They help prevent phishing attacks, but in a country like Iran, they can be critical to dissidents, helping to keep private communications safe from prying eyes.

The attack was well-planned and carefully executed, but according to Comodo, it was quickly detected. Massimo Penco, a vice president of Comodo based in Italy, said he received an alert around 7 p.m. on March 15 that something unusual was going on.

"Someone issued a certificate for Google, but we didn't have a request from Google," he said. Within 15 minutes of this happening, he was on the phone asking colleagues in New Jersey to lock the system down, he said. The certificate for Google was revoked within an hour or so, along with eight others that had been issued in the meantime.

Comodo doesn't know who was behind the attack. In the hacking world, it's standard practice to hop from computer to computer as a way of hiding one's tracks. And a secretive country such as Iran is unlikely to share information with Western investigators.

Still, Iran has the means, motive and opportunity to pull off an attack like this in order to spy on supposedly secured communications between Iranians and the servers used by companies such as Google, Skype and Microsoft, all of whose certificates were spoofed in the attack, said Melih Abdulhayoglu, Comodo's founder and CEO. "All things point to the Iranian government and their newly founded cyberwarfare department," he said.

Representatives with Iran's Permanent Mission to the United Nations were unable to comment Friday.

The Iranian government has been interested in monitoring and controlling its citizens' Internet use for close to a decade now, said Mehdi Yahyanejad, founder of the popular Iranian discussion site Balatarin.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness