{"id":6141,"date":"2011-03-28T22:29:30","date_gmt":"2011-03-29T02:29:30","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/?p=6141"},"modified":"2022-12-30T16:00:39","modified_gmt":"2022-12-30T21:00:39","slug":"cyber-attack-on-google-yahoo-skype-certs","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/cyber-attack-on-google-yahoo-skype-certs\/","title":{"rendered":"Cyber Attack on Google, Yahoo, Skype Certs"},"content":{"rendered":"

\"\"<\/em>TechyEye<\/em> says that the Iranian paramilitary<\/strong> “Basij<\/a>” group appears to have its own cyber warfare<\/a> division<\/strong> which is launching attacks on the websites of Iran’s<\/a> “enemies.” TechEye<\/em> says the paramilitary group is an arm of the Revolutionary Guard<\/a>“<\/strong>.<\/p>\n

\"Iran<\/a>The Associated Press<\/em><\/a> cites<\/a> General Ali Fazli, acting commander of the Basij, in the state-owned IRAN<\/em> paper as saying Iran’s cyber army consists of university teachers, students, and clerics. He said its attacks were a retaliation for similar attacks on Iran. The AP<\/em> quotes Fazli, “As there are cyber attacks on us, so is our cyber army of the Basij, which includes university instructors and students, as well as clerics, attacking websites of the enemy … Without resorting to the power of the Basij, we would not have been able to monitor and confront our enemies.”<\/p>\n

Iran has sought to master the digital world as a crucial step to prepare for what it calls “soft war”, which includes fighting against cyber attacks such as the Stuxnet computer worm that Iran said was aimed at sabotaging its uranium enrichment program.<\/p>\n

Until now the secretive “Cyber Army” that emerged to fight opposition websites and blogs after President Mahmoud Ahmadinejad’s disputed re-election in 2009 was believed to be part of the Revolutionary Guard. However in February according to the AP<\/em>, General Mohammad Ali Jafari, signaled that the Revolutionary Guard supports the cyber army, describing it as a “defensive, security, political and cultural need for all countries”. Jafari claimed at the time that the Guard has been successful in cyber warfare.<\/p>\n

\"Comodo<\/a>In another article<\/a> TechEye<\/em> recounts a possible Iranian cyber-warfare success. The article identifies Iran as the “state player” which hacked important Certificate Authority<\/a> (CA) certificate information at Comodo<\/a>. Digital certificates are used to vouch for the authenticity of a site owner and secure encrypted communications between sites and their users. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals\u2019 accounts, Mikko H. Hypponen<\/a>, chief research officer at F-Secure<\/a>, said in a blog post<\/a>.<\/p>\n

Security researcher and Tor developer Jacob Appelbaum<\/a> found the compromise and alerted\u00a0 Google and Mozilla.\u00a0 USERTRUST Network, a part of Comodo issued the compromised certificates. Writing from his blog <\/a>Mr. Appelbaum initially suspected the hack “was taken by a state-level adversary.” Comodo confirmed the attack and issued a statement naming Iran as the country it suspects. According to the Comodo blog<\/a>, the incident happened on March 15th, when unknown attackers managed to get access to one of the user accounts for the RA.<\/p>\n

An attacker obtained the username and password of a Comodo Trusted Partner in Southern Europe. \u00a0We are not yet clear about the nature or the details of the breach suffered by that partner other than knowing that other online accounts (not with Comodo) held by that partner were also compromised at about the same time.<\/em><\/p>\n

The attacker used the username and password to log in to the particular Comodo RA account and effect the fraudulent issue of the certificates.<\/p>\n

\"F-Secure<\/a>According to F-Secure, the targets included Google<\/a> (GOOG<\/a>), Microsoft<\/a> (MSFT<\/a>), and Yahoo<\/a> (YHOO<\/a>):<\/p>\n