Hacked Dutch CA Threatens Iranian Dissidents

[Schneibster]

A Dutch Certificate Authority, DigiNotar, has been taken over by the Dutch government due to lack of confidence in their security. Since they provide SSL certificates for banks and other sensitive transactions, this is a real major problem. The goal appears to have been to compromise the Gmail accounts of dissidents in Iran.

Hackers broke in and used DigiNotar's root certificate to issue certificates for sites including Gmail and Google, MI6, the CIA, Facebook, Microsoft, and Skype and Twitter. The number of issued certificates was originally reported at around 250, but this has suddenly doubled in the last couple days, probably leading to the government takeover.

To give an idea of how serious this can be, Verisign keeps their root CA certificates on computers inside a complex with barbed wire, patrolling attack dogs, and guards with automatic weapons. These measures are required by their insurance company; without them, the insurers will not provide them with liability insurance. The site is not connected to the Internet; certificates generated from the root CA certificates are carried out on removable media after generation.

The Gmail certificate(s) could be used to perpetrate an attack in which the user compromises their password, by allowing an attacker to spoof the victim's browser into believing the user is connected to Gmail, after which they enter their username and password, are denied, and are re-forwarded to Gmail to prevent them realizing they've been compromised. Attackers, presumably members of the security service in Iran, could later log in to their accounts and read their email, possibly finding evidence that could be used to persecute them.

The certificates have been revoked, but it was not clear to me from reading the article whether that was all of them, or only the first 250-some-odd. Revocation will cause browsers to bring up warnings, but only after the revocation has propagated, which is an autonomous process that is not under user control.

Read all about it.

[Schneibster]

Next bit: Looks like they got 300,000 Iranians to try to log in using the fake certificates:

http://www.pcworld.com/businesscenter/a ... mised.html

I'm guessing next comes the purge. So much for how "enlightened" the Iranians are, and how "evil" the US is for opposing the mullahs. How many people do you suppose they're going to torture to death this year?

[Gawd]

Next bit: Looks like they got 300,000 Iranians to try to log in using the fake certificates:

http://www.pcworld.com/businesscenter/a ... mised.html

I'm guessing next comes the purge. So much for how "enlightened" the Iranians are, and how "evil" the US is for opposing the mullahs. How many people do you suppose they're going to torture to death this year?

Fewer than the Americans. It's true.

[Schneibster]

The UN disagrees with you and the General Assembly of the UN approved a resolution expressing deep concern at the ongoing human rights violations in Iran in December of 2010.

There don't appear to be any UN resolutions expressing concern about human rights violations by the US. Perhaps you'd care to explain why.

[Gawd]

The UN disagrees with you and the General Assembly of the UN approved a resolution expressing deep concern at the ongoing human rights violations in Iran in December of 2010.

There don't appear to be any UN resolutions expressing concern about human rights violations by the US. Perhaps you'd care to explain why.

Ever heard of who is on the UN Security Council that can veto anything they want?

[Schneibster]

This is the General Assembly.

[Gawd]

This is the General Assembly.

And the General Assembly voted to condemn Israel and guess who vetoed it?

[Schneibster]

And that changes the fact that Iran is engaged in massive human rights abuses because...?

Don't change the subject.

ETA: You and I both know perfectly well who did that hack, and why. I guess they had to do something with all those SAVAK guys, right?

Remember Neda.

[Gawd]

And that changes the fact that Iran is engaged in massive human rights abuses because...?

Don't change the subject.

Well, if you don't make Israel follow it, Iran doesn't have to.

[Schneibster]

Remember Neda.

[Robert_S]

And that changes the fact that Iran is engaged in massive human rights abuses because...?

Don't change the subject.

Well, if you don't make Israel follow it, Iran doesn't have to.

Lawd forbid anyone condemn anything until Israel has her shit perfect.

[Gawd]

And that changes the fact that Iran is engaged in massive human rights abuses because...?

Don't change the subject.

Well, if you don't make Israel follow it, Iran doesn't have to.

Lawd forbid anyone condemn anything until Israel has her shit perfect.

Israel never gets sanctioned. Fact.

[Schneibster]

This thread is not about Israel. It is about human rights violations in Iran, and about Iranian government hacking to try to catch dissidents so they can torture them.

Remember Neda.

[Schneibster]

Do feel free to start a thread about Israel and the Israeli/Palestinian conflict; you will find I am critical of both Israel and the Palestinians. But this is not that thread. Here we're talking about human rights violations in Iran, and about the Iranians apparently hacking a Dutch CA in order to catch more dissidents so they can torture them.

[Gawd]

Do feel free to start a thread about Israel and the Israeli/Palestinian conflict; you will find I am critical of both Israel and the Palestinians. But this is not that thread. Here we're talking about human rights violations in Iran, and about the Iranians apparently hacking a Dutch CA in order to catch more dissidents so they can torture them.

No need, I have my own forum for that stuff.