- Obama tells DNC fundraising crowd: ‘I’m not overly partisan’
- Chambliss: Downed jet ultimately goes back to Putin
- Perdue strategy: Run against Reid, Obama, Pelosi
- White House: More changes to contraception mandate coming
- ‘Operation Normandy’ set to send 3,500 volunteers to border to ‘stop an invasion’
- Netanyahu’s spokesman: Safe to fly to Israel
- Oregon vandals smear cars with doughnuts, pastries, chocolate bars
- Obama’s ‘Katrina moment’ leaves his favorability factor at 42 percent
- Feds tout nearly 200 arrests, $625K in seized cash in Texas border crackdown
- Joy Behar: Sarah Palin should be ‘turning letters over on some game show’
Online shopping, banking at risk from increased hacking
Question of the Day
Claiming to be a 21-year-old Iranian patriot, Comodohacker has said in a series of boastful tirades that he targeted “spies” and “enemies of Iran and … Islam.”
He has threatened Iranian opposition groups, saying their members “should [be] afraid of me personally — As I live, you don’t have privacy in internet, you don’t have security in digital world, just wait and see.”
“I won’t let anyone inside Iran, harm people of Iran, harm my country’s Nuclear Scientists, harm my Leader [which nobody can], harm my President,” he wrote.
In one message, he used the signoff “Janam Fadaye Rahbar,” which means “I will sacrifice my soul for my leader” in Persian, an apparent reference to the Iran’s spiritual leader, Ayatollah Sayyed Ali Khamenei.
Mr. Prins said the same phrase was used in some code in the hacks: “He left fingerprints,” apparently deliberately.
Mr. Prins said only one of the fraudulent certificates appeared to have been used — the one for Google, which enabled eavesdropping on about 300,000 Iranian Gmail accounts.
Some security specialists have surmised that Comodohacker was a front for an Iranian spy agency or turned over some of his forged certificates to Iran’s intelligence services.
“The objective [of the hack] appears to have been to intercept private communications of users in Iran,” Mr. Prins said, declining to speculate about who might be behind it.
If an intelligence agency was behind the hack, it would not be the first time a nation-state had used fraudulent SSL certificates. One was used in the Stuxnet computer worm, which attacked Iran’s nuclear program in 2009 and came to light last year. Stuxnet is widely believed to be the work of a national intelligence agency, possibly the United States.
But the real threat to SSL comes from the proliferation of techniques and technology developed by nation-states, individuals like Comodohacker, criminal gangs and hacker/activist groups.
“The copycat effect is very concerning,” said Mr. Jevans. “The next step is the Russian crime syndicates will use it” to drain bank accounts.
Part of the problem is that Web browsers referring to lists of revoked certificates is as outmoded as shopkeepers checking printed lists of stolen credit car numbers, he said.
“There’s no person or service or company searching for fraudulent certificates,” Mr. Jevans. “Browser manufacturers need to get their act together — until then, consumers will be at risk.”
Ms. Landesman predicted that “the vast majority of users engaged in e-commerce will be unaffected and will continue to buy and sell online.”
Mr. Jevans agreed. “E-commerce is so big — it’s unstoppable,” he said, but cautioned “individual people are at risk, individual businesses are at risk.”
© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.
About the Author
TWT Video Picks
Retailer pays a price for getting too close to Obama
- CARSON: Costco and the perils of mixing politics and business
- David Perdue defeats Jack Kingston in Georgia Republican Senate primary runoff
- IRS seeks help destroying another 3,200 computer hard drives
- Beretta moving to Tennessee over Maryland gun laws
- D.C. appeals panel deals big blow to Obamacare subsidies
- 'Straight White Guy Festival' supposedly set for Ohio park
- HURT: The cost of 'free' water in Detroit
- EDITORIAL: Obamacare in intensive care
- Pentagon team dispatched to Ukraine amid crisis with Russia
- Contrasting judgments on Obama's health care hours apart; appeals court calls subsidies unlawful
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq