- ISIL creates all-female brigade to terrorize women into following Sharia law
- ISTOOK: Obama wants to be impeached
- Obama to Latin leaders: Help with border
- Military bans troops from Baptist church event honoring ‘God’s Rescue Squad’
- ‘Pocket drones’: U.S. Army developing tiny surveillance tools for the next big war
- Belgian cafe posts sign: Dogs allowed, but Jews stay out
- Gen. Dempsey: Pentagon studying Russian readiness plans not viewed ‘for 20 years’
- John McCain: Botched, two-hour execution of murderer is ‘torture’
- House GOP ready to move border bill
- Bomb squad called after live WWII artillery washes on Cape Cod beach
Iran suspected in Dutch hacking
Culprits broke in to security firm, issued fake papers
Question of the Day
AMSTERDAM — Hackers who broke in to a Dutch Web-security firm have issued hundreds of bogus security certificates for spy-agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the government said Monday.
Experts say they suspect the hacker - or hackers - operated with the cooperation of the Iranian government.
So far, only a handful of users in Iran are known to have been affected. In addition, the latest versions of browsers such as Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar.
But in a statement Monday, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar first acknowledged last week.
DigiNotar is one of many companies that sell the security certificates widely used to authenticate websites and guarantee that communications between a user’s browser and a website are secure.
In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a website, or used to monitor communications with the real sites without users noticing.
But in order to pass off a fake certificate, a hacker must be able to steer his target’s Internet traffic through a server he controls. That’s something that only an Internet service provider can easily do - or a government that commands one.
Technology experts cite a number of reasons to believe the hacker - or hackers - were based in Iran and cooperated with the Iranian government, perhaps in attempts to spy on dissidents. Notably, several of the certificates contain nationalist slogans in the Farsi language.
“This, in combination with messages the hacker left behind on DigiNotar’s website, definitely suggests that Iran was involved,” said Ot van Daalen, director of Bits of Freedom, an online civil liberties group.
The hack of DigiNotar closely resembles one in March of the U.S. security firm Comodo Inc., which was also attributed to an Iranian hacker.
Gervase Markham, a Mozilla developer who has been involved in the response to the DigiNotar failure, warned Iranian Internet users on Monday to update their browsers, “log out of and back into every email and social media service you have” and change all passwords.
Mr. van Daalen said he believed the DigiNotar incident will ultimately lead to a reform of authentication technology.
Although no users in the Netherlands are known to have been victimized directly by the hack, it has caused a major headache for the Dutch government, which relied on DigiNotar for authentication of most of its websites.
TWT Video Picks
President wants everyone but himself to pay more
- ISTOOK: Obama wants to be impeached
- 'We're coming for you, Barack Obama': Top U.S. official discloses threat from ISIL terrorists
- NAPOLITANO: What if our democracy is a fraud?
- 'Pocket drones': U.S. Army developing tiny spies for the next big war
- Russia shipping sophisticated weapons systems to Ukraine separatists
- Michelle Obama says money in politics is bad, asks donors for 'big, fat check'
- CARSON: Costco and the perils of politicizing business
- Ohio university quiz implies atheists are naturally smarter than Christians
- EDITORIAL: Detroit's water 'spigot bigots'
- Brian Kelly, Notre Dame ready for different route to title
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq