The Netherlands has begun investigating the hacking of a Dutch Internet company whose security certificates were stolen and used to spy on hundreds of thousands of Iranian web users.
Dutch Home Affairs Minister Piet Hein Donner said late Monday the investigation will try to determine who stole the certificates from DigiNotar, and whether the Dutch company should be held responsible for the security breakdown.
The Dutch government issued a report earlier Monday saying hackers tampered with 531 DigiNotar certificates that are supposed to guarantee secure communications between websites and their users.
The report authored by Dutch company Fox-IT says the affected websites include those of Internet giants Google, Facebook, Twitter and Skype. It says the hackers also tampered with the security certificates used by spy agencies of several nations, including the Central Intelligence Agency of the United States, Israel's Mossad and Britain's MI6.
Tampering with “SSL” security certificates allows hackers to secretly monitor communications between websites and their users. Fraudulent certificates also can enable hackers to trick a user into visiting a fake version of a website.
The Dutch report says the hackers used a stolen certificate for Google.com to spy on 300,000 visitors to the website last month. It says 99 percent of those users were in Iran, a figure that led the authors to conclude that the hackers' objective was to intercept private communications in the country.
The report says the hackers left behind a Persian-language message that reads “Janam Fadaye Rabhar,” or “I will sacrifice my soul for my leader.”
Some Internet experts say they believe the hackers were cooperating with the Iranian government to spy on Iranian reformists who have used social media in the past to organize anti-government protests. But the Dutch government has not confirmed Iranian government involvement in the hacking. Iran has not responded to the Dutch report.
DigiNotar is a subsidiary of U.S.-listed IT company Vasco, Inc.
Hacking in the Netherlands Broadens in Scope - Attackers who hacked into a Dutch Web security firm have issued hundreds of fraudulent security certificates for intelligence agency Web sites, including the C.I.A., as well as for Internet giants like Google, Microsoft and Twitter, the Dutch government said Monday. -NY Times
Catching the Internet's spies in Iran and elsewhere - The combination of a targeted attack and the commandeering of at least two Internet service providers suggests a highly organized attempt to spy on a large number of Iranian Net users' secure communications. The obvious, but unproven, candidate for this seems to be some element of the Iranian security forces. -Danny O'Brien, CPJ
Stuxnet of concern for Iranian health ministry - Islamic Republic health ministry warned that Iranian medical systems may have been infected with the Stuxnet worm. Mehr news agency reported today that the research and technology branch of the health ministry announced that the Stuxnet worm could cause medical imaging systems to dysfunction.
Stuxnet Campaign Targets Iran Nuclear Program: Official - The Atomic Energy Organization of Iran (AEOI) says reports that the Stuxnet malware has inflicted serious damage on Iran's first nuclear power plant are aimed at causing concerns about Tehran's nuclear program.
... Payvand News - 09/06/11 ... --