User Tag List

Results 1 to 2 of 2

Thread: Rogue Google certs used to spy on Iranian communications

  1. #1
    • knroeoueqisk's Gadgets
      • Motherboard:
      • Gigabyte H55M-USB3 (Socket 1156)
      • CPU:
      • Intel Core i5 750
      • RAM:
      • Twinmos 2.0GB Single-Channel DDR3 1333
      • Hard Drive:
      • SAMSUNG 1 TERABYTE F3 & 250 GB F1 Sata Hard Drives
      • Graphics Card:
      • GIGABYTE ATI Radeon HD 5770 1GB
      • Display:
      • Samsung SyncMaster LCD [email protected] 1360x768
      • Sound Card:
      • Realtek High Definition Audio
      • Speakers/HPs:
      • Cosonic head phone
      • Keyboard:
      • Perfect keyboard
      • Mouse:
      • Delux optical mouse
      • Controller:
      • Normal Non brand gamepad
      • Power Supply:
      • Thermalake TR2 500 watt
      • Optical Drive:
      • Samsung 22X Dvd Writer
      • Operating System:
      • Windows XP Professional 32-bit SP3 and Windows 7
      • Comment:
      • i am happy with it.
      • ISP:
      • Qubee
      • Download Speed:
      • 15 Kilobytes - 64 Kilobytes
      • Upload Speed:
      • 5-15 kilobytes

    Join Date
    Dec 2009

    Default Rogue Google certs used to spy on Iranian communications

    A computer security firm claims to have "proof" that Iranians were the targets of the recent compromise of Dutch certification authority DigiNotar.

    Trend Micro said the rogue SSL certificates, which can allow the interception of supposedly secure communications like email, were used for spying on Iranian Internet users on a large scale.

    “We found that Internet users in more than 40 different networks of ISPs and universities in Iran were confronted with rogue SSL certificates issued by DigiNotar. Even worse: we found evidence that some Iranians who used software designed to circumvent censorship and snooping on traffic were not protected against the massive man-in-the-middle attack," it said in a blog post.

    Last July, hackers managed to create rogue SSL certificates for hundreds of domain names, including and even the entire .com top level domain by breaking into systems of Certification Authority DigiNotar in the Netherlands.

    Such rogue SSL certificates can be used in man-in-the-middle attacks where encrypted secure web traffic can be read by a third party. The rogue certificates were discovered Aug. 29.

    Trend Micro cited data that its Trend Micro Smart Protection Network collected over time and analyzed.

    Its analysis includes what domain names are accessed from what parts of the world at what time.

    For the domain, it saw a “very remarkable pattern" where it was mostly loaded by Dutch and Iranian Internet users until August 30, 2011.

    Domain name is used by Internet browsers to check the authenticity of SSL certificates that are issued by DigiNotar.

    “DigiNotar is a small Dutch Certification Authority with customers mainly in the Netherlands. We therefore expect that this domain name is requested by mostly Dutch Internet users and perhaps a handful of users from other countries. Not by a lot of Iranians," it said.

    On Aug. 28, Trend Micro noted “a significant part" of Internet users who loaded the SSL certificate verification URL of DigiNotar were from Iran.

    But on Aug. 30, most traffic from Iran disappeared and on September 2, 2011 about all of the Iranian traffic was gone and DigiNotar received mostly Dutch Internet users, as expected.

    “These aggregated statistics from Trend Micro Smart Protection Network clearly indicates that Iranian Internet users were exposed to a large scale man-in-the-middle attack, where SSL encrypted traffic can be decrypted by a third party," Trend Micro said.

    It said this could mean a third party probably was able to read all e-mail communication an Iranian Internet user has sent with his Gmail account.

    Even more alarming was that outgoing proxy nodes in the US of anti-censorship software made in California were sending web rating requests for to the cloud servers of Trend Micro.

    “Very likely this means that Iranian citizens, who were using this anti censorship software, were victims of the same man-in-the-middle attack. Their anti-censorship software should have protected them, but in reality their encrypted communications were probably snooped on by a third party," it said. — TJD, GMA News

  2. #2
    • Fox Mulder's Gadgets
      • Motherboard:
      • BIOSTAR Hi-Fi Z77X | Intel DH55TC
      • CPU:
      • Core i5 3470 @ 3.8 Ghz | intel Core i7 860 @ 3.3 GHz
      • RAM:
      • Corsair Vengeance 1600 MHz 2x4GB
      • Hard Drive:
      • Western Digital Blue 1 Terrabyte
      • Graphics Card:
      • Sapphire HD 7950 Vapor-X OC With Boost 3GB GDDR5
      • Display:
      • Philips 191EL 19" LED @77 Hz
      • Sound Card:
      • Creative Sound Blaster Live! 24 Bit
      • Keyboard:
      • Corsair K70 RGB
      • Mouse:
      • A4Tech 2X Click
      • Power Supply:
      • Thermaltake Smart 650W Modular
      • Optical Drive:
      • Samsung DVD Writer
      • UPS:
      • Spark Power (!) 1200VA
      • Operating System:
      • Windows 10 Build 10162
      • Comment:
      • It gets the job done!
      • ISP:
      • BracNet
      • Download Speed:
      • 244
      • Upload Speed:
      • 1 Mbps
    Fox Mulder's Avatar
    Join Date
    Jul 2009
    I don't live in a city.

    Default Re: Rogue Google certs used to spy on Iranian communications

    Very good find bro, I'll vote up the post the moment I login from BG full.

Similar Threads

  1. Replies: 2
    Last Post: August 12th, 2011, 15:38
  2. Rogue Warrior
    By abir in forum General PC Gaming
    Replies: 14
    Last Post: May 22nd, 2010, 16:07
  3. Replies: 2
    Last Post: December 22nd, 2009, 22:41
  4. Happy BirthDay 2 soul-spy
    By KinG SRS in forum Member Central
    Replies: 6
    Last Post: May 1st, 2009, 22:08
  5. Rogue Knight
    By kabir_sharif2000 in forum DotA Talk
    Replies: 51
    Last Post: September 18th, 2008, 18:15

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Page generated in 0.16267 seconds with 14 queries.