The cyberattack, which affected hundreds of thousands of users in Iran, may have been meant to allow the Iranian government to eavesdrop on its citizens via Google, Yahoo, Facebook, and other sites.
• A daily summary of global reports on security issues.
A hacker's breach of a Dutch online security firm may have allowed the Iranian government to monitor hundreds of thousands of its citizens' e-mail accounts.
According to a statement from the Dutch government on Monday, a hacker broke into Dutch company DigiNotar, which provides security certificates to authenticate websites as safe for Internet users. The hacker then created hundreds of fraudulent certificates for Google, Yahoo, Facebook, and other major communication sites, as well as for the websites of the CIA, MI6, and Mossad.
With the fake certificates, the hacker could eavesdrop on Internet users' communications with these sites by rerouting their traffic through falsely authorized network paths while appearing to be secure.
According to an audit performed for the government by Dutch company Fox-IT, the fake Google certificate was used 300,000 times between Aug. 4 and Aug. 29, almost all of that usage coming from Iran. Al Jazeera writes that technology experts say the evidence suggests that the hackers were working with the Iranian government.
Page 1 of 4