Iran-based hackers behind 'state-driven' cyberattack -report
An Internet security company suspects that Iran-based hackers are behind a "state-driven attack" fake online certificate issuances last week targeting major online portals including Google, Yahoo, Skype, Mozilla, and Microsoft. Comodo, in a March 23 fraud incident report, said that the issuances of nine fraudulent Secure Sockets Layer (SSL) certificates occurred last March 15. "The circumstantial evidence suggests that the attack originated in Iran. The perpetrator has focused simply on the communication infrastructure (not the financial infrastructure as a typical cyber-criminal might). The perpetrator can only make use of these certificates if it had control of the DNS infrastructure. The perpetrator has executed its attacks with clinical accuracy. The Iranian government has recently attacked other encrypted methods of communication. All of the above leads us to one conclusion only: that this was likely to be a state-driven attack," it said. Such certificates would have allowed an attacker to intercept encrypted data, including communications, through the targeted sites. The watchdog traced the incident to a breach in one of its affiliates, where an attacker used a hacked account to issue nine SSL certificates across seven domains. Comodo said it revoked all of these certificates immediately upon discovery. So far, the company said it has not detected any attempted use of these certificates after their revocation. The nine fraudulently issued certificates included:
- mail.google.com (Gmail), Serial: 047ECBE9FCA55F7BD09EAE36E10CAE1E
- www.google.com, Serial: 00F5C86AF36162F13A64F54F6DC9587C06
- login.yahoo.com, Serial: 00D7558FDAF5F1105BB213282B707729A3
- login.yahoo.com, Serial: 392A434F0E07DF1F8AA305DE34E0C229
- login.yahoo.com, Serial: 3E75CED46B693021218830AE86A82A71
- login.skype.com (Skype), Serial: 00E9028B9578E415DC1A710A2B88154447
- addons.mozilla.org, Serial: 009239D5348F40D1695A745470E1F23F43
- login.live.com (Microsoft), Serial: 00B0B7133ED096F9B56FAE91C874BD3AC0
- global trustee, Serial: 00D8F35F4EB7872B2DAB0692E315382FB0