Skip Links

In Iran, new attack escalates ongoing cyberconflict

The attack on Comodo's digital certificates represents a new tactic in a long-running war

By , IDG News Service
March 25, 2011 09:07 PM ET

IDG News Service - A cyber-attack linked to Iran this week is the latest in a string of cyber-events that some say represents a new step in a shadowy and long-running war between the Iranian government and those who criticize it on the Internet.

Comodo Group, a seller of digital certificates, said that an unnamed partner was compromised on the evening of March 15. The attack was worrying because the kind of digital Secure Sockets Layer (SSL) certificates that Comodo sells are an important part of the infrastructure used to secure the Internet. These certificates are encrypted files that tell the browser it's securely connecting with the real, for example, and not an imposter site. They help prevent phishing attacks, but in a country like Iran, they can be critical to dissidents, helping to keep private communications safe from prying eyes.

OPINION: We need to ignite a Layer-1 revolution

The attack was well-planned and carefully executed, but according to Comodo, it was quickly detected. Massimo Penco, a vice president of Comodo based in Italy, said he received an alert around 7 p.m. on March 15 that something unusual was going on.

"Someone issued a certificate for Google, but we didn't have a request from Google," he said. Within 15 minutes of this happening, he was on the phone asking colleagues in New Jersey to lock the system down, he said. The certificate for Google was revoked within an hour or so, along with eight others that had been issued in the meantime.

Comodo doesn't know who was behind the attack. In the hacking world, it's standard practice to hop from computer to computer as a way of hiding one's tracks. And a secretive country such as Iran is unlikely to share information with Western investigators.

Still, Iran has the means, motive and opportunity to pull off an attack like this in order to spy on supposedly secured communications between Iranians and the servers used by companies such as Google, Skype and Microsoft, all of whose certificates were spoofed in the attack, said Melih Abdulhayoglu, Comodo's founder and CEO. "All things point to the Iranian government and their newly founded cyberwarfare department," he said.

Representatives with Iran's Permanent Mission to the United Nations were unable to comment Friday.

The Iranian government has been interested in monitoring and controlling its citizens' Internet use for close to a decade now, said Mehdi Yahyanejad, founder of the popular Iranian discussion site Balatarin.

But after the founding of the country's cyberpolice unit in late 2008, Iran began to flex some muscle. Yahyanejad believes that Iran was behind a complicated February 2009 attack that wiped out his website and kept it offline for three weeks. He suspects state involvement, because news of the attack was published on the state-sponsored Fars News Agency website within hours of the attack -- before even Yahyanejad himself had had time to figure out what had happened.

With that attack, the hackers used social engineering techniques to trick Yahyanejad's Internet service provider into giving them unauthorized access to his hosting account. And like the Comodo incident, it was meticulously planned and well-executed. Since 2009, Balatarin has been hit with numerous distributed denial-of-service (DDoS) attacks. The most recent, in January of this year, was unprecedented in power.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News