Security Corner

Mar 26 2011   3:02PM GMT

SSL Compromise an Act of Cyber-warfare?

Ken Harthun Ken Harthun Profile: Ken Harthun

SANS NewsBites | March 25, 2011 | Vol. 13, Num. 024: “SSL Security Compromised…Attackers compromised a partner of SSL certificate authority, Comodo and issued themselves fraudulent SSL certificates.  The certificates vouch for a site’s authenticity, and would have allowed the thieves to set up sites that fool visitors into believing they have reached major Internet presences, like Google, Microsoft and Skype.  Comodo has revoked the stolen certificates.”

Microsoft released an advisory on March 23, 2011 (2524375) noting that the following domains were affected:

  • (3 certificates)
  • (already known from an earlier announcement by Mozilla)
  • “Global Trustee”

Now, here’s where it gets interesting. The IP traced to the attacker was that of an Iranian ISP. Think about it. Here’s what Comodo had to say in their blog post:

The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran. A web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP.

Of course, this could be just that the attacker was laying a false trail, which would be smart, but how about this?

It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups. The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social networking sites as a major organizing tool for the protests.

It’s a Brave New World.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: