Monday, March 28, 2011

An Iranian claims piracy security certificates

A man posing as a hacker Iran 21 years has claimed the diversion of SSL security certificates for services as important as Gmail, Yahoo Mail or Hotmail, discovered last week. These certificates are used by Internet browsers to verify that a site is the original version and not diverted. Nine false certificates had been issued through an Italian subsidiary of the company Comodo, which publishes certificates.

In his message, the alleged embezzlement details the method used and the security holes he discovered. In colorful language and broken English, he also claims not to be linked to the Iranian government, but explained that "the partisans of the false green movement, such as People's Mujahedin of Iran and the terrorists with two faces, should be afraid of me.

I will not let anyone hurt the people of Iran, the nuclear experts from my country, my leader (no one can touch) or my president. " He also claims he acted alone, but having "the experience of a thousand hackers. The text explains indirectly that the diversion was revenge for the creation of StuxNet virus, which targeted the Iranian nuclear infrastructure, and that Israel and the U.S.

are suspected of having created. It also accuses Microsoft, Mozilla and Google of being "under the thumb of the CIA" for correcting a security vulnerability in their browsers. Shortly after the discovery of the diversion, Comodo had described being hacked from an IP address Iran. The company did not believe in the theory of isolated act: In his incident report, she noted that "the Iranian government has recently attacked other methods of communication encrypted.

The Iranian authorities have in fact largely blocked the Tor network, used to communicate encrypted in January. The fact that the attack was intended certificates for mail services and Skype also suggests that the objective could be linked to attempted espionage. In 2010, Tunisia had established an extensive espionage system of electronic boxes and Facebook accounts of its citizens.

She then found a way around security certificates, blocking direct access to secure sites at certain times of the day, that could record the passwords of users.

No comments:

Post a Comment