Iranian ‘intelligence operation’ targeted dissidents’ secure communication
The Iranian intelligence service has hacked into sensitive computer security systems and reportedly stolen electronic identification certificates for Google, Yahoo, Microsoft, Skype and Mozilla (Firefox). The purpose was to break into the opposition’s encrypted communications.
To minimize the regime’s ability to steal your information and contacts, it’s time to update your browsers and change your passwords.
According to the technology blog section of the New York Times, “The internet security firm Comodo Group said it had been victim to a hacker attack that appeared to have been part of a larger scheme to eavesdrop on encrypted e-mail and chat communications that may have been sponsored by Iran.”
“Everything points to this being an intelligence operation,” a computer security expert tells the New York Times.
The hacker attack stole “digital certificates,” which certify the true identity of the owner of a website to ensure the integrity of encrypted communications and transactions between the websites and the users. The targeted company that issued the stolen digital certificates, Comodo, told the New York Times that it immediately revoked the certificates upon discovery and informed the site owners, including the makers of potentially compromised browsers like Microsoft Internet Explorer and Mozilla’s Firefox.
Reporter Riva Richmond continues in the article:
“The firm described the attack as well-planned and deployed with ‘clinical accuracy’ from computers located mainly in Iran, though it pointed out in a company blog post that those computers could have been used to ‘lay a false trail.’ But it said that the characteristics of the attack, and the fact that Iran has sought to penetrate online communication services in the past, led it to ‘one conclusion only’ — that the attack was likely to be ‘state-driven.'”
Significantly, that same New York Times article contains a link to IranChannel.org. The link appears in the phrase that Iran “has sought to penetrate online communications in the past.”
The operation to steal the digital certificates occurred on March 15. Google updated its Chrome version on March 17, and Mozilla and Microsoft also issued updates.
“The fraudulent certificate for Mozilla, which was for its Firefox add-on site, might have allowed the attacker, posing as Mozilla, to install malware on targeted PCs or to block the installation of Firefox extensions that help users bypass government-imposed censorship filters,” according to the article.
Mozilla reported on its website that it updated Firefox versions 3.5, 3.6 and 4.0 to recognize and block the compromised certificates. “Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site,” Mozilla said.
Microsoft issued a statement urging users of its browsers to download the updated versions.
In the event the Iranian regime was able to get into the backdoor of your website or computer, you should take basic precautionary measures. First, stop using the Microsoft Internet Explorer browser because of well-known security holes, and use Mozilla’s Firefox browser. Upgrade to Version 4.0 of Firefox, which is the latest version that was created after discovery of the Iranian intelligence hacking.
Then, change all of your passwords in the event the regime was able to copy them.