Up to 300,000 Iranians may have had their Google email monitored using security certificates stolen from Dutch firm DigiNotar. The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates. The report suggests the certificates were used in Iran to eavesdrop on email accounts.
What’s the Big Idea?
The digital miscreant known as ComodoHacker has claimed responsibility for the high-profile digital certificate hack. The hacker boasted he still has access to four other (unnamed) “high-profile” certificate authorities and retains the ability to issue new rogue certificates, including code signing certificates. Compromises against both Comodo affiliates and DigiNotar allowed hackers to generate bogus certificates which are a means to mount convincing man-in-the-middle or phishing attacks.