A revenge attack for Stuxnet, or the Iranian regime's latest effort to crack down on political dissent- Cyber-attackers who hacked into a Dutch Web security firm have issued hundreds of fraudulent security certificates for intelligence agency Web sites, including the Mossad, C.I.A., as well as for Internet giants like Google, Microsoft and Twitter, the Dutch government said on Monday. The website of the Born to Freedom Foundation [www.10million.org], a site operated out of Tel-Aviv which promises $10,000,000 reward for proven information leading to Israeli soldiers missing in action, was also hacked. The popular Israeli 'Walla' web portal was also hacked. Experts say they suspect the hacker or hackers operated with the cooperation of the Iranian government, perhaps in attempts to spy on dissidents, AP reported. The Malware Blog, an internet security blog, reported on Monday that it had concrete evidence that the recent compromise of Dutch Certification Authority Diginotar was used to spy on Iranian Internet users on a large scale. Another internet security blog, TrendMicro, reported that it had has uncovered evidence that the fraudulent certificates issued as a result of the DigiNotar compromise have disproportionately and suspiciously affected users based in Iran. In Iran, all web traffic must pass through state approved proxies. Because of this, a third party was probably able to read all of the email messages an Iranian Internet user sent with his/her Gmail account. According to TrendMicro, a significant part of Internet users who loaded the SSL certificate verification URL of Diginotar were from Iran on August 28, 2011. On August 30, 2011 most traffic from Iran disappeared and on September 2, 2011 about all of the Iranian traffic was gone. The latest versions of browsers including Microsofts Internet Explorer, Googles Chrome and Mozillas Firefox are now rejecting certificates issued by the firm that was hacked, DigiNotar. But in a statement on Monday, the Dutch Justice Ministry published a list of the fraudulent certificates that greatly expands the scope of the July hacking attack that DigiNotar acknowledged only last week. The list also includes certificates that were sent to sites operated by Yahoo, Facebook, Microsoft, Skype, AOL, the Tor Project, WordPress, and by intelligence agencies like Israels Mossad and Britains MI6, AP said. DigiNotar is one of many companies that sell the security certificates widely used to authenticate Web sites and guarantee that communications between a users browser and a site are secure, a sort of digital passport. In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site, or used to monitor communications with the real sites without users noticing. But in order to pass off a fake certificate, a hacker must be able to steer his targets Internet traffic through a server that he controls. That is something only an Internet service provider, or a government that commands one, can easily do. According to AP, technology experts cite a number of reasons to believe the attack is connected to Iran. Notably, several of the certificates contain nationalist slogans in Farsi, the language spoken by most Iranians. This, in combination with messages the hacker left behind on DigiNotars Web site, definitely suggests that Iran was involved, Ot van Daalen, director of Bits of Freedom, an online civil liberties group, told AP.
