Skip to main content
  1. Home
  2. Computing
  3. News

Fake DigiNotar certificates targeting Iranians?

Geoff Duncan
By
DigiNotar Iranian traffic surge (Trend Micro)
Image used with permission by copyright holder

Computer security firm Trend Micro says fake digital certificates from compromised Dutch certification authority DigiNotar were part of a broad-scale man-in-the-middle attack targeting Iranian Internet users—and may have left political dissidents, activists, and others trying to bypass Iran’s online censorship regime vulnerable to eavesdropping.

DigiNotar catapulted into the news late last month when it was discovered to have issued a rogue certificate for Google.com, making it possible for third parties to carry out man-in-the-middle attacks on Google services—like Gmail—as if they were trusted and verified systems controlled by Google. Online security professionals tried to react quickly, but Trend Micro noticed something very odd about requests for domain validation through diginotar.nl: it’s a small firm that mostly serves customers in the Netherlands, so one would expect most of its domain validation requests to come from the Netherlands. And that’s true. However, beginning August 28 a significant number of Internet users requesting domain validation through DigiNotar were from Iran. No other countries saw any significant uptick in domain verification requests through DigiNotar.

Recommended Videos

The unusual spike in requests started on August 28, dropped off substantially by August 30, and was all but gone on September 2.

“These aggregated statistics [..] clearly indicate that Iranian Internet users were exposed to a large scale man-in-the-middle attack, where SSL encrypted traffic can be decrypted by a third party,” Trend Micro senior threat researcher Feike Hacquebord wrote.

Trend Micro also notes that several Web proxy systems in the United States—which are widely used by individuals wishing to access sites anonymously and without revealing their IP address or other details—were also sending Web validation requests for DigiNotar. Trend Micro speculates that these proxy services were being used by Iranian citizens seeking to work around government censorship—but the fake trust certificates would have meant their encrypted communications could have been intercepted anyway.

Trend Micro’s analysis is based on the company’s Smart Protection Network, which collects and analyzes data from Trend Micro customers around the world, including what domain names are accessed by customers at particular times.

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to draw on Google Docs to add doodles, sketches, and more
The Google Play Store, YouTube, and Google Docs installed on an Amazon Fire Max 11.

Word processing software isn’t the kind of tool that most users would consider exciting, which is why we’re glad to see companies like Google adding a little flair to its own products. We’re talking about Google Docs, a free-to-use word processor that’s part of your larger Google Account ecosystem. Basic formatting options and other familiar word processing functions are front and center on Google Docs, but the ability to add doodles, sketches, and other entertaining media to your next Docs file requires a special bit of know-how.

Read more
AMD’s upcoming APUs might destroy your GPU
AMD CEO Lisa Su holding an APU chip.

The spec sheets for AMD's upcoming APU lineups, dubbed Strix Point and Strix Halo, have just been leaked, and it's safe to say that they're looking pretty impressive. Equipped with Zen 5 cores, the new APUs will find their way to laptops that are meant to be on the thinner side, but their performance might rival that of some of the best budget graphics cards -- and that's without having a discrete GPU.

While AMD hasn't unveiled Strix Point (STX) and Strix Halo (STX Halo) specs just yet, they were leaked by HKEPC and then shared by VideoCardz. The sheet goes over the maximum specs for each APU lineup, the first of which, Strix Point, is rumored to launch this year. Strix Halo, said to be significantly more powerful, is currently slated for a 2025 release.

Read more
Hyte made me fall in love with my gaming PC all over again
A PC built with the Hyte Nexus Link ecosystem.

I've never seen anything quite like Hyte's new Nexus Link ecosystem. Corsair has its iCue Link system, and Lian Li has its magnetic Uni system, and all three companies are now offering ways to tie together your PC cooling and lighting devoid of extraneous cables. But Hyte's marriage of hardware, software, and accessories is in a league of its own -- and it transformed my PC build completely.

I've been using some of the foundational components of the ecosystem for about a week, retailoring a build inside of Hyte's own Y40 PC case to see how the system works. It doesn't seem too exciting at first -- Hyte released an all-in-one (AIO) liquid cooler, some fans, and a few RGB strips, who cares? But as I engaged more with the Nexus Link ecosystem, I only became more impressed.
It all starts with the cooler

Read more