Skip to main content
  1. Home
  2. Computing
  3. News

Fake DigiNotar certificates targeting Iranians?

By
DigiNotar Iranian traffic surge (Trend Micro)
Image used with permission by copyright holder

Computer security firm Trend Micro says fake digital certificates from compromised Dutch certification authority DigiNotar were part of a broad-scale man-in-the-middle attack targeting Iranian Internet users—and may have left political dissidents, activists, and others trying to bypass Iran’s online censorship regime vulnerable to eavesdropping.

DigiNotar catapulted into the news late last month when it was discovered to have issued a rogue certificate for Google.com, making it possible for third parties to carry out man-in-the-middle attacks on Google services—like Gmail—as if they were trusted and verified systems controlled by Google. Online security professionals tried to react quickly, but Trend Micro noticed something very odd about requests for domain validation through diginotar.nl: it’s a small firm that mostly serves customers in the Netherlands, so one would expect most of its domain validation requests to come from the Netherlands. And that’s true. However, beginning August 28 a significant number of Internet users requesting domain validation through DigiNotar were from Iran. No other countries saw any significant uptick in domain verification requests through DigiNotar.

Recommended Videos

The unusual spike in requests started on August 28, dropped off substantially by August 30, and was all but gone on September 2.

“These aggregated statistics [..] clearly indicate that Iranian Internet users were exposed to a large scale man-in-the-middle attack, where SSL encrypted traffic can be decrypted by a third party,” Trend Micro senior threat researcher Feike Hacquebord wrote.

Trend Micro also notes that several Web proxy systems in the United States—which are widely used by individuals wishing to access sites anonymously and without revealing their IP address or other details—were also sending Web validation requests for DigiNotar. Trend Micro speculates that these proxy services were being used by Iranian citizens seeking to work around government censorship—but the fake trust certificates would have meant their encrypted communications could have been intercepted anyway.

Trend Micro’s analysis is based on the company’s Smart Protection Network, which collects and analyzes data from Trend Micro customers around the world, including what domain names are accessed by customers at particular times.

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
We just got our first hint of the RTX 6090, but it’s not what you think
A hand grabbing MSI's RTX 4090 Suprim X.

As we're all counting down the days to a possible announcement of Nvidia's RTX 50-series, GPU brands are already looking ahead to what comes next. A new trademark filing with the Eurasian Economic Commission (EEC) reveals just how far ahead some manufacturers are thinking, because it mentions not just the Nvidia RTX 5090, but also an RTX 5090 Ti; there's even an RTX 6090 Ti. Still, it'll be a long while before we can count the RTX 60-series among the best graphics cards, so what is this all about?

The trademark registration filing, first spotted by harukaze5719 on X (formerly Twitter) and shared by VideoCardz, comes from a company called Sinotex International Industrial Ltd. This company is responsible for the GPU brand Ninja, which doesn't have much of a market presence in the U.S.

Read more
How the Blue Screen of Death became your PC’s grim reaper
The Blue Screen of Death seen on a laptop.

There's nothing more startling than your PC suddenly locking up and crashing to a Blue Screen of Death. Otherwise known as a Blue Screen, BSOD, or within the walls of Microsoft, a bug check screen, the Blue Screen of Death is as iconic as it is infamous. Blue Screen of Death is not a proper noun, but I'm going to treat it like one. It's what you were met with during crashes on Intel's 14th-gen CPUs, and it littered airport terminals during the recent CrowdStrike outage.

Everyone knows that a Blue Screen is bad news -- tack on "of Death" to that, and the point is only clearer. It's a sign that something catastrophic has happened, so much so that the operating system can't recover, and it needs to reboot your PC in order to save it. The Blue Screen of Death we know today, fit with its frowning emoticon, is a relatively new development in the history of Windows.

Read more
The performance downgrade made to the M4 Pro that no one is talking about
Someone using a MacBook Pro M4.

I've spent this whole week testing the new M4 chip, specifically the M4 Pro in both the Mac mini and 16-inch MacBook Pro. They are fantastic, impressive chips, but in my testing, I noticed something pretty surprising about the way they run that I haven't seen others talk much about. I'm talking about the pretty significant change Apple made in this generation to power modes.

First off, Apple has extended the different power modes to the "Pro" level chips for the first time, having kept it as an exclusive for Max in the past. The three power modes, found in System Settings, are the following: Low Power, Automatic, and High Power. The interesting thing, however, is that in my testing, the Low Power drops performance far more this time around.

Read more