The government of Iran has been accused of sponsoring an attempted cyber-attack on Google, Microsoft, Mozilla, and Skype, reports Time. If not discovered, the attacks could have left these major websites open to impersonation.
The claim comes from New Jersey-based company Comodo Group, which sells digital authentication certificates that guarantee a website is legitimate through the use of a protocol called Secure Sockets Layer (SSL). Comodo says it sold nine such certificates to websites that it later discovered were fake. The certificate were subsequently revoked.
According to its incident report, Comodo determined that the IP addresses used to purchase the SSL certificates were “mainly from Iran.” But because the would-be hackers targeted sites used for communication, like Gmail and Skype, rather than targeting financial information as a “typical” cyber-criminal might, Comodo deduced that the failed attacks were likely the work of Iran’s government.
“The Iranian government has recently attacked other encrypted methods of communication,” wrote Comodo on its website. “All of the above leads us to one conclusion only: that this was likely to be a state-driven attack.”
Had the attacks been successful, Internet users in Iran could have tried to log onto Gmail or Yahoo Mail, for instance, and been automatically re-directed to a fake website, which could have been used to steal usernames and passwords, or to install malware that could have been used to track online activity.
“It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups,” wrote Comodo.
Comodo admits that the fraudulent SSL certificate purchases were executed with “clinical accuracy.” The company also says that the IP addresses appearing to originate from Iran “may be the result of an attacker attempting to lay a false trail.” So it remains possible that Iran had nothing to do with the attack, but the “circumstantial evidence” surrounding the attacks suggests it did.
- Google, Microsoft briefly had internet traffic rerouted through Russia
- Facebook applies new authenticity tools, exposes Russian-controlled pages
- North Korea denies accusations of WannaCry attack involvement
- U.S. Senate approves the renewal of a warrantless surveillance program
- Three men plead guilty to links with 2016 botnet that crashed the web