Skip to main content

Forged security certificate targets Gmail users

Gmail-SSL-DigiNotar

A fraudulent Google security certificate has found its way onto the web, making it possible for hackers to access the accounts of Gmail users, reports CNet. The certificate is reportedly being used to target Gmail users located in Iran.

The Secure Sockets Layer (SSL) certificate was issued by Dutch security authority DigiNotar to unidentified attackers on July 10. The attackers apparently tricked DigiNotar into thinking the request for the SSL certificate was coming from Google, which prompted the security authority to release the certificate.

Armed with the SSL certificate, the attackers have been able to set up fake versions of Google websites — Gmail appears to have been the focus — which appear genuine to both users and users’ web browsers, which can detect fake websites that do not have the proper SSL certificate.

Known as a “man in the middle” (MITM) attack, this technique allowed the hackers to fool users into entering their real Gmail credentials into the fake site, giving them access to those users’ email accounts.

A Gmail user in Iran, who goes by the name “alibo” first posted the problem to the Google users forum.

“Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome. I took a screenshot and I saved certificate to a file.” wrote alibo. “When I used a vpn I didn’t see any warning! I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)”

The Comodo alibo refers to was a similar case, which took place back in March. Certificate authority Comodo issued a variety of fraudulent digital certificates for sites owned by Google, Yahoo, Microsoft and others. A 21-year-old Iranian claimed to have been responsible for the attack, saying his actions were in protest of US foreign policy.

In this most recent instance, Google has so far only touted the security prowess of its Chrome browser.

“A Chrome security feature warned the user of the invalid certificate and blocked them from visiting the attacker’s site. We’re pleased that the security measures in Chrome protected the user and brought this attack to the public’s attention,” a Google spokesperson told CNet. “While we investigate, we plan to block any sites whose certificates were signed by DigiNotar.”

Mozilla also responded to the attack, saying on its blog, “Because the extent of the mis-issuance is not clear, we are releasing new versions of Firefox… shortly that will revoke trust in the DigiNotar root and protect users from this attack. We encourage all users to keep their software up-to-date by regularly applying security updates.”

DigiNotar has so far remained silent on its mistake.

UPDATE: Google’s Information Security Manager, Heather Adkins, has released an official statement on the Google online security blog. It reads:

Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).

Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.

To further protect the safety and privacy of our users, we plan to disable the DigiNotar certificate authority in Chrome while investigations continue. Mozilla also moved quickly to protect its users. This means that Chrome and Firefox users will receive alerts if they try to visit websites that use DigiNotar certificates.

To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings.

[Image via joingate/Shutterstock]

Editors' Recommendations

Topics
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
White House officials among those targeted by Gmail hack

White House officials were among those targeted by a recent phishing attack regarding Google's Gmail service, according to a report in the Wall Street Journal. The report cited an unnamed US official as its source.

Google believes that hackers attempted to trick hundreds of users of its popular web-based e-mail service into giving away their passwords. Military personnel, journalists, and Chinese human rights activists are all thought to have been targeted, as well as government officials.

Read more
China blamed for Gmail attack, top US officials targeted

Google said on Wednesday that hackers believed to be based in Shandong province in China have attempted to trick hundreds of Gmail users into giving away their passwords, including those belonging to US government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists.

In a post on the company's blog, Eric Grosse, a member of the Google security team, said that the passwords had been obtained “likely through phishing,” with the probable aim being to monitor e-mail content. Forwarding and delegation settings would likely have been changed too, he said.

Read more
Sony BMG Greece website hacked, user data revealed
sony-logo-large

Sony's nightmare continues this week, with with news out today that hackers infiltrated the Sony BMG Greece on May 5, and stole users' personal data, some of which was then posted online this weekend.

News of the hack comes via Hacker News, which reports that an anonymous user, who goes by the name b4d_vipera, uploaded a database of user information to pastebin.com. The database includes the names and email addresses of people registered to the SonyMusic.gr website.

Read more