A growing number of Iranian bloggers expressed their anxieties after learning that their Gmail inboxes may have been an open book for the Iranian state to read and target dissidents for the last two months.
The rogue SSL certificate is used to digitally “sign” HTTPS connections to any Google site and was issued by a Dutch company called DigiNotar on July 10. In particular, political dissidents who put their trust in Google’s systems for their security may have been targeted in the attack.
Google reacted on August 29, 2011, saying:
Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services… Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate.
Human rights organisation, Arseh Sevom warns that Tor, Yahoo and Mozilla are targets too.
Here is Ali Borhani's (an Iran-based IT student) conversation with Google:
Today, when I trid to login to my Gmail account I saw a certificate warning in Chrome .
I took a screenshot and I saved certificate to a file.
this is the certificate file with screenshot in a zip file:
and this is text of decoded fake certificate:
when I used a vpn I didn't see any warning ! I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)
Iran Online Security writes that internet users got the warning when they wanted to access their Google Docs.
While several bloggers offered advice for secure internet use such as using proxies to login to their emails, Nima Rashedan, a cyber security expert, published a video explaining to Iranian users what happened.
Nima Rashedan told me via email that most Iranian media ignored the importance of this attack. Hackers got their hands on passwords, files, archives and unfortunately it is not limited to Google, since Yahoo, Firefox were targeted too. Diginotar still keeps silent although it was hacked by a group that called itself “Iranian hackers”. Rashedan says the damage is beyond imagination and nothing to compare with Comodo hacking.
A new campaign was launched to protect Iranian users where we read:
Our campaign is aimed at raising awareness for the dangerous situation for Iranian netizens, especially since the Diginotar scandal.