Comodo has said that “circumstantial evidence” points to Iran having been behind a recent compromise of SSL certificates relating to major service providers, not least Google, Yahoo, and Microsoft.
The incident occurred on March 15th, and even though the affected certificates have been disabled, it has still forced browser developers to provide an update to flag the compromised SSL certs for user protection.
The curious story came to light after Comodo, a company that issues secure online certificates (SSL certs) for the purposes of secure encrypted login, blogged about how an affiliate in “southern Europe” saw unauthorised activity on its account.
It turned out that the account was able to set up fake SSL certs for Google, Microsoft, Yahoo, Skype, and Mozilla.
Comodo have made it pretty clear that they view this as a professional state-sponsored attack by Iran.
According to the company’s immediate investigation, the main IP’s used to create the fake certificates were based in Iran, and that the perpetrator “executed its attacks with clinical accuracy.”
Comodo also point out that the SSL certs would only have benefited the perpetrator if they also controlled DNS records at the state level – ie, own the national telecoms network.
The perpetrator also focussed on the communication infrastructure as opposed to the financial infrastructure as a typical cyber-criminal might.
While the story may come as a surprise to many – the fact that the secure encryption used to login to your Gmail, Yahoo mail, or Live account could potentially be compromised by a state – Comodo are insistent that even without this week’s browser patches, users would not be at risk.
However, Comodo is also at pains to point out that this is simply one even in a whole series of politically-driven cyber warfare actions taking place, specifically aimed at disrupting social messaging.