Daily Israel Report
More

Zion's Corner Blogs


Mossad Hacked?

A Dutch government report says security certificates for Mossad, CIA, MI6, and major corporations were stolen - probably by Iran.
By Gabe Kahn.
First Publish: 9/8/2011, 6:29 PM

A hacker or hackers fabricated certificates for Israel's intelligence service, Mossad, the CIA, and Britain’s Secret Intelligence Service, MI6, and other sites such as AOL and Microsoft, a Dutch government report said.

The report, presented by the Dutch government on Monday, focused on some 300,000 internet users in Iran who were spied on last month by one or several hackers who stole security certificates from a Dutch IT firm.

Using a stolen certificate the hacker, or hackers, monitored people who visited Google.com, could steal their passwords and could obtain access to other services such as Facebook and Twitter, said Dutch IT firm Fox-IT, which wrote the report.

The report, which Dutch Interior Minister Henk Donner sent to the Dutch parliament, confirmed a statement last week from Google when it said that it had received reports of attacks on Google users and that "the people affected were primarily located in Iran".

"The list of domains and the fact that 99 per cent of the users are in Iran suggest that the objective of the hackers is to intercept private communications in Iran," Fox-IT said.

Israeli officials declined to comment on the report or its potential ramifications, but information security experts say the certificate - if obtained - would have almost certainly been for Mossad's public website and not sensitive servers used for communications and data storage.

US security experts, however, say it should be setting off alarm bells.

"Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," Christopher Soghoian, a Washington D.C.-based researcher noted for his work on online privacy, said in a tweet Saturday.

A certificate guarantees that a web surfer is securely connected but a stolen certificate enables a hacker to pretend a web surfer is securely connected to a website without the surfer knowing he is being monitored.

Criminals or governments could use the stolen certificates to conduct "man-in-the-middle" attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly intercepted.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531.

Social media such as Twitter and YouTube were used during protests in Iran after presidential elections in 2009, and Iranian authorities have been trying to fight opposition on the internet, said Afshin Ellian, who fled Iran in the 1980s and is professor at Leiden University's law faculty.

"Tehran wants to be aware of oppositional activities inside and outside Iran. Using that information they can forcefully act against the opposition," Ellian said in his blog on the website of Dutch magazine Elsevier.

In April, there were signs Iran was helping Syria put down anti-government protests with advice on monitoring and blocking Internet use, a US official said at the time.

Dutch minister Donner told reporters he had not been able confirm that the certificates, which were stolen from Dutch IT firm DigiNotar, were hacked by Iranian state authorities.

"The only thing we have been able to establish is that the people who complained were in Iran," Donner said.

Dutch minister Donner told reporters he had not been able confirm that the certificates, which were stolen from Dutch IT firm DigiNotar, were hacked by Iranian state authorities.

In addition to the Mossad certificate reportedly being hacked, some 300 Israeli domains came under a denial of service attack on Tuesday by a group of Turkish hackers.