(Image Source: Silicon Republic)
BY MADISON MACK
ANCHOR MEGAN MURPHY
You're watching multisource tech news analysis from Newsy.
The Iranian hacker responsible for attacking a Dutch security certificate company Diginotar and issuing more than 500 fake certificates used to connect to websites like Google and Twitter has vowed to quote "strike back again" in this warning he posted on a personal website.
"When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just 16 years has been passed. Dutch government's 13 million dollars which paid for DigiNotar will have to go DIRECTLY into trash.."
So far over 300,000 IP addresses have used the fake certificakes - 99 percent of them were from Iran, including traffic from anonymous Web proxies - leading computer security firm Trend Micro to speculate.
"… that these proxy services were being used by Iranian citizens seeking to work around government censorship—but the fake trust certificates would have meant their encrypted communications could have been intercepted anyway."
SSL certificates are digital IDs issued by third party companies which allows a user to establish
a secure communication between a website and a computer. Using a fake one, a person can intercept traffic - a bit like tapping a phone. So what could have the hacker discovered?
Technology journalist Jeremy Wagstaff says - quite a lot.
"All the traffic that was intercepted could be deciphered.. meaning all browsing and emails. But it also may have captured cookies, meaning passwords, which would have made it easy to hack into target accounts and sniff around old emails, dig out other passwords, or hack into associated accounts, such as Google Docs."
Diginotar is just one of 500 companies worldwide that issues security certificates-- and Help Net Security says it's probably not the only one that's been compromised.
"That's a chilling thought that probably many an expert has had since the extent of the incident has been revealed. Hopefully, it just might jumpstart the search for a fitting alternative to the CA trust system."
A writer for the Inquirer agrees saying a breach this large - should be a call to action.
"If all the hacker's claims are true - and he is not known to have lied so far - then the public key infrastructure is in a very bad shape and in dire need of an overhaul."
Dutch prosecutors are investigating DigiNotar for possible criminal negligence.
 |  |  |  |
