Google tells Iranian Gmail users to beware of suspicious prompts to click on links that could execute man-in-the-middle attacks. Comodohacker is using a fake certificate.
Google (NASDAQ:GOOG) Sept. 8 warned its Gmail users in
Iran that their accounts may be compromised by the fake Secure Sockets
Layer (SSL) security certificate issued by Dutch security firm DigiNotar.
The search engine provider, believed to have between 150
million and 200 million Gmail users worldwide, said that its own servers and
infrastructure were not compromised in the security attack.
DigiNotar validates and registers SSL certificates, which
ensure secure communications for Websites. A computer hacker going by the handle "Comodohacker"
stole a Google
authentication certificate from DigiNotar in July.
Comodohacker used the certificate to execute a so-called
"man-in-the-middle attack," routing users to fake Web pages and
enticing them to reveal their usernames and passwords. This would allow the
hacker to access Iranian Gmail users' messages and monitor their conversations.
Iranian Gmail user Ali Borhani Aug. 28 published a screenshot of an SSL
warning that it appeared in Google's Chrome Web browser while
accessing Gmail. Borhani's post included a link to Pastebin with the contents
of the fake SSL certificate for Gmail.
DigiNotar issued the certificate July 10, and it was revoked
by the Dutch certification authority on Aug. 29. Even so, Google is taking the
unusual step of reaching out to Iranian users who may be affected and alerting
them to how they might protect their privacy.
Those steps include
: changing their password; verifying account recovery
options, which include secondary email addresses, phone numbers and other
information that helps users regain access to their account in the case of a
loss password; checking Websites and applications permitted to access the account;
checking Gmail settings for suspicious forwarding addresses; and paying attention
to security warnings browsers provide.
Meanwhile Comodohacker is building serious credibility
among the hacker set. He claims to have stolen certificates for 531 sites,
including Facebook, Skype, Mozilla, Microsoft and Yahoo, as
well as domains belonging to the CIA and Israel's Mossad, according to MSNBC
DigiNotar was the biggest victim of this hack, as browser
makers scrambled to shore up their defenses.
Google Sept. 3 marked DigiNotar untrusted in the next
release of the Chrome OS. Microsoft removed DigiNotar from the
default certificates store on Windows 7, Vista, Server 2008 and 2008 R2. Mozilla Sept. 6 released new versions of
Firefox, Firefox Mobile and Thunderbird to revoke certificates signed by