Iranians spied on with stolen certificates from DigiNotar

According to fresh evidence, the stolen web security certificates from Dutch firm DigiNotar were used to spy on 300,000 Iranian Google email accounts.

Close to 300,000 unique IP addresses from Iran requested access to google.com using a rogue certificate issued by Dutch digital certificate authority DigiNotar, according to an interim report by security firm, Fox-IT, released on Monday.

The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates.

The rogue certificates were issued on July 10 by DigiNotar, was finally revoked on 29 August.

The list has been passed to Google so it can tell victims they may have come under government scrutiny.

DigiNotar is one of many firms which help to ensure that no-one is eavesdropping on secure communications between users and the sites they visit.

It does this via security certificates which act as a guarantee of identity so people can be sure they are connecting to the site they think they are.

The Fox-IT report suggests that the hackers were able to access those internal systems for a month before DigiNotar took action.

Fox-IT noted that the use of the fake certificates would also have given attackers access to small text files known as cookies that Google and many others use to recognise regular visitors.

DigiNotar has called on the Dutch government to help it recover following the attack. In its wake Google and many others have issued updates to ensure that the fake certificates are no longer recognised.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up