Thanks for that. I was wondering how a fraudulent certificate could possibly be generated. I was initially surprised by this turn of events, but in hindsight it is obvious the PKI infrastructure would be attached and abused in this way.
An odd thought popped into my head. Israel: our hackers can infect a few computers and knock your nuclear plans off line. Iran: yeah, well ours can attack the PKI infrastructure so we can spy on what our unruly citizens are saying.