| |||||||||||||
Iranian government involvement?Iranian government involvement?Posted Sep 8, 2011 5:37 UTC (Thu) by dannyobrien (subscriber, #25583)In reply to: Iranian government involvement? by quotemstr Parent article: Certificates and "authorities"
The most compelling evidence are the logs of revocation checks at DigiNotar for the fake certificates[1]. The logs show, Fox-IT says, that over 200K unique IPs made a check, almost all in Iran, suggesting they were served the fake certificate when visiting Google. Here's the graphical depiction of what it shows: http://www.youtube.com/watch?v=wZsWoSxxwVY
That implies that an active MITM attack, proxied over the majority of Iranian net space. While it seems pretty clear that a single determined independent hacker could have broken through Comodo and DigiNotar's defences, rolling out this kind of pervasive infrastructural surveillance would require the complicity of multiple Iranian ISPs.
I think the best bet right now is what is now a depressingly common combination -- indie blackhats doing the penetrations, and state actors buying and deploying what they find.
[1] - Documented in the Fox-IT report here, which is short, damning, and well worth a read: http://www.rijksoverheid.nl/ministeries/bzk/documenten-en...
(Log in to post comments)
Iranian government involvement? Posted Sep 8, 2011 9:03 UTC (Thu) by quotemstr (subscriber, #45331) [Link]
Thank you for linking to the report; it's as damning as you say. I'm actually surprised that the MITM attack was so brazen: I wonder whether more careful use of the forged certificates might have opened a longer window for more targeted surveillance. (Of course, such an attack may be ongoing, and I'd rate the likelihood of such a thing far higher than I would have three months ago.) If a complete and sustained CA compromise, a coverup, and a large-scale MITM attack don't lead to changes in how we allocate trust, it'll be hard to believe that anything else will.
|
|||||||||||||