User: Password:
Subscribe / Log in / New account

Iranian government involvement?

Iranian government involvement?

Posted Sep 8, 2011 2:50 UTC (Thu) by mbg (subscriber, #4940)
Parent article: Certificates and "authorities"

What is the evidence that there was anything "likely sponsored or run by the Iranian government"?

(Log in to post comments)

Iranian government involvement?

Posted Sep 8, 2011 4:37 UTC (Thu) by quotemstr (subscriber, #45331) [Link]

One of the forged certificates was for balitarin, a site heavily used by Iranian dissidents (and run by a friend of mine). Iran has also used techniques like DPI HTTP-proxy detection and blanket prohibition of SSL connections, and has repeatedly blocked GMail, Facebook, and other popular social media sites. I wouldn't be the least bit surprised to learn that the IRI had an SSL MITM program as well.

Iranian government involvement?

Posted Sep 8, 2011 5:37 UTC (Thu) by dannyobrien (subscriber, #25583) [Link]

The most compelling evidence are the logs of revocation checks at DigiNotar for the fake certificates[1]. The logs show, Fox-IT says, that over 200K unique IPs made a check, almost all in Iran, suggesting they were served the fake certificate when visiting Google. Here's the graphical depiction of what it shows:

That implies that an active MITM attack, proxied over the majority of Iranian net space. While it seems pretty clear that a single determined independent hacker could have broken through Comodo and DigiNotar's defences, rolling out this kind of pervasive infrastructural surveillance would require the complicity of multiple Iranian ISPs.

I think the best bet right now is what is now a depressingly common combination -- indie blackhats doing the penetrations, and state actors buying and deploying what they find.

[1] - Documented in the Fox-IT report here, which is short, damning, and well worth a read:

Iranian government involvement?

Posted Sep 8, 2011 9:03 UTC (Thu) by quotemstr (subscriber, #45331) [Link]

Thank you for linking to the report; it's as damning as you say. I'm actually surprised that the MITM attack was so brazen: I wonder whether more careful use of the forged certificates might have opened a longer window for more targeted surveillance. (Of course, such an attack may be ongoing, and I'd rate the likelihood of such a thing far higher than I would have three months ago.) If a complete and sustained CA compromise, a coverup, and a large-scale MITM attack don't lead to changes in how we allocate trust, it'll be hard to believe that anything else will.

Iranian government involvement?

Posted Sep 8, 2011 20:27 UTC (Thu) by dashesy (guest, #74652) [Link]

After public unrest as a result of the election fraud the revolutionary guard bought the Iranian telecommunications company.
Apart from the economical motives, it was obvious they had other reasons. To orchestrate such MITM attack one has to control many ISPs and communications infrastructure.
In addition, a few month ago the ministry of intelligence was boasting publicly on how they can read private emails!

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds