Firm points finger at Iran for SSL certificate theft

23.03.2011
Iran may have been involved in an attack that resulted in hackers' acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.

The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm.

Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran.

"We believe these are politically motivated, state-driven/funded attacks," said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, N.J.-based security company that is also allowed to issue site certificates.

"One of the origins of the attack that we experienced is from Iran," Abdulhayoglu said in an . "What is being obtained would enable the perpetrator to intercept Web-based email/communication and the only way this could be done is if the perpetrator had access to the country's DNS infrastructure, and we believe it might be the case here."

offered more details of the Iranian connection and claimed that at least two Iranian IP addresses and one ISP were involved.