Stolen DigiNotar SSL certs used to monitor Google email conversations of up to 300k Iranians

I mentioned yesterday that the Dutch company DigiNotar had been hacked back in July. The company though that it had revoked all the bogus certificates, but only recently admitted that the hack had happened and that it had missed stolen certs that would allow the impersonation of Google services like Gmail. Those missed certificates have now been used to spy on Gmail messages of 300,000 Iranians.

According to one report, the spying on Gmail conversations was conducted by Iran. The list of affected users has been passed to Google to allow it to tell the Iranians that their government may have been spying on them. The report on the breach was published August 30 by Fox-IT, the company called in to analyze the breach for DigiNotar. More than 99% of the 300,000 IP addresses that connected to Gmail service with a fake security cert were in Iran.

The Fox-It report claims that the hackers were able to access internal systems at DigiNotar a month before the company took action to block the hackers. The hackers reportedly explored the DigiNotar system on June 6 and then issued the first rogue certificates on July 10. A post on the pastebin website supposedly from the hackers claims that the same group hacked Comodo earlier this year and has control of four other security certificate firms.

[via BBC]