Iran linked to CA certificate hack

Iran has been identified as the “state player” which hacked important CA certificate information.

If the Iranians stole the certificates, it would be possible for them to set up man-in-the-middle attacks by faking some of the world’s leading sites.

Security researcher and Tor developer Jacob Appelbaum found the CA compromise and near cover-up of several fraudulent certs and warned Google and Mozilla.

The compromised certificates were issued by USERTRUST Network which is part of Comodo.

Google had patched Chrome last week and Mozilla managed to include the blacklist in Firefox 4.

Writing from his bog  Applebaum initially said he suspected the hack “was taken by a state level adversary.”

Comodoc confirmed  the attack and issued a statement naming Iran as the country it suspects.

According to the Internet Storm Center SANS, the targets included Microsoft’s, Google’s,, (3 certificates),,, and “Global Trustee.”

Other hackers are less certain that it is Iran. Certainly the IP address of the hackers stealing the certificates was Iran based but this could have been spoofed. After all if you are good enough to take out a security company’s certificates, you are probably sensible enough to mask your IP address.

However Iran has just launched its own hacking arm of the Revolutionary Guard so it might have made one or two mistakes. China has also been suggested as the state player involved.