Iran has been identified as the “state player” which hacked important CA certificate information.
If the Iranians stole the certificates, it would be possible for them to set up man-in-the-middle attacks by faking some of the world’s leading sites.
The compromised certificates were issued by USERTRUST Network which is part of Comodo.
Writing from his bog Applebaum initially said he suspected the hack “was taken by a state level adversary.”
Comodoc confirmed the attack and issued a statement naming Iran as the country it suspects.
According to the Internet Storm Center SANS, the targets included Microsoft’s login.live.com, Google’s mail.google.com, www.google.com, login.yahoo.com (3 certificates), login.skype.com, addons.mozilla.com, and “Global Trustee.”
Other hackers are less certain that it is Iran. Certainly the IP address of the hackers stealing the certificates was Iran based but this could have been spoofed. After all if you are good enough to take out a security company’s certificates, you are probably sensible enough to mask your IP address.
However Iran has just launched its own hacking arm of the Revolutionary Guard so it might have made one or two mistakes. China has also been suggested as the state player involved.