The fraudulent Web security certificates issued by hacked DigiNotar, allowing the hackers access to the data and passwords of Google sites, had not only hit social networking site Facebook and micro blogging site Twitter, but also the U.S. and the UK secret service agencies - CIA and MI6.
On July 19, DigiNotar detected an intrusion into its Certificate Authority infrastructure that resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.
Around 300,000 unique requesting IPs to Google.com have been identified. Of these, 99 percent originated from Iran.
A record compiled in an Excel file and posted on a blog shows that the security of the users of U.S. secret service agency CIA and UK's MI6 Web sites was compromised by the fake security certificate.
Dutch web security firm, DigiNotar is one of many companies which sell the security certificates widely used to authenticate Web sites and guarantee secure communications between a browser and a Web site.
The hacking of DigiNotar closely resembles one in March of the U.S. security firm Comodo Inc., which was also attributed to an Iranian hacker.
The list of IP addresses will be handed over to Google which can inform users that their e-mail might have been intercepted during this period.
Current browsers perform an OCSP check as soon as the browser connects to a SSL website protected through the https (hypertext transfer protocol secure) protocol.
The hacking implies that the current network setup and procedures at DigiNotar are not sufficiently secure to prevent this kind of attack.
The latest versions of browsers, including Microsoft's Internet Explorer, Google's Chrome and Mozilla's Firefox, are now rejecting certificates issued by DigiNotar.
In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site, or used to monitor communications with the real sites without users noticing.
However, in order to pass off a fake certificate, a hacker must be able to steer his target's Internet traffic through a server that he controls. Only an Internet service provider or a government that commands one can do it easily.
Although no users in the Netherlands are known to have been victimized directly, the breach has caused a major headache for the Dutch government, which relied on DigiNotar to authenticate most of its Web sites.