Last Wednesday, Comodo Group, the digital certificate authority and internet security, got hacked. They issued issued nine fraudulent certificates for sites run by Google, Yahoo, Microsoft, Skype and Mozilla. It looks like the hack that got these certificates was run by the same Iranian cyber army that earlier hacked the Voice of America.
In a blog post, Comodo explained that login information for an affiliate was obtained and used to break into the Comodo server and issue the certificates.
According to Comodo’s Dr. Philip Hallam-Baker, the attacks came from Iran, though he warns the route may be a false trace.
“The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran. A web survey revealed one of the certificates deployed on another IP address assigned to an Iranian ISP. The server in question stopped responding to requests shortly after the certificate was revoked.”
Hallam-Baker rightly points out that seizing entry to such high-traffic consumer sites, all of which are communications properties, would be of particular use to “a government attempting surveillance of Internet use by dissident groups.”
The hackers could, with such access, intercept communications from individual users, plant malware on their accounts, harvest login information and block circumvention addons.
Was it Iran? Or was it a country Iran was helping? Or was it a false trail?
Cyber-warfare is becoming all too common. Iran has done a lot of it. But some of it, like the Stuxnet virus, has been done to Iran. Online connections and nodes are starting to assume the warfare importance radio stations had once upon a time.
Other sources: NYT Bits
Source: Iran Cyber-Army Strikes Digital Certificate Authority
Categories: readwriteweb America, Army, authority, certificate, Comodo, country iran, cyber army, google yahoo, intercept communications, Internet, Iran, iranian isp
February 24th, 2011 02:15
Syria cracks down on bloggers. As the Jasmine Uprisings go on in Libya, Bahrain, Yemen and elsewhere, Syria has gone in the other direction, arresting bloggers. In the last month, Ahmad Abu Al-Kheir and Firaz Akram Mahmoud have been arrested and Tal Al-Mallouhi was sentenced to five years for her imaginary spying. A host of other Syrian bloggers remain jailed.
Although Syria recently loosened up its Internet filtering, this is clearly just a PR move. Remember, as awful as one death is and despite how violent the deaths of more than 500 Libyans may seem, the father of Syria’s leader killed between 20,000 and 40,000 people in Hama in 1982. These people are monsters.
Libya, Yemen & Bahrain. The uprisings and protests in these three countries continue on. Bahrain sent in tanks and troops to kill about seven protesters and injured hundreds but then backed off. Security forces chased and beat Yemenis but they continue their protests. Libya is the most violent, with many calling it less an uprising in the Tunisian sense and more of a civil war, with non-violence taking a severe beating as protesters arm themselves against tanks and live fire.
Behind the Jasmine Curtain. As the uprisings continue, it’s not just Syria using misdirection to continue or increase their oppression.
Arshama3′s list shows 68 journalists and bloggers currently arrested and incarcerated in Iran. At the same time, Iran’s “cyber army” hacked the websites belonging to the Voice of America.
Saudi Arabia is cycling through a new collection of imprisoned bloggers even as the kingdom’s women demand their rights – on Twitter.
Cambodia blocks popular blogs. “Cambodian authorities have ordered local Internet service providers to block a number of websites, including the popular KI Media news aggregator and commentary blog, considered critical of the government.”
Bahraini blogger and online editor freed. Want some good news? This is good news. Ali Abdulemam, held since the beginning of last September has been set free in the release of political prisoners inspired by #feb14 and has reunited with his family. Abdulemam has run popular BahrainOnline forum site for over six years. He was arrested the first time for it in 2005.
Map from Norman B. Leventhal Map Center
Source: Syrian Bloggers Arrested: This Week in Online Tyranny
Categories: readwriteweb Ahmad Abu, Al-Kheir, Al-Mallouhi, Ali Abdulemam, America, Bahrain, Cambodia, cambodian authorities, cyber army, Hama, Internet, internet service providers, Iran, Jasmine Curtain, Jasmine Uprisings, Libya, local internet service, local internet service providers, news, Norman B. Leventhal, online, Saudi Arabia, Syria, time, Yemen
February 22nd, 2011 02:06
writes with this excerpt from TechWorld: “The pro-Iran hacktivist group that defaced the Baidu and Twitter Web sites a year ago has hit another target: the US Government’s Voice of America news site. Voice of America was knocked offline temporarily after hackers were able to change the organization’s DNS (Domain Name System) settings, redirecting Web traffic hitting Voice of America sites to another site controlled by the hackers.”
Source: Voice of America Site Forced Offline By ‘Iranian Cyber Army’
Categories: slashdot America, Baidu, cyber army, dns domain name, hacktivist, Iran, Offline, site, tapir, Voice, voice of america news, web
February 22nd, 2011 02:20
Iran’s regime-controlled hackers have broken into a number of websites run by the U.S.government broadcasting organization Voice of America and changed their landing pages. This was confirmed by Iran’s semi-official state news agency, Fars.
The sites were reported to have been restored to normal but at last check the main English language site was still hacked.
As well as the English version, those in Azeri, Dari, Pashtun, and Urdu languages, carry, or did carry, the image of a machine gun, an Iranian flag and an anti-American statement.
This is an important proof of concept for the idea that any tool a “dissident” group like Anonymous can use can be also be used by a government with the will and the know-how to do so.
According to Voice of America itself:
“VOA executives said the hackers did not penetrate any of the government-funded agency’s computer networks. They did gain entry to an outside computer system that operates a domain name server – a database of Internet addresses available worldwide – and redirected VOA traffic to the hackers’ own site.”
It was done because of VOA’s “anti-Islamic stand,” claimed the Fars Agency.
“The move came in response to the false reports released by the VOA and other websites on the spread and progress of seditious moves in Iran. VOA and its affiliates have long been supporting anti-Islamic Republic groups and sought to provoke unrests in Iran.”
The attack started Monday evening is lasting into today.
This is far from the first time this Iranian group has hacked a site. Last January, they broke into the Chinese search engine Baidu, also redirecting it to a political message. The month before, they broke into Twitter.
Source: Iran’s “Cyber Army” Hacks Voice of America
Categories: readwriteweb agency, America, chinese search engine, cyber army, domain name server, Fars, Government, Iran, Islamic Republic, organization voice, s computer networks, site, U.S., VOA, Voice
angry tapir writes “A group of malicious hackers who attacked Twitter and the Chinese search engine Baidu are also apparently running a for-rent botnet, according to new research from Seculert. The so-called Iranian Cyber Army also took credit last month for an attack on TechCrunch’s European website. In that incident, the group installed a page on TechCrunch’s site that redirected visitors to a server that bombarded their PCs with exploits in an attempt to install malicious software.”
Source: Iranian Cyber Army Moves Into Botnet Renting
Categories: slashdot Baidu, botnet, chinese search engine, Cyber, cyber army, group, Internet, Iranian, it, malicious hackers, security, software source, TechCrunch, technology
Trailrunner7 writes “A talk on China’s state-sponsored offensive security efforts scheduled for the Black Hat conference in Las Vegas later this month has been pulled after concerns were raised by people within the Chinese and Taiwanese government about the talk’s content. The presentation was to be delivered by Wayne Huang, CTO of Armorize, an application security company with R&D operations in Taiwan. The talk was billed as an in-depth, historical look at the offensive capabilities and operations of China’s so-called cyber-army.”
Source: Talk On Chinese Cyber Army Pulled From Black Hat
Categories: slashdot Black, black hat, China, cyber army, Government, Hat, Las Vegas, offensive capabilities, security, Taiwan, taiwanese government, talk, Trailrunner, Wayne Huang, yro
snydeq writes “The group that took down Twitter last month has apparently claimed another victim: China’s largest search engine Baidu.com. Offline late Monday, Baidu.com at one point displayed an image saying ‘This site has been hacked by Iranian Cyber Army,’ according to a report in the official newspaper of the Chinese Communist Party and other Web sites. The Iranian Cyber Army first gained notoriety with its Dec. 18 Twitter attack. Baidu’s domain name records were the focus of the hack. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses.”
Source: Twitter Hackers Take Down Baidu
Categories: slashdot Baidu, China, chinese communist party, com, cyber army, domain name records, Florida, florida isp, hack, hack on, Iranian, Monday, security, supplies, twitter, yro