Who issues certificates of authenticity?
Before the breach, DigiNotar was auhorised to issue certificates of authenticity, which guarantee that a site is secure (with https:// in the navigation bar). Makers of internet browsers such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome then evaluate if such sites really are secure.
Currently there are some 600 such companies recognised around the world, according to Bits of Freedom. They in turn, Ot van Daalen adds, are allowed to designate retailers, which number in the thousands. “It is questionable whether all of these companies can be really trusted.”
A list of “compromised certificates” includes well-known domain names such as Google, Yahoo, Facebook, Skype and Wordpress. So far, however, only internet users in Iran appear to be at risk, according to Van Daalen.
The Dutch government and Dutch companies are in the process of replacing DigiNotar certificates by certificates issued by other companies. The government has set up a website that gathers all related news and developments.
Iranian dissidents are at grave risk after hackers broke into a Dutch internet company, allowing the Iranian authorities to read messages sent through normally secure sites such as Yahoo and Gmail.
The exact threats the Iranian dissidents are facing as a result of the hacking attack are not yet clear. With elections due in March 2012, however, Iran’s security services are especially vigilant. Ot van Daalen, who heads Bits of Freedom, a Dutch group that defends digital privacy rights, fears the worst:
“It’s horrible to say but it’s entirely possible that the hacking attack has endangered lives in Iran.”
In July, hackers broke into DigiNotar, a Dutch company that issues certificates of authenticity aimed at protecting websites around the globe. The hackers then issued fake certificates. After that, some internet users who thought they were on a secure site, could have their messages read by anyone, including Iran’s security services. It was only recently that Iranian activists realised something was amiss.
The hacking attack affected dozens of websites of renowned companies, including Microsoft, Wordpress, Facebook, Twitter and Yahoo’s and Google’s email services. Israeli and British secret services were targeted too. Gmail and Yahoo are widely used by Iranian dissidents to communicate with each other. The breach was sealed nine days ago but that does not mean, Van Daalen warns, there are no longer any threats.
“There is a real chance that the Iranian authorities have used these certificates to eavesdrop on users. And it can’t be ruled out they will continue doing so with other certificates.”
Iran is one of the countries with the highest levels of censorship in the world, says Frank van Dalen of the Dutch Iran Committee. Internet, he stresses, is one of the last resorts for Iran’s opposition.
“They use internet in all possible ways. Some messages are explicit, others are more implicit but clear to the reader. People also wear green bracelets as a visible sign of protest.”
Van Daalen agrees that the Iranian dissidents are facing a serious threat, with censorship and repression bound to intensify in the run-up to the elections due in March next year. The Iranian authorities, he cautions, will do all they can to avoid a second Green Revolution. The hacking attack, he ventures, is hardly accidental, since DigiNotar is involved in Dutch projects designed to improve internet access in Iran.
“The Netherlands supports that initiative. This raises the question whether DigiNotar also carries out such work for the Dutch government. If so, that could be a reason why it was targeted. Why was this company attacked and not another certificate-issuing firm? It’s vital to find out.”
It’s not clear whether the attack on DigiNotar was actually carried out by Iran. The Dutch government has launched an investigation. The Iran Committee wants The Hague to summon the Iranian ambassador. DigiNotar itself has refused to comment on the case.
© Radio Netherlands Worldwide