Expert: Iran might be stealing passwords from citizens to tighten censorship

Iran's apparent theft of valid SSL certificates may be an attempt to trap Iranians who use the Internet to duck the government's restrictions, a security expert says.

Reaction: Microsoft secures IE from stolen certs

The certificates stolen from certificate vendor Comodo could be used to reroute users to servers that appear to be legitimate but are not, says Mikko Hypponen, chief researcher at F-Secure in the company's blog.

The certificates in question were issued to,,,, and Global Trustee.

Hypponnen says the certs could be used to gather passwords. Since the government controls Internet routing in the country, it could reroute all Skype traffic to a fake Skype login page and collect user names and passwords with the SSL encryption seemingly in place. Monitors could read e-mail accounts as well that seem protected by SSL encryption because the certificates are valid, he says. "Even most geeks wouldn't notice this was going on," he says.

Comodo suspects involvement by the Iranian government because of how well directed the attack was and how quickly it was executed.

Hypponen cites fellow researcher Eric Chien at Symantec as speculating the could be used to block installation of certain extensions to the Firefox browser that would bypass censorship filters, such as FoxyProxy that automatically switches Internet connections across multiple proxy servers. This could be used to anonymize traffic.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftcybercrimeskypelegalSSLf-secure

More about ComodoF-SecureGoogleLANMicrosoftMozillaSkypeSymantecWindows LiveYahoo

Show Comments