DigiNotar, CIA, MI6, Mossad hacked by Iran

[freemehul]

http://webwereld.nl/nieuws/107812/ka...r-rapport.html

Unfortunately this article is in Dutch, but i'll give you the main points.

DigiNotar is a Dutch company that provides website or domain certificates for a lot of government websites in the Netherlands. FOX-IT is a Dutch cybercrimespecialist company that helped capture the Armenian who made the world largest spambot network.

FOX-IT has discovered that Diginotar had been hacked along with some other certificate companies. Apparently they've been hacked as early as 2009. DigiNotar discovered the security breach on the 19th of juli of 2011 and informed the authorities, the authorities called in FOX-IT. It is unknown how many false certificates have been issued, what is known that the security of sites like digid and the OV-chipcard has been compromised. Digid is used in the Netherlands to identify citizens on the internet, who want for instance to fill in their tax form. FOX-IT inquiry also revealed that false certificates also surfaced on the internet. Google has found more than 300 false certificates, including government related websites outside of the Netherlands, such as Israeli Mossad, the British MI6, and the CIA. So it appears that the FOX-IT rapport only shows the tip of the iceberg of what the Iranians have been up to for the past years. FOX-IT beliefs that the security breach of digid may be used to track down Iranian dissidents who currently reside in the Netherlands.

Looks like the Iranian government has been up to no good... again... how many more acts of cyber-warfare will our governments put up with, before they act?

[John Snowstorm]

What do you propose they do?

Flamewar? Maybe MI6 should get on the tweeter and call Iran a noob.

Seriously, MI6, CIA and Mossad? the game merely continues on the new medium, that is the nature of espionage. You think MI5, CIA and Mossad aren't up in the Iranians shiznit?

[Jo3MoMMa]

Seriously, MI6, CIA and Mossad? the game merely continues on the new medium, that is the nature of espionage. You think MI5, CIA and Mossad aren't up in the Iranians shiznit?

Might be a better question of whos shiznit are they not in?

[John Snowstorm]

I think their meddling in Iranian affairs is likely to be a lot more malevolent than in the majority of cases. Rightfully so perhaps, but getting shrill about retaliatory operations and 'cyber warfare' is ridiculous. That's just how The Game is played.

[freemehul]

well these Iranian -holes certainly could have invaded my privacy, because I too use digid to fill in my taxform.

[Magn]

Looks like the Iranian government has been up to no good... again... how many more acts of cyber-warfare will our governments put up with, before they act?

Yeah, well, go try to tell any country with nuclear warheads what to do...

There are sooo many problems with the way the internet is structured.

First and foremost: The fact that the internet is an "open" system so that if a country has lax laws, you can't simply shut it out of the internet until it's legal system improves... I mean, yes, a country connected to a world web couldn't realistically shut a particular country off on its own, but a sizable group of countries agreeing on stricter internet legislature could.

Then, the fact that accountability and integrated security on the system is lax at best to begin with (identifying anyone doing an attack by IP... good luck with that).

And finally, perhaps a collorary to the first complain: Why is sensitive government information available (aka, connected) on a network that is accessible globally to begin with? The only thing a government should have on the internet is stuff it wants the world to see (publicly available data, etc).

[Landro]

The problem with the certificate system is that it's based on trust but the companies issuing can do whatever they want. Including not running anti virus software for example. Nobody keeps an eye on them but we're still expected to trust the certificates they issue.

[freemehul]

The problem with the certificate system is that it's based on trust but the companies issuing can do whatever they want. Including not running anti virus software for example. Nobody keeps an eye on them but we're still expected to trust the certificates they issue.

exactly and that is a big problem. The government should set some legal standards for companies that issue these certificates, or else these certificates ain't worth much. However I think the biggest problem is that the government doesn't know what standards to set.

[freemehul]

And finally, perhaps a collorary to the first complain: Why is sensitive government information available (aka, connected) on a network that is accessible globally to begin with? The only thing a government should have on the internet is stuff it wants the world to see (publicly available data, etc).

yeah well the Netherlands already has a bad record when it comes to their citizens privacy.