Cultural Censorship in Iran
September 6, 2011
SEPT — House of Cinema Issues Statement in Support of Detained Documentary Filmmakers
September 24, 2011
More than 300,000 Iranians have had their Gmail accounts compromised. From the report by the investigative firm Fox-IT, the security firm hired to investigate the stolen DigiNotar security certificates, it is clear that as early as July 28, the company was aware that falsified security certificates were in use in Iran. This is one month earlier than the first public notice, which was made by a Google Chrome user in Iran. (Read more background information.)
This simulation from Fox-IT shows the use of fake Google certificates.
Fox-It’s report states that most of the IP addresses compromised outside Iran were Tor exit points, meaning the originating computer was most likely located in Iran.
The report, Operation Black Tulip (pdf), states:
They used both known hacker tools as well as software and scripts developed specifically for this task. Some of the software gives an amateurish impression, while some scripts, on the other hand, are very advanced. In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011.
The report is damning of DigiNotar’s own security procedures.
- The hacker had access to all admin rights at DigiNotar.
- Anti-virus software could have detected much of the malicious software used in the attack, but none was in use.
- Components which should have been inaccessible to outside breaches were accessible.
- All of the servers were accessible to one admin, meaning the hackers only had to break into one admin account in order to do a lot of damage.
- The login for the breached admin was not strong enough.
- Software on public servers was outdated.
The hacker also left behind fingerprints:
If you would like to know if you visited a site using a fake certificate, the report contains a list of domains.
