Information Age: News, analysis & insight for IT & business leaders

Attempted 'man-in-the-middle' attacks, seemingly aimed at Google users in Iran, exploited false security certificate issued by Dutch CA

Web giant Google has revealed that hackers have been using a fake security certificate to eavesdrop on users based in Iran.

Secure websites prevent hackers from intercepting messages by using SSL (secure sockets layer) certificates. Issued by various certification authorities (CA), these tell the users' browser that a website can be trusted. Fake certificates can be used to trick users' into thinking a malicious site is legitimate or, in a so-called 'man in the middle' attack, to redirect traffic through a malicious site where it can be intercepted or even changed.

Google says that hackers have been using a fake certificate, issued by a Dutch CA called DigiNotar which "should not issue certificates for Google". The CA has since revoked the certificate, and Google, Microsoft and Firefox-maker Mozilla have all issued patches that mean their browsers will no longer trust DigiNotar's certificates.

DigiNotar has not revealed how or why the false certificate was issued. One possibility is that it was hacked itself – this happened to another CA, Comodo, earlier this year. Comodo said at the time that it had been breach by hackers that appeared to originate in Iran.

Iran is one of the countries embroiled in so-called "cyber warfare". Its government says that the US and Israel were behind Stuxnet virus that infected Iranian nuclear control systems last year, while a group called the Iranian Cyber Army has hit pro-US websites and has been accused of involvement in the Comodo attack.

As with all "cyber war" activities, however, it is difficult to ascertain whether the perpertrators are as they seem or are using a politically plausible cover for their actions.