A malicious attacker that appears to be the Iran government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype and other major websites, the security company affected by the breach said on Wednesday.
Comodo, a Jersey City, NJ-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those websites — the ones that are used when encrypted connections are enabled — in some circumstances.
The IP addresses used in the attack are in Tehran, Iran, the firm said, which believes that because of the focus and speed of the attack, it was “state-driven”. Spoofing those websites would allow the Iranian government to use what’s known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read email messages and monitor any other activities its citizens performed, even if the connections were protected with SSL encryption.