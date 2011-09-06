* About 300,000 Internet users in Iran monitored - report
AMSTERDAM, Sept 5 About 300,000 Internet users
in Iran have been spied on last month by one or several hackers
who stole security certificates from a Dutch IT firm, a report
presented by the Dutch government said on Monday.
Using a stolen certificate the hacker, or hackers, monitored
people who visited Google.com, could steal their passwords and
could obtain access to other services such as Facebook and
Twitter, said Dutch IT firm Fox-IT, which wrote the report.
A certificate guarantees that a web surfer is securely
connected but a stolen certificate enables a hacker to pretend a
web surfer is securely connected to a website without the surfer
knowing he is being monitored.
The report, which Dutch Interior Minister Henk Donner sent
to the Dutch parliament, confirmed a statement last week from
Google when it said that it had received reports of
attacks on Google users and that "the people affected were
primarily located in Iran".
"The list of domains and the fact that 99 percent of the
users are in Iran suggest that the objective of the hackers is
to intercept private communications in Iran," Fox-IT said.
Social media such as Twitter and YouTube were used during
protests in Iran after presidential elections in 2009, and
Iranian authorities have been trying to fight opposition on the
Internet, said Afshin Ellian, who fled Iran in the 1980s and is
professor at Leiden University's law faculty.
"Tehran wants to be aware of oppositional activities inside
and outside Iran. Using that information they can forcefully act
against the opposition," Ellian said in his blog on the website
of Dutch magazine Elsevier.
In April, there were signs Iran was helping Syria put down
anti-government protests with advice on monitoring and blocking
Internet use, a U.S. official said at the time.
Dutch minister Donner told reporters he had not been able
confirm that the certificates, which were stolen from Dutch IT
firm DigiNotar, were hacked by Iranian state authorities.
"The only thing we have been able to establish is that the
people who complained were in Iran," Donner said.
The Dutch government said on Sunday that Dutch state
websites may no longer be safe following the DigiNotar attack
and the cabinet was investigating whether its sites were hacked
by Iran.
The hacker or hackers also fabricated certificates for a
website of Israel's intelligence service, Mossad, the CIA and
Britain's Secret Intelligence Service, MI6, and other sites such
as AOL and Microsoft, Fox-IT said.
"NO ANTIVIRUS PROTECTION PRESENT"
The hacker or hackers left their fingerprint with the
Persian words 'Janam Fadaye Rahbar', meaning 'I will sacrifice
my soul for my leader' and identical to a message left when IT
company Comodo was attacked in March, Fox-IT said in the report.
DigiNotar's network and procedures were "not sufficiently
secure" to prevent the attack, Fox-IT said.
"The software installed on the public web servers was
outdated and not patched. No antivirus protection was present on
the investigated servers," Fox-IT said.
The Dutch government was investigating who has been involved
in hacking the Dutch firm DigiNotar and the company was held
responsible for possible negligence, Donner said in a letter to
parliament.
"We are looking at the criminal and civil responsibility.
The company and its U.S. mother company are cooperating," Donner
said.
DigiNotar is owned by U.S.-listed IT firm VASCO Data
Security International , which said in a statement
earlier on Monday it did not expect the "incident" to have a
significant impact on its future revenue or business plans.
(Reporting by Gilbert Kreijger; Editing by Michael Roddy)