Attack on the security system of the Web

Attack on the security system of the Web

Unknown hackers bring the security mechanisms of the Internet to falter: they can exhibit themselves more than 500 web badges and certificates to spend with these captured as a Google, Facebook, or CIA. Iran is suspected behind the attack.
The scandal involving the Dutch certificate issuer DigiNotar widening. At the weekend it was revealed that far more Web sites are affected by the hacker attack than previously thought. Initially it was said that it had been forged just a Google certificate. Investigators have now discovered that the attackers are more than 500 safety certificates are issued - rearmed with the digital safety statements, they were able to engage with foreign identities in the Internet traffic, data and users tap eavesdrop. Experts suspect the Iranian government could mastermind of his attack.
The hacker break-in is so dangerous, because such certificate issuer DigiNotar actually need to provide security and confidence in the Internet. The so-called SSL certificates (Secure Socket Layer), issued by such companies confirm the identity of a Web browser, a Web site operator. They are the tool of choice if you want to protect themselves from unwanted eavesdroppers and transmit confidential data, such as in online banking.
Sandro Gaycken, IT security researcher at the Free University of Berlin, sees in the cyber-attack "a disaster". He says: "You have to trust the CA, otherwise this whole collapse of trust mechanism." Interesting are the certificates for state authorities, intelligence services, but also criminal organizations. Even so interesting that there are sometimes very regular dips in the building of such companies. For those affected, such mishaps are embarrassing: "The certification report something very reluctantly, rather attempt to regulate the first and discreetly behind your back before anyone notices."
Blackout at DigiNotar
Just as they seem to have tried at DigiNotar to sweep the incident under the rug. A report (PDF), which specializes in security auditing firm Fox-IT, according to the hackers invaded on 17 June in the systems of DigiNotar one. The burglary was discovered two days later, but there were apparently no action was taken. Only after 27 August in a Google forum on possibly fake certificates was noted that the case was made public.
The attacker had it time to install additional software to take over more servers. Only weeks later, on 10 July began, the intruder with his actual work. Over the next ten days, he turned from undisturbed at least 531 fake certificates.
The list of affected web-site gives an idea about a lot of motivation and intention of the attacker. Affected include:

    Popular web offerings from Google, Yahoo and AOL,
    American intelligence agencies like the CIA, British MI6 and the Israeli Mossad,
    Update web pages from Microsoft, including windowsupdate.com and www.update.microsoft.com,
    Pages on the Firefox browser and add-ons for Firefox can be loaded
    Social networks like Facebook and Twitter
    Communication services such as Skype and
    the anonymity service gate.
This excerpt shows that the attackers wanted to illuminate his victims from all sides. The fake gateway certificate makes the anonymity service operators worried. Normally, users of this service is used to protect their identity, keep their whereabouts secret wish. The system was considered to be safe from spy attempts. With the fake certificate of the attacker's false sense of security, imagine where Tor users would use, can, to observe them at every step in the network.
Back to pen and paperIn addition, the list of false certificates covering a large extent with those certificates that have been forged in March in an attack on the certificate issuer Comodo - and not only that, in a file that left the hackers on the DigiNotar servers, he left behind digital signature as the Persian saying, Janam Fadaye Rahbar. In German: "My life for the leader." The message is identical to that which was found after the attack Comodo. Even then, you can trace the attacker to Iran, just as this time
Fox-IT was able to trace almost all access to the fake certificates to computers in Iran. Those who are outside of Iran had been the Tor network servers. They are believed by Iranians who tried to gate via anonymous access to foreign servers. Be there to pick up e-mails or to simply read the news pages, which are controlled by the State.
, The combination of these two indications suggest Roel Schouwenberg of the security software firm Kaspersky, that the attack was directed at DigiNotar of the Iranian government. This was "the most plausible scenario." Presumably, the certificates were forged, in order to listen to dissident Iranians on the Internet.
"I'm sorry"
Only to have the certificates but not sufficient. To redirect the Web surfer ever to fake websites, offers access to the DNS system (Domain Name System) would have been useful. DNS servers are something like the signs on the Internet. They translate the readable Internet addresses (www.spiegel.de) in their technical equivalents (195.71.11.67), have long lists of such address pairs. Who controls those servers in his country, can cause the browser input in any of his compatriots astray. The Iranian government would have this opportunity.
Fox-IT advises Iranian network users so, log out at least once out of all their Internet services and login again, even better, to change all passwords.
Sandro Gaycken points out, however, that one does not necessarily need a DNS access and thus contradicts the theory of a state-led attack from Iran: "It is handy if you have access to the name server, but there are also other methods - for example through slightly different URLs, or smuggled via Update Trojan. "
Against a state action also speak the words cocky, left by the attacker in a file. Among other things, he boasts that: "I have your expensive firewall, router, netHSM, unbreakable and non-circumvention hardware key." He blasphemes: "I'm sorry that you will only see this message if it is too late."
Back to paper and pencil
The aftermath of DigiNotar hacks will however be a long time and felt around the world. For example, have long criticized the civil rights organization Electronic Frontier Foundation, that nation-states control their local certification bodies and thus "compromise computer security of their own citizens" could. After the Comodo Hack IT security expert Thorsten said timber from the University of Bochum, the certificate system to SPIEGEL ONLINE for renovation. As long as there is no reform of the system, you can expect to appear again and again to be deceived with false certificates.
The Netherlands has now pulled the ripcord, DigiNotar placed under state control. But access to the emergency it will probably take a while. In his piece in the Sunday night press conference convened at least warned Justice Minister Piet Hein Donner, one could for the sites of social services, police and tax authorities do not guarantee more secure communications.
He therefore advises its citizens to resort to pen and paper.
Correction: Originally, would "Janam Fadaye Rahbar" in this text as a name. In fact, there is a Persian saying. We apologize for this error.