Google reported that Gmail users in Iran were at risk of having their log-in information stolen this weekend for an unknown period of time after someone broke into a Dutch Company, DigiNotar, to steal a digital identification card for Google.com.
In recent days, Iranian internet users have reported serious problems with internet speed and repeated disruptions to their web access. According to the Guardian, an Iranian user had spotted the fraudulent SSL (Secure Sockets Layer) certificate and inquired about it in Google Talk.
Reportedly, the problems with various ISPs in Iran may be a sign of government attempts to steal passwords and investigate the internet activities of Iranian dissidents. The report adds that users of Google Chrome have been immune to the attacks, because Chrome has been able to spot the fraudulent SSL certificate.
Google announced that it is still investigating how many Google users were affected but noted that the “people affected were primarily in Iran.” Google added that it is still unclear who is behind the attacks.
Mikko Hypponen, chief research officer at the security firm F-Secure, wrote in a blog post today: “What can you do with such a certificate? Well, you can impersonate Google — assuming you can first reroute Internet traffic for google.com to you. This is something that can be done by a government or by a rogue ISP. Such a reroute would only affect users within that country or under that ISP."
Google announced that it planned to disable DigiNotar’s certificate authority, and Firefox also said it was releasing a new version of the browser that warns users when they visit a website that uses certificates given out by DigiNotar.