Global Market Data
Global News Journal
Pakistan: Now or Never?
Front Row Washington
The Great Debate
Personal Finance Video
Life & Culture
Biggest rally in Israel's history presses PM
03 Sep 2011
Libyans hope to seize Gaddafi bastion
Green Day's Billie Joe Armstrong Kicked Off Flight for Saggy Pants
03 Sep 2011
CIA, MI6 helped Gaddafi on dissidents: rights group
03 Sep 2011
A-listers not spared in pandemic film "Contagion"
03 Sep 2011
Labor leaders must pay for parade if GOP banned, mayor says
White House to nominate Krueger as top economist
UPDATE 1-Obama warns Hurricane Irene flooding could worsen
Buenos Aires Fashion week sizzles
Mon, Aug 22 2011
Lockheed Martin presents airship of the future
Thu, Aug 18 2011
Experimental plane reaches 13,000 mph
Fri, Aug 26 2011
Dutch study possible Iran hacking of government web sites
Chinese state TV shows military cyber hacking clip
Thu, Aug 25 2011
Analysis & Opinion
Google pulls the plug on more products – the Larry Page clean-up continues
5 easy pieces of Social Security advice, information and trivia
Sun Sep 4, 2011 11:21am EDT
AMSTERDAM (Reuters) - The Dutch government said on Sunday it was investigating whether Iran may have been involved in hacking Dutch state websites after digital certificates were stolen.
Dutch Interior Ministry spokesman Vincent van Steen declined to say whether Iranian authorities in the Netherlands or Iran had been contacted, and said more details would be published in a letter to the Dutch parliament early next week.
But van Steen confirmed the veracity of a report by the Dutch news agency ANP saying the cabinet was looking into whether the Iranian government played a part in breaking into Dutch government websites.
Such web sites may no longer be safe after the digital theft of internet security certificates from Dutch IT company DigiNotar, the Interior Ministry said in a statement.
Officials at the Iranian embassy in The Hague were not immediately available for comment nor was there an immediate reply to emails asking for comment.
Google said in its security blog on August 29 that it had received reports of attacks on Google users, that "the people affected were primarily located in Iran," and that the attacker used a fraudulent certificate issued by DigiNotar.
DigiNotar's systems were hacked in mid-July and security certificates were stolen for a number of domains, DigiNotar and its owner, U.S.-listed VASCO Data Security International, said on August 30.
"MAN IN THE MIDDLE" CYBER ATTACK
A certificate guarantees that a web surfer is securely connected with a website and not being monitored by someone else. Breaking into a secure link is known as a "man-in-the-middle attack."
The stolen certificates were immediately revoked after detection of the theft but one, for the site Google.com, was only "recently" revoked after a warning from the Dutch government, DigiNotar and VASCO said.
Internet security experts said it was possible the hacking originated from Iran and involved state support.
"This is the second batch of fraudulent security certificates in the last six months with questionable links to Iranian actors," said John Bumgarner, a cyber researcher and chief technology officer for the non-profit U.S. Cyber Consequences Unit.
"The certificates in question would not only allow a state actor to access the email and skype accounts of dissenters, but also install monitoring software on their computers," Bumgarner said.
Experts use the term "cui bono test" to know who could benefit from an act and be the perpetrator.
"The 'cui bono?' test suggests Iranian state involvement. No doubt the government of Iran will try to blame some hacker group, if they say anything at all," said Ross Anderson, Professor in Security Engineering at Cambridge University.
It was possible, Anderson said, that a government used hacker groups as auxiliaries but it was not likely that a small group would do a man-in-the-middle attack on its own.
"To use the forged certificate to do a man-in-the-middle attack on gmail, you need to be in a position to be the man in the middle, which means you usually have to be an internet service provider (ISP), or in a position to compel an ISP to do your bidding. That means proximity to government," he said.
U.S.-listed VASCO said in a statement on Saturday that it had invited the Dutch government to "jointly solve the DigiNotar incident" and offered staff to solve the problem.
DigiNotar and VASCO were not immediately available for comment on Sunday.
(Reporting by Gilbert Kreijger in Amsterdam and William Maclean in London; Editing by Mark Heinrich)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Social Stream (What's this?)
Back to top
New York Legal
Support & Contact
Advertise With Us
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.