- Journal Archives
- Volume 16
- Volume 15
- Volume 14
- Volume 13
- Volume 12
- Volume 11
- Volume 10
- Volume 9
- Volume 8
- Volume 7
- Volume 6
- Volume 5
- Volume 4
- Volume 3
- Volume 2
- Volume 1
No, the Iranian government is not looking for a nice catfish. Nor is the Iranian government spending the summer following around everyone’s favorite jam band Phish. Instead, the Iranian government may have been involved in a phishing scam by creating fake website verification certificates that tricked Iranians into providing usernames and passwords to sites like Gmail, Skype, and Facebook. Typically, phishing involves hackers creating a fake website that looks and feels like the real website the user was trying to view and which asks the user to “re-verify” her account by entering in her username and password. The certificates could then be used by a third party with control of the Internet service provider to eavesdrop on supposedly secure online conversations.
The attacks were made possible after hackers compromised DigiNotar, a Dutch company involved in verifying website authenticity. The company issues SSL certificates, which validate that data exchanged with a website is properly encrypted. The attacks were sufficiently severe enough to cause other SSL certificate-issuers to stop issuing new certificates. However, to have achieved the amount of success the Iranians claim (a claimed 300,000 accounts), hackers would likely have needed control of Iranian telecoms, which has generated speculation regarding the Iranian government’s involvement with the attack. However, it should be pointed out that the Iranian hacker claiming responsibility denies any involvement with the Iranian government.
This is not the first time hackers have gained access to dissident and government officials’ Gmail accounts. Chinese hackers, and perhaps the Chinese government, have been involved in repeated phishing incidents in China. After a 2009 Chinese phishing attack, Google moved its mainland Chinese search service to Hong Kong and stopped obeying the Chinese government’s censor requirements. At this time, it is unclear if Google has a similar response planned for the Iranian attacks.
– Paul Russell
Recent Blog Posts
- Controlling the Uncontrollable: UK Taking the Driver’s Seat in Driverless Car Technology
- Obama’s Cybersecurity Executive Order: Private Sector Must Help Police the “Wild West”
- Qualcomm Settlement May Reconfigure the Smartphone Market in China
- Who Rightfully Owns the Village People’s YMCA?
- Internet Elections Regulation: Another Pie in the Partisan Food Fight?
- Great Artists Steal? A Music Theory Thought Experiment & a Worry about the Litigation of Popular Music
Tagsadvertising antitrust Apple books career celebrities contracts copyright copyright infringement courts creative content criminal law entertainment Facebook FCC film/television financial First Amendment games Google government intellectual property internet JETLaw journalism lawsuits legislation media medicine Monday Morning JETLawg music NFL patents privacy progress publicity rights radio social networking sports Supreme Court of the United States (SCOTUS) technology telecommunications trademarks Twitter U.S. Constitution