Google Warned Iranian Users

A few days ago Google has issued a warning to its Iranian users of Gmail system, mentioning a digital certificate hack, which could have resulted in a hacker mimic the company’s email system in that country.

Eric Grosse, vice president of security engineering at the company, explained that although internal systems of Google weren’t compromised, the company was directly contacting possibly affected users in Iran, providing similar data online, because their top priority was to protect the privacy and security of its customers.

The hack in question, which happened because of a security lapse at Dutch digital security company called DigiNotar, was thought to affect around 300,000 Gmail users in the country. Google warns that the hacker could trick Iranian Gmail users into visiting some fake versions of the Google website, thus obtaining access to users’ accounts.

The company recommended its Iranian users of Gmail to change their passwords and update their account recovery data. They also advised to remove any suspicious forwarding addresses and clients able to access their accounts. Meanwhile, the Iranian perpetrator, who referred to himself as “Comodohacker” claimed he was a 21-year-old software engineering student, saying that has also stolen certificates for more than 500 websites. The list of the affected services includes such giants as Microsoft, Facebook, Yahoo, and Twitter, let alone the CIA and Israel’s Mossad.

When the digital certificates were stolen that are meant to guarantee the sites are genuine, it consequently exposed a huge flaw in the basic precepts of online security, according to security experts. Despite the fact that all the popular Internet browsers’ developers have already revoked digital certificates from DigiNotar, it can still be possible that some other firms issuing digital certificates have been compromised as well, but this time the hack wasn’t detected.

The purported hacker gave an email interview, saying that he was acting alone. However, he gave a hint that he had given his data to the Iranian government. He claimed that he was absolutely independent and only shared his findings with a few people in Iran, who are free to do whatever they want with his findings. He also boasted that his country should have control over such giants as Google and Yahoo, and that’s why he was breaking all encryption algorithms.