In this post I explained that, what I called the mobile warfare (that is social protest driven by mobile technologies and social networks), is rapidly spreading all over the Middle East, apparently with a systematic time scale (so far events in Tunisia, Egypt and Libya have been separated by approximately a month).
Many observers claim that, in the shorter term, Syria and Bahrain could be the next targets of internal protests (last week 150 people were killed in Syria and today the government led by PM Naji Otri has resigned, apparently a quantum shift).
But the wave coming from Maghreb, led by the mobile warfare, seems unstoppable and in the longer term, also Iran and Iraq, the main barriers of fundamentalism, could be affected as well.
Of course, one of the most exciting things of Infosec, is the fact that the reality is always one step ahead of the imagination. As a matter of fact I tried to imagine different ways in which bad guys from totalitarian regimes could prevent mobile technologies and social networks from achieving their scope to encourage citizens to join the protests, including DDoS, Internet connectivity disruption and so on… I could not imagine, however, that one could think to issue rogue certificates for some high profile websites used for email and chat in order, maybe, to intercept cumbersome and subversive communications.
That is exactly what happened with the Comodo Affaire in which some fraudulent certificates were issued by the Comodo Certificate Authority, exploiting a vulnerability of a couple of Italian affiliates (sigh!) globaltrust.it and instantssl.it allowing to issue a legitimate signed certificate on behalf of any requesting entity. This vulnerability was used in order to issue rogue Certificate Signing Request (CSR), that is false request to obtain legitimate SSL certificates for the following web sites:
For those of you, who are not too much practical with Public Key infrastructure and Cryptography, this means that, in simple words, once obtained a rogue certificate one may build a false web site (for instance a false mail.google.com website) to capture precious information normally “traveling” on the web encrypted, for instance username and password of private email. This is called a man-in-the-middle attack.
Since it was discovered that the rogue Certificate Signing Request originated from an ISP located in Iran, an alleged political origin for the attack was proposed, motivating it with the attempt of the Iranian government (enforced by a Cyber Army), to intercept communications and more in general emails and chats belonging to political leaders not “too close” to the positions of Mr. Mahmoud Ahmadinejad (mmhh.. at least for the alleged purpose, to me it reminds Operation Aurora, doesn’t it?)
Now, it looks like that a lonely ranger Iranian hacker, not belonging to any army, claimed the to be the only author of hack (at this link the complete history and a detailed analysis of the event). Probably a real Iranian involvement will not ever been confirmed, but to me, the doubt that this action was planned to stop the mobile warfare remains intact. Otherwise I would not be able to understand why only certificates related to secure communication methods were affected, often used by dissidents to organize protests and share news with the world.
- 634,007 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 16-30 November 2013 Cyber Attacks Timeline
- 2012 Cyber Attacks Statistics
- August 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Timeline Master Index
- 2013 Cyber Attacks Statistics
- 1-15 November 2013 Cyber Attacks Timeline
- 1-15 October 2013 Cyber Attacks Timeline
- A (Graphical) World of Botnets and Cyber Attacks
- 2012 Cyber Attacks Timeline Master Index
- 16-30 November 2013 Cyber Attacks Timeline wp.me/p14J6X-2tY - 13 hours ago
- 1-15 November 2013 Cyber Attacks Timeline wp.me/p14J6X-2tO - 1 week ago
- RT @Accumuli_Sec: Accumuli signs partnership with @Lastlineinc and announces availability of integration suite into #SIEM platforms http://… - 2 weeks ago
- October 2013 Cyber Attacks Statistics wp.me/p14J6X-2tw - 2 weeks ago
- Anti-APT startup Lastline heads for London's Tech City - Techworld.com news.techworld.com/security/34895… - 2 weeks ago
- 1-16 October 2013 Cyber Attacks Timeline wp.me/p14J6X-2tp - 3 weeks ago
- It's time to go back to Europe. Thank you @Mandiant @taosecurity for this awesome #MIRcon - 4 weeks ago
- RT @jasonsoroko: Paolo Passeri of Hackmageddon.com discussing attack trends. #MIRcon http://t.co/KDMxh1T2Yu - 4 weeks ago
- Fight against malware developing into arms race itpro.co.uk/malware/20933/… - 1 month ago
- RT @WeldPond: Experts say hackers hit major Israeli roadway, a sign cyber warfare now reality. Tunnel camera system shut down. http://t.co… - 1 month ago