In this post I explained that, what I called the mobile warfare (that is social protest driven by mobile technologies and social networks), is rapidly spreading all over the Middle East, apparently with a systematic time scale (so far events in Tunisia, Egypt and Libya have been separated by approximately a month).
Many observers claim that, in the shorter term, Syria and Bahrain could be the next targets of internal protests (last week 150 people were killed in Syria and today the government led by PM Naji Otri has resigned, apparently a quantum shift).
But the wave coming from Maghreb, led by the mobile warfare, seems unstoppable and in the longer term, also Iran and Iraq, the main barriers of fundamentalism, could be affected as well.
Of course, one of the most exciting things of Infosec, is the fact that the reality is always one step ahead of the imagination. As a matter of fact I tried to imagine different ways in which bad guys from totalitarian regimes could prevent mobile technologies and social networks from achieving their scope to encourage citizens to join the protests, including DDoS, Internet connectivity disruption and so on… I could not imagine, however, that one could think to issue rogue certificates for some high profile websites used for email and chat in order, maybe, to intercept cumbersome and subversive communications.
That is exactly what happened with the Comodo Affaire in which some fraudulent certificates were issued by the Comodo Certificate Authority, exploiting a vulnerability of a couple of Italian affiliates (sigh!) globaltrust.it and instantssl.it allowing to issue a legitimate signed certificate on behalf of any requesting entity. This vulnerability was used in order to issue rogue Certificate Signing Request (CSR), that is false request to obtain legitimate SSL certificates for the following web sites:
For those of you, who are not too much practical with Public Key infrastructure and Cryptography, this means that, in simple words, once obtained a rogue certificate one may build a false web site (for instance a false mail.google.com website) to capture precious information normally “traveling” on the web encrypted, for instance username and password of private email. This is called a man-in-the-middle attack.
Since it was discovered that the rogue Certificate Signing Request originated from an ISP located in Iran, an alleged political origin for the attack was proposed, motivating it with the attempt of the Iranian government (enforced by a Cyber Army), to intercept communications and more in general emails and chats belonging to political leaders not “too close” to the positions of Mr. Mahmoud Ahmadinejad (mmhh.. at least for the alleged purpose, to me it reminds Operation Aurora, doesn’t it?)
Now, it looks like that a lonely ranger Iranian hacker, not belonging to any army, claimed the to be the only author of hack (at this link the complete history and a detailed analysis of the event). Probably a real Iranian involvement will not ever been confirmed, but to me, the doubt that this action was planned to stop the mobile warfare remains intact. Otherwise I would not be able to understand why only certificates related to secure communication methods were affected, often used by dissidents to organize protests and share news with the world.
- 463,392 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 2012 Cyber Attacks Statistics
- 1-15 May 2013 Cyber Attacks Timeline
- 2012 Cyber Attacks Timeline Master Index
- 2013 Cyber Attacks Timeline Master Index
- April 2013 Cyber Attacks Statistics
- About Me
- March 2013 Cyber Attacks Statistics
- Cyber Attacks Timeline Master Indexes
- 16-30 April 2013 Cyber Attacks Timeline
- 1-15 May 2013 Cyber Attacks Timeline hackmageddon.com/2013/05/23/1-1… #Infosec - 10 hours ago
- Apparently someone flags the Cisco Website as malicious... virustotal.com/en/url/fb74e6d… - 15 hours ago
- RT @marco_cova: IE8 0-day exploit (CVE-2013-1347) analyzed on Wepawet: bit.ly/13IZs2E - 1 day ago
- RT @jc_vazquez: Vista Equity Partners to Buy Websense #News #InfoSec on.wsj.com/13BfWaw via @WSJ - 3 days ago
- Pentagon OKs Androids, BlackBerrys for soldiers nakedsecurity.sophos.com/2013/05/07/pen… - 4 days ago
- April 2013 Cyber Attacks Statistics wp.me/p14J6X-2oX - 4 days ago
- RT @LastlineLabs: Marco Cova from Lastline talking about hacktivism on Italian TV ow.ly/l8Az6 - 5 days ago
- RT @lastlineinc: Malware can make itself invisible: in the case of RSA security's breach, malware went undetected for 1/2 year http://t.co/… - 6 days ago
- RT @gianlucaSB: SMS-based command and control protocols are here ow.ly/l47Ye - 1 week ago
- Skype with care Microsoft is reading everything you write h-online.com/security/news/… - 1 week ago