News

Up to 300,000 Iranians may have had their Google email monitored using security certificates stolen from Dutch firm DigiNotar.

The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates.

The report suggests the certificates were used in Iran to eavesdrop on email accounts.

The list has been passed to Google so it can tell victims they may have come under government scrutiny.

On 30 August, security firm Fox-IT was called in to analyse the sequence of events at DigiNotar that led to the security breach. It published its interim report late on 5 September.

DigiNotar is one of many firms which help to ensure that no-one is eavesdropping on secure communications between users and the sites they visit.

It does this via security certificates which act as a guarantee of identity so people can be sure they are connecting to the site they think they are.

Anyone armed with a rogue certificate for a web firm or service can impersonate that organisation and get at communications that would otherwise be impossible to read because they are encrypted.

DigiNotar first took action to revoke fake security certificates on 19 July when it found that hackers had got access to its internal network.

The Fox-IT report suggests that the hackers were able to access those internal systems for a month before DigiNotar took action.

The first exploration by the hackers took p... >>>