 |
| (Photo: RNW) |
Iranian
dissidents are at grave risk after hackers broke into a Dutch internet company,
allowing the Iranian authorities to read messages sent through normally secure
sites such as Yahoo and Gmail.
The exact
threats the Iranian dissidents are facing as a result of the hacking attack are
not yet clear. With elections due in March 2012, however, Iran’s security
services are especially vigilant. Ot van Daalen, who heads Bits of Freedom, a
Dutch group that defends digital privacy rights, fears the worst:
“It’s
horrible to say but it’s entirely possible that the hacking attack has
endangered lives in Iran.”
DigiNotar
In July,
hackers broke into DigiNotar, a Dutch company that issues certificates of
authenticity aimed at protecting websites around the globe. The hackers then
issued fake certificates. After that, some internet users who thought they were
on a secure site, could have their messages read by anyone, including Iran’s
security services. It was only recently that Iranian activists realised
something was amiss.
The hacking
attack affected dozens of websites of renowned companies, including Microsoft,
Wordpress, Facebook, Twitter and Yahoo’s and Google’s email services. Israeli
and British secret services were targeted too. Gmail and Yahoo are widely used
by Iranian dissidents to communicate with each other. The breach was sealed
nine days ago but that does not mean, Van Daalen warns, there no longer are any
threats.
“There is a
real chance that the Iranian authorities have used these certificates to
eavesdrop on users. And it can’t be ruled out they will continue doing so with
other certificates.”
Censorship
Iran is one
of the countries with the worst censorship in the world, says Frank van Dalen
of the Dutch Iran Committee. Internet, he stresses, is one of the last resorts
for Iran’s opposition.
“They use
internet in all possible ways. Some messages are explicit, others are more
implicit but clear to the reader. People also wear green bracelets as a visible
sign of protest.”
Serious
threat
Van Daalen
agrees that the Iranian dissidents are facing a serious threat, with censorship
and repression bound to intensify in the run-up to the elections due in March.
The Iranian authorities, he cautions, will do all they can to avoid a second
Green Revolution. The hacking attack, he ventures, is hardly accidental, since
DigiNotar is involved in Dutch projects designed to improve internet access in
Iran.
“The
Netherlands supports that initiative. This raises the question whether
DigiNotar also carries out such work for the Dutch government. If so, that
could be a reason why it was targeted. Why was this company attacked and not
another certificate-issuing firm? It’s vital to find out.”
It’s not
clear if the attack on DigiNotar was carried out by Iran. The Dutch government
has launched an investigation. The Iran Committee wants The Hague to summon the
Iranian ambassador. DigiNotar itself has refused to comment on the case.
Who issues
certificates of authenticity?
- Before the
breach, DigiNotar was authorised to issue certificates of authenticity, which
guarantee that a site is secure (with https:// in the navigation bar). Makers
of internet browsers such as Microsoft Internet Explorer, Mozilla Firefox and
Google Chrome then evaluate if such sites really are secure.
Currently there are some 600 such companies recognised around the world, according to Bits of Freedom. They in turn, Ot van Daalen adds, are allowed to designate retailers, which number in the thousands. “It is questionable whether all of these companies can be really trusted.”
A list of “compromised certificates” includes well-known domain names such as Google, Yahoo, Facebook, Skype and Wordpress. So far, however, only internet users in Iran appear to be at risk, according to Van Daalen.
The Dutch government and Dutch companies are in the process of replacing DigiNotar certificates by certificates issued by other companies. The government has set up a website that gathers all related news and developments.
0 comments:
Post a Comment