Experts say the Iranian government may have been behind a hacking attack, allowing it to read Google email from dissidents who thought they were using secure connections.
Chicago-based Internet security firm Vasco said Wednesday its Dutch subsidiary, DigiNotar, detected the hack on July 19, compromising its security guarantees for "a number of domains, including Google.com." The company then quietly tried to fix the damage, but was alerted by the Dutch government Monday that it had missed Google, and perhaps others.
Google said in a post on its online security blog that "people affected were primarily located in Iran." It said that after consultation with Microsoft and Mozilla, users of the Chrome, Microsoft Explorer and Firefox browsers will receive warnings if they attempt to visit any website that uses DigiNotar certificates.
DigiNotar is one of the many firms that sells security certificates for the "SSL" cryptographic protocol — in effect, one of the digital notaries that guarantee the privacy of communications between a user's browser and a website.
The company said the hackers were able to get into its infrastructure and issue fake certificates.
Finnish security company F-Secure said such certificates can be used by a government or corrupt Internet service provider to reroute traffic intended for Google without being detected.
"We saw a similar attack in May," the company said in a note on the incident published on its website.
"It's likely the Government of Iran is using these techniques to monitor local dissidents."
DigiNotar did not quickly respond to requests for information about what other bogus certificates were issued or how many users may have been affected, and where.
Vasco said DigiNotar only accounts for a tiny fraction of its business, and "the vast majority" of DigiNotar's offerings — including its security certificates for communication with the Dutch tax authority — were not affected.