Iranian hacker dupes Google, activists worried

The World

Story by PRI’s The World. Listen to audio for full report.

In a country like Iran, where activists and journalists are constantly aware of the watchful eye of the government, many people use Google’s email service, Gmail, to communicate. That’s because the whole system uses “https,” a system that adds an extra layer of security for communication using certificates of authority issued by certified providers.

“In theory,” Danny O’Brien of The Committee to Protect Journalists told PRI’s The World, “what’s known a man in the middle – someone in between you and Google — wouldn’t be able to spy.”

That security was compromised recently, when a hacker known as Comdohacker got his hands on more than 200 fake certificates for sites like Google, the CIA and Yahoo.

“Once a system is broken, they’d be able to see the emails you were reading,” O’Brien says. They’d even be able to obtain your password, which they could use on other sites, more than likely.

Comodohacker is well known in the computer world as a 21-year-old hacker operating inside of Iran. In the past, he has claimed that he works alone. In this case, however, “this certificate was being used to fake Google for hundreds of thousands of Iranian users. That’s not something a 21-year-old could do on their own,” according to O’Brien. “That’s something that requires the cooperation of at the very least one internet service provider and probably a state-run internet service provider in Iran.”

“Honestly, it’s the journalists and readers and activists who have been using these services in Iran” who are most hurt by this, O’Brien says. They believed they were communicating securely, but now many have been caught up in a “dragnet surveillance by what we presume is the Iranian authorities.”

Read the rest of this story on The World website.


PRI’s “The World” is a one-hour, weekday radio news magazine offering a mix of news, features, interviews, and music from around the globe. “The World” is a co-production of the BBC World Service, PRI and WGBH Boston. More about The World.

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.