Security researchers uncover forged net security certificates to spy on Gmail

31 Aug 2011

Security researchers have found a forged internet security certificate designed to allow hackers to spy on Google users' private emails and other communications.

An Iranian web user first reported the forgery, which has led to fears, the certificate might be part of Tehran's efforts to keep tabs on dissidents.

The attack further undermines the confidence in the SSL protocol which is used to authenticate all kinds of sensitive internet traffic, including online banking.

The forged certificate was issued to the attackers on 10 July by DigiNotar, a Dutch SSL certificate authority, which for over two months allowed them to set up fake versions of Google websites that users and their web browsers found genuine.

This means hackers would have collected usernames and passwords for their targets' genuine Google accounts. The forged certificate was valid for google.com including its sub-domains as also mail.google.com.

According to a Google user in Iran who claimed he was the first to report the attack, when he tried to login to his Gmail account yesterday, he saw a certificate warning in Chrome.