Google has advised users of its online services in Iran to change their passwords following the theft of Internet security certificates from a Dutch company.
"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Google vice president of security engineering Eric Grosse said. "While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts," Grosse said in a blog post late Thursday. Iranians were advised to change their passwords, pay attention to warnings that pop up in Web browsers and to block unfamiliar websites and applications that are allowed to access an account. They were also told to check Gmail settings for suspicious forwarding addresses. The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday. The falsified certificates, known as SSL certificates, belonged to Dutch company DigiNotar. SSL certificates are used to verify to visitors that a particular website is authentic and are issued by DigiNotar and other firms known as Certification Authorities. Internet users whose browsers are fooled by a false certificate could unwittingly reveal their activity to another party in what is known as a "man-in-the-middle attack."
Google said last week that it had "received reports of attempted SSL man-in-the-middle attacks against Google users, whereby someone tried to get between them and encrypted Google services. "The people affected were primarily located in Iran," said Heather Adkins, an information security manager at Google.