The official blog of Google reports: “ Mullahs attempted ‘Man in the middle” attacks against Google users . They add: “Today we received reports of attempted SSL man-in-the-middle attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it [!]) … To help deter unwanted surveillance, we recommend that users, especially those in Iran, keep their web browsers and operating systems up to date and pay attention to web browser security warnings”. Some experts say: “The stupid Google and other security providers for Internet users, are stupid bastard, and after two months declare what has happened !! What Google says today, is about 2 months ago ! The use of fraudulent SSL certificates is very serious threat in Iran. The main victims of this attack, are VPN users. Iranians who use VPN should be very very careful. The majority of them don’t know or care about fraudulent SSL certificates. Many of VPNs in Iran are not encrypted at all ! And many of them use fraudulent or revoked SSL certificates !! Don’t trust any SSL connection, VPN connection, etc until you are sure of its SSL certificate”. And EFF truly said: “ Mullah Man-in-the-Middle Attack Against Google Demonstrates Dangerous Weakness of Certificate Authorities “. The report added: “Whats worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months !! … Google enables encrypted connections to these services in order to protect users from spying by those who control the network, such as ISPs and governments. Today, the security of this encryption relies entirely on certificates issued by certificate authorities (CAs), which continue to prove vulnerable to attack. When an attacker obtains a fraudulent certificate, he can use it to eavesdrop on the traffic between a user and a website even while the user believes that the connection is secure . The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals. Today Internet users rely on this system to protect their privacy against nation-states. We doubt it can bear this burden”
The EFF added: “Certificate authorities have been caught issuing fraudulent certificates in at least half a dozen high-profile cases in the past two years and EFF has voiced concerns that the problem may be even more widespread. But this is the first time that a fake certificate is known to have been successfully used in the wild. Even worse, the certificate in this attack was issued on July 10th 2011, almost two months ago, and may well have been used to spy on an unknown number of Internet users in Iran from the moment of its issuance until it was revoked earlier today . To be effective, fraudulent certificates do not need to have been issued by the same authority that issued the legitimate certificates. For example, the certificate in question here was issued by a Dutch certificate authority with which Google had no business relationship at all; that didn’t make it any less acceptable to web browsers … The good news is that the computer security community is now taking this threat very seriously. Unfortunately, the bad news is spectacularly bad: users in Iran may have been vulnerable for two months … There may well be other certificates like this out there that we don’t know about. That means almost all Internet users are still vulnerable to this sort of attack”. It’s really true. As we said before, it’s not the first time that the Mullahs used fraudulent SSL certificate. In March 2011, the stupid Comodo confirmed that Basijis have hacked their SSL certificates . Iranians and non-Iranians should take this threat very serious. “Always check the validity of SSL certificates in any connection”, the experts advise. As we said before, Tor users should be very careful in Iran. The Mullahs used DPI and other techniques for attacking the internet users in Iran . The experts say:” The Iranian Tor users should be aware that many Tor nodes and Tor bridges that they have access them from inside Iran, are Mullah nodes. The Mullahs have focused on Tor. They make fake nodes, and watch the ordinary Tor users who used the classic Tor. Iranians don’t need Tor and its random routing feature. Iranians need tools and techniques that protect them from the Mullahs and Mullah surveillance. The Iranian first priority is that their connection to the outside world should be safe. Tor is very weak in this regard . If you are Iranians, don’t trust (classic) Tor. Also don’t trust any VPN, any HTTPS connection, etc, until you are sure of the validity of its SSL certificate.” The life in Iran is so hard and so dangerous, especially for the ordinary people and the internet users.