Expect to see more of this: hackers are cheaper than missiles and nobody has ever bombed anyone over the use of them. (That will probably not be true in twenty years: there are things you could imagine doing which would force nation states to treat them as symmetric threats.)
The problem is that you can never be sure where a 'hack attack' came from. Sure, the directly used IPs are from Iran, but it is very well possible they were simply used as proxy. Most of the world already regards Iran as evil, so they are a good scapegoat. Obviously it's possible they are really behind it, but you can't be sure enough to start a war.
Let me put it this way: if Iran has deniably disabled US nuclear capability in the same way that Israel deniably disabled Iranian nuclear capability, the spectrum of options considered by the US government would certainly not end with "send them a strongly worded letter, since we're not totally convinced they did it."
I mean, another country in the neighborhood went for strategic ambiguity for many years. It worked very well right until it didn't.
I certainly don't disagree that it is very dangerous and might cause countries to attack each other in extreme cases. It does give a third party a relatively cheap strategic option to pit countries against each other.
You make it out like definitive proof is necessary for escalation. Don't forget the Lusitania, the battleship Maine, the Reichstag Fire. All of them had ambiguous causes at the time but severely escalated violence.
If I worked for a US/UK/Russian/Chinese intel organisation I'd make damn sure we had a steady pool of logless proxies dotted about on boxes in Iran, Pakistan and whatever net-connected boxes North Korea has.
NK gets its internet connections (which are available only to the uttermost top of the party, which means when the country collapses the population is in for something of a wakeup) through China.
You have to wonder what form of authentication was used at Comodo's Registration Authority server that enabled it be breached. Maybe an RSA SecureID token :-) (see http://steve.grc.com/2011/03/19/reverse-engineering-rsas-sta...). Seriously, I'd have thought the admin account on an RA server would require multiple approvals, on-site access or something. I guess we'll have to wait for the details to come out. Something like this is bound to eventually happen when you have so many trusted root SSL certs in play.
That will always be a problem with trusting some 3rd party for certificates, as soon as the number of trusted parties increase these things can become more frequent.
Attribution is a massive problem when it comes to attacks. An IP address source does not mean that the attacks were Iranian in origin. It is distinctly possible that the Iranian systems were compromised, or that people were using Iranian hosts to cover their tracks (try getting a US-led forensic investigation team to get logs from an Iranian system).
It is also possible that after Stuxnet, the Iranian government and military have had to consider their options and that this would be an option (bearing in mind that CINIC-signed certificates have been accepted in Firefox for a while and that CINIC have been involved in surveillance ops on people in China).
As for what's actually happening, the people that know are probably unwilling to discuss it on Hacker News or the EFF website.
We don't know. If it was, do you really think it would be their only operation? Who else would have both the capability to massively MITM SSL within a geographical area? I'm not suggesting it was the Iranian government (to clarify, neither was my post above), but for someone to go after the certs it would be expected they'd want to have somewhere (or at least someone) to MITM in mind.
How many Iranians use Yahoo Mail? How many people of interest outside of Iran use Yahoo Mail?
Admittedly, this is of no use to the average Internet user, but there's a Firefox addon called Certificate Patrol. It alerts you when an SSL certificate changes. It shows you the old cert information along side the new cert information. It tells you if the old cert was due to expire, and also if the signing authority has changed.
Certificate Patrol looks amazing - amazing enough to switch back from Chrome to Firefox in fact (now that Firefox is a bit snappier). Pity it's not available for Firefox 4!
It wasn't a root certificate that was compromised, was it? Unless you consider the breach at Comodo to be a compromise, in which case, axe Comodo's certs (and suffer 10000 SSL cert warning dialogs).
I think Iran's intelligence services also wish SSL and HTTPS authentication had been separated at birth. Sure would make things easier for them if all they they needed was the MITM proxy, and not the certificate.
This "Iranian hackers" thing is complete bollocks if you ask me.
The article's title should sound the same regardless of the hacker's nationality but if it doesn't (there may be a more menacing feel to it) then that's probably thanks to the media's propaganda which would like to put the words "Iranian", "nazi" and "pedophile" on the same level.
Are we going to fall back to the same silly "we're the good guys, they're the bad guys" cold war rhetoric? Come on.
