Thursday, April 11, 2013

CIA Iran Agents Allegedly Exposed by SSL CA Hack

From: RCE



A group of Iranians reported to be involved in a sophisticated operation involving a deal with Chinese intelligence and involvements of Huawei have been able to obtain information about the certificate authority infrastructure produced and operated by Equifax at first, then sold to GeoTrust, Verisign and finally Symantec.
According to a translation made by natives, the report indicates that CIA operatives were communicating with the organization using some tools based on SSL signed certificates by the Equifax-based system. The Iranians found their way in and helped themselves a lot. The report claims the Iranian security apparatus was aware of the activities and made many arrests.


There are images apparently belong to Cryptome pages showing the report is referring to a link titled as "Who did the Stuxnet? final Episode" and the media contain confessions of CIA assets in Iran plus some clips showing the CIA officers abroad were being under MOIS, the Iranian intelligence, surveillance. Their faces are openly there.
The report also mentions an ABC news coverage of U.S. intelligence officials confirming that dozens of their operatives were gone missing in Iran and Lebanon because of "the tradecraft". This consistently reads same as the above mentioned report and their alleged involvement in hacking into CIA's communication by attacking the SSL certificate issuer first.
With Iran this is not the first report we observe containing something about a break-in to a CA. We have seen hard evidence that Iranians are good at this, referring to the Comodo hacker story and the Diginotar scandal.
Ironically, the report contains an image which seems to be a page or two of the book "State of War" by James Risen. On page 193 the author using his confidential sources (which later turned to be actual CIA officers at the time) claims that a decade ago or so, the CIA made it even more simpler for Iranians to roll-up a spy network. The report ends with a simple "To be Continued" .

No comments: