September 7, 2011
More than 300,000 Iranians have had their Gmail accounts compromised. From the report by the investigative firm Fox-IT, the security firm hired to investigate the stolen DigiNotar security certificates, it is clear that as early as July 28, the company was aware that falsified security certificates were in use in Iran. This is one month earlier than the first public notice, which was made by a Google Chrome user in Iran. (Read more background information.)The report, Operation Black Tulip (pdf), states:
They used both known hacker tools as well as software and scripts developed specifically for this task. Some of the software gives an amateurish impression, while some scripts, on the other hand, are very advanced. In at least one script, fingerprints from the hacker are left on purpose, which were also found in the Comodo breach investigation of March 2011.Read more