Meanwhile, the Dutch government announced that the hackers who penetrated a Dutch firm that issues certificates to get access to computer programs got away with 531 such certificates, not just a handful as previously thought.
And an Iranian student has told officials he was the person who organized the theft, not the Iranian government.
Eric Grosse, Google’s vice president for security engineering, said, “The compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail.
“While users of the Chrome browser were protected from this threat, we advise all users in Iran to take concrete steps to secure their accounts,” Grosse said in a blog post last Thursday.
Iranians were advised to change their passwords, pay attention to warnings that pop up in web browsers and to block unfamiliar websites and applications that are allowed to access an account. They were also told to check Gmail settings for suspicious forwarding addresses.
It wasn’t likely that many Iranian Gmail users would learn of the caution unless friends abroad notify them. The Iranian media are not reporting on the threat to Gmail.
The Dutch Interior Ministry said the Dutch secret service has now opened an investigation to determine who downloaded what it said was 531 Internet security certificates between July 10 and July 20. All those known to have been stolen have now been invalidated.
The Dutch government also said it is checking out claims by an Iranian that he is the person who penetrated the Dutch firm and downloaded the certificates, a government spokesman said Friday.
“We are investigating all leads including the lead of today,” Dutch Safety and Justice Ministry spokesman Edmond Messchaert told Agence France Presse (AFP), referring to an interview published on Dutch public broadcaster NOS’s website.
In the interview, a hacker claiming to be a 21-year-old Iranian student in the Netherlands, identified only by the name “Sun Ich,” said he was responsible for the breach at DigiNotar, through which the 531 Internet security certificates were downloaded.
“I carried out the hack completely on my own, from start to end,” Sun Ich was quoted as saying. “When I got the certificates I brought certain people in Iran up to speed. It looks like they then used the information.”
The hacker said he was a supporter of President Ahmadi-nejad’s government and decided to target the Netherlands to punish it for the “fall of Srebrenica” and anti-Islam statements by Dutch far-right politician Geert Wilders.
A contingent of Dutch soldiers serving with the United Nations were charged with protecting civilians in the “safe” enclave of Srebrenica, eastern Bosnia, in 1995, but were humiliatingly overrun by Bosnian Serb forces under Ratko Mladic. The following day, thousands of Bosnian Muslim men were captured or surrendered and almost 8,000 were executed in the worst atrocity in Europe since World War II.
Politician Wilders was acquitted by a Dutch court in June on hate speech and discrimination charges for attacking Islam, including comparing the Qoran to Hitler’s “Mein Kampf.”