An Internet-security company said it was tricked into trying to lure Iranian users to fake versions of major websites, a sophisticated hack it suspects the Iranian government carried out.
Comodo Group Inc., a Jersey City, N.J., company that issues digital certificates to assure Internet users of websites' authenticity, said Wednesday it had issued nine such certificates to what turned out to be fraudulent websites set up in Iran.
The March 15 attack involved certificates for fake versions of Google Inc.'s Gmail site, Yahoo Inc.'s login page and websites run by Microsoft Corp., Firefox browser maker Mozilla Corp. and Internet telephone company Skype.
In theory, an Iranian attempting to log into his Yahoo account, for example, could have been misdirected to a fake site. That would allow the perpetrators to obtain a host of online information including contents of email, passwords and usernames, while monitoring activity on the dummy sites.
Since the targeted sites offer communication services, not financial transactions, Comodo said it seemed clear the hackers sought information, not money.
It wasn't clear whether anyone fell for the ruse. Comodo said it didn't know how many of the nine certificates were received by the attacker.