Comodo Group Inc located in Jersey City, N.J., says that they were “hacked” COUGH tricked is more like it into providing Digital Certificates to the Iranian Government in order to allow the spoofing of major websites including Google, Yahoo, Skype and other communication providers.
The suspected reason is to collect data about persons including login names, passwords and the ability to completely monitor all data sent and received.
The “ALLEGED” hack as they call it happened on March 15th and also included Mozilla Corp. meaning anyone that updated their browser may have been sent a keylogger or other malicious piece of software which they would have installed believing the source was ok.
If software downloads were intercepted this means that even the revocation of the digital certificates would mean the users system would continue to be compromised.
This is a very sad situation that should not have happened. No matter who is at fault there should have been some measure in place to prevent this from happening. Not only within Comodo Group but also an external review. At some point verification will need to take place when issuing certificates of this type because too many people can be harmed.