What is it?
Its an attack on the “Authentication” layer of the Internet.
Why is it being attacked?
Internet has become a critical medium for information exchange. This information is of value to many entities.
Who is attacking it?
We believe these are “politically motivated”, “state driven/funded” attacks.
Why do we think these are state driven/funded?
Well, one of the origin of the attack that we experienced is from Iran, what is being obtained would enable the perpetrator to intercept web based email/communication and the only way this could be done is if the perpetrator had access to the Country’s DNS infrastructure (and we believe it might be the case here). Of course this is our interpretation of the situation.
First time we are seeing a “state funded” attack against the “Authentication” infrastructure. The Threat Model is changing and Comodo had already initiated a proposal for new standards in 2010 which would help mitigate some of these attacks. We will make sure to double our efforts in getting industry wide acceptance to these much needed standards so that we can continue to defend our security and freedom.
PS: You can read Phillip Hallam Baker’s blog on the matter here.