Skip to main content

Forged Google Certificate Lurking On The Web

Security experts have discovered a fake web certificate for Google websites doing the rounds in the wild.

The fraudulent web certificate for allows hackers to impersonate Google websites like Gmail.

According to The Register (opens in new tab), the fake SSL certificate has been issued by DigiNotar; a Netherlands based digital certificates company.

The certificate is valid for *, allowing hackers to attack Google users who visit web pages on networks controlled by the hackers, The Register explains. The SSL certificates are used to prove that the website users are visiting are genuine and not fraudulent.

The certificates came into light when a Google user from Iran got a warning from his Chrome web browser about the certificate being a fake.

“A Chrome security feature warned the user of the invalid certificate and blocked them from visiting the attacker's site. We're pleased that the security measures in Chrome protected the user and brought this attack to the public's attention. While we investigate, we plan to block any sites whose certificates were signed by DigiNotar,” Google said in a statement, CNET (opens in new tab) reports.

"I expect this type of attack to become somewhat commonplace in time," said Roel Schouwenberg, senior researcher at Kaspersky Lab.

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.