AMSTERDAM (AP) — The Dutch government says hackers who broke into a web security firm in the Netherlands last month issued hundreds of bogus security certificates for websites including the CIA and Israel's Mossad, as well as Internet giants such as Google, Microsoft and Twitter.
The fake certificates could in theory be used to monitor users' communications with those sites without them noticing, but only by an organization that also has the ability to reroute Internet traffic to servers they control — most likely a government.
A handful of Iranian users of Google's popular email service are known to have been affected.
The Dutch government said Monday Internet browser makers are now rejecting all security certificates issued by the hacked firm, DigiNotar.
