The Dutch government reported on Monday that a hacking attack on a Dutch Web security firm in July led to the issuance of fraudulent certificates for major Web sites, including that of the Central Intelligence Agency and Twitter.

Internet giants, such as Microsoft's Internet Explorer, Mozilla's Firefox, and Google's Chrome are said to be rejecting certificates issued by the hacked company, DigiNotar. Apple has not issued any statement on revoking DigiNotar certificates, according to a guardian.co.uk report.

The Dutch Justice Ministry published the list of the more than 500 fraudulent certificates. It included certificates sent to sites operated by Yahoo, Skype, Facebook, Microsoft, AOL, WordPress, the Tor Project, and by intelligence agencies, such as Israel's Mossad and Britain's MI6. Some of the certificates were said to have been used in sending fake Windows updates.

On Saturday morning, the Dutch government delivered a press conference withdrawing its confidence in all digital certificates issued by DigiNotar. The firm had been responsible for the issuance of certificates used for all tax returns in The Netherlands.

How Security Certificates Work

DigiNotar is but one of the companies issuing security certificates used to authenticate Web sites. These also guarantee that communications occurring between a site and a user's browser is secure.

If the security certificates are fraudulent, it can mislead a user in visiting copycats of actual Web sites. When the user enters these sites, the hacker can then monitor communications and transactions with the real sites. The user will not even notice that this is happening.

Who's Responsible?

In a report published by The Associated Press and posted in the New York Times, analysts revealed that the hackers may have had help from the Iranian government in carrying out the attack.

"In order to pass off a fake certificate, a hacker must be able to steer his target's Internet traffic through a server that he controls. That is something only an Internet service provider, or a government that commands one, can easily do," said the report. "Notably, several of the certificates contain nationalist slogans in Farsi, the language spoken by most Iranians."

"This, in combination with messages the hacker left behind on DigiNotar's Web site, definitely suggests that Iran was involved," said Ot van Daalen, director of Bits of Freedom, an online civil liberties group.

According to the guardian.co.uk site, some Iranian users of the Google's email have been affected by the false certificates, "which would allow a 'man in the middle' attack, where an apparently secure link could in fact be tapped by an intermediary."

Security experts noted that the opportunity to insert fake certificates may have come with Iran's plan to change the setup of its domain name servers used in making connections to sites. The report adds that this attack on DigiNotar was similar to the attack on the Unites States security firm Comodo. Inc., which was linked to an Iranian.

Dutch justice minister, Piet Hein Donner, informed the public that the safety of online government agency transactions, including that of the social security agency, tax, and police, are now questionable. He also advised the people to resort to pen and paper for more secure communications with the government.