It's still unknown how successful the hackers have been in harvesting logins and spying on email and chat messages. Most certificates have either elapsed or were revoked after DigiNotar discovered the breach in mid July.

Chris Soghoian, security and privacy researcher at Indiana University and Graduate Fellow at the Center for Applied Cybersecurity Research, said the list is a "very interesting set of sites". However, he's sceptical that the hackers could have penetrated into the networks of the spy agencies with the forged certificates.

"Actually I think the secret service domains are the least alarming part. It's sexy, and will probably lead to a lot of questions and interest from government agencies. Of course, nobody wants to get caught with their pants down, but there's really no classified information on these domains. Those are on separate, secured internal

networks. So the practical security impact of the Iranian government getting a certificate for the CIA is nill. It's really just very embarrassing, that's all", said Soghoian in an interview with Webwereld.

Still, the cyber hack at DigiNotar has a very high profile. "What is alarming is that they forged certificates for other CA's, like VeriSign and Thawte. But the most problematic are sites like Google and Facebook. And also Walla, which is one the biggest mail providers in Israel." Through forged SSL certificates of these sites the Iranian regime would be able to syphon the accounts and online communications of countless people, explained Soghoian.