The pastebin account of ComodoHacker, the alleged attacker of DigiNotar
(WEB HOST INDUSTRY REVIEW) — The number of fraudulent SSL certificates issued by DigiNotar has ballooned to 531, and the list of domains for which the SSL certificates were registered includes sites belonging to the CIA, Facebook, Microsoft and Twitter, among others, according to a report by CNET.
A week ago, most major browsers warned users of the fraudulent certificate and disabled it after receiving reports of attempted man-in-the-middle attacks on Google services, particularly its users in Iran.
Computerworld says that Dutch digital investigative firm Fox-IT (www.fox-it.com) finds that 99 percent of approximately 300,000 IP addresses from Iran had accessed sites displaying a fake certificate for google.com between July 27 and Aug. 29.
According to the report, the google.com certificate may have been used to spy on Iranians’ Gmail accounts.
Fox-IT says that DigiNotar was unaware that hackers controlled its servers for weeks. The servers were not protected by antivirus software, and the server software was outdated and unpatched, according to the report.
A report by security research firm F-Secure says that the hacker responsible for the DigiNotar attack is the same hacker that attacked Comodo earlier this year. F-Seucre says ComodoHacker sent a series of messages via his Pastebin account at the end of March, and the account is now active as of September 5.
The hacker says that he has access to four other “high-profile” CAs and is still able to issue new rogue certificates, according to the report.
While the connection to Comodo can be made, when the attack is put in perspective and compared to DigiNotar, Comodo dealt with the attack in a way that did not destroy its brand. DigiNotar certificates have been permanently blocked from both Chrome and Firefox so far, according to a report by Register, and the company has been slow to respond to the issue. While the intrusion to the CA infrastructure was detected in July, DigiNotar did not come out and discuss the breach until Google came out last week with its warning.
It is unclear what moves DigiNotar will make to save its brand (and as Register suggests, it may be too late) but Comodo quickly suspended registration authority privileges from resellers who were compromised in attacks as it patched its infrastructure.
Computerworld says that the Dutch government is investigating DigiNotar for possible negligence.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
