Hacked Dutch Firm Issues 531 Fake Net Certificates

 
on September 06 2011 5:39 AM

The number of fraudulent security certificates issued by a hacked Dutch firm has increased to 531. The main objective of the attack appears to have been to spy on Iranian dissidents.

The list of domains for which fraudulent Secure Sockets Layer (SSL) certificates were issued by DigiNotar, a root certificate authority, includes sites such as the CIA, MI6, Facebook, Microsoft, Skype, Twitter, and WordPress, among others, as per a list released by the Dutch Ministry of Justice.

Nearly 300,000 unique IP addresses from Iran requested access to google.com using a rogue certificate issued by Dutch digital certificate authority DigiNotar.

The list of IP addresses will be handed over to Google which can inform users that their e-mail might have been intercepted during this period.

Current browsers perform an OCSP check as soon as the browser connects to a SSL website protected through the https (hypertext transfer protocol secure) protocol.

The list of domains and the fact that 99 percent of the users are in Iran suggest that the objective of the hackers was to intercept private communications in Iran.

DigiNotar is a small Dutch certification authority with customers mainly in the Netherlands. DigiNotar is one of many companies that sell the security certificates widely used to authenticate Web sites and guarantee that communications between a user's browser and a site are secure.

The hack implies that the current network setup and procedures at DigiNotar are not sufficiently secure to prevent this kind of attack.

The latest versions of browsers, including Microsoft's Internet Explorer, Google's Chrome and Mozilla's Firefox, are now rejecting certificates issued by DigiNotar.

In theory, a fraudulent certificate can be used to trick a user into visiting a fake version of a Web site, or used to monitor communications with the real sites without users noticing.

However, in order to pass off a fake certificate, a hacker must be able to steer his target's Internet traffic through a server that he controls. Only an Internet service provider or a government that commands one can do it easily.

Although no users in the Netherlands are known to have been victimized directly, the breach has caused a major headache for the Dutch government, which relied on DigiNotar to authenticate most of its Web sites.

 

 

Share this article