Attacks/Breaches
8/30/2011
12:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued

DigiNotar confirms it was breached and Google.com just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked

What at first appeared to be a one-off attack targeting Google Gmail users was actually part of a larger breach at Dutch digital certificate authority (CA) DigiNotar, which today confirmed speculation that it indeed was hacked and its SSL and EV-SSL CA system abused by attackers.

"The company found out on July 19 that a hacking attempt had happened. At that moment, DigiNotar ordered an external security audit. This audit concluded that all fraudulently issued certificates were revoked. We found out yesterday, through [Dutch government organization] Govcert, that the Google certificate was active. We revoked it immediately," said a spokesman today at Vasco Data Security International, of which the Dutch DigiNotar is a wholly owned subsidiary. He declined to name the other compromised domains, whose phony certs were revoked, but said there were "several dozens of SSL certificates" issued fraudulently.

Vasco/DigiNotar will temporarily offer all SSL customers -- all of whom it says are based in the Netherlands -- a Dutch government certificate as a short-term solution. "We are also talking to browser companies in order to install a re-routing mechanism," the spokesman says.

The company also has suspended the sale of SSL and EV-SSL certificates until its latest security audit is complete.

But security experts say the problem is that if the fake certificates were used for man-in-the-middle attacks, the damage may already have been done. "This press release only has made me more worried about how much this may be just the tip of the iceberg," says Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab. "The google.com cert was only revoked yesterday afternoon EST."

Schouwenberg says DigiNotar's statement raises more questions. "The conducted audit does not inspire any confidence. How did they miss the Google cert? How did they miss the website hacks pointed out by F-Secure?" he says, referring to a F-Secure Mikko Hypponen's post today showing what appears to be evidence of Iranian hackers having broken into DigiNotar's servers, and one page by alleged Turkish hackers back in 2009.

Hyponnen weighed in on DigiNotar's statement as well. "It raises more questions than answers. Diginotar indeed was hacked, on the 19th of July, 2011. The attackers were able to generate several fraudulent certificates, including possibly also EVSSL certificates. But while Diginotar revoked the other rogue certificates, they missed the one issued to Google. Didn't Diginotar think it's a tad weird that Google would suddenly renew their SSL certificate, and decide to do it with a mid-sized Dutch CA, of all places?" Hypponen, chief research officer of F-Secure blogged. "And when Diginotar was auditing their systems after the breach, how on earth did they miss the Iranian defacement discussed above?"

Another problem is that revocation isn't a sure thing. The rogue certs could be used for one-off, targeted attacks, and therefore would be tough to pinpoint, experts say.

"Additionally, there are ways to bypass revocation notices. So currently, we're depending on browser updates to fully protect us," Kaspersky's Schouwenberg says. "The average turnaround time is rather suboptimal. Let's hope Apple will be faster than with the Comodo case."

He says it also appears that not all of the CAs have been revoked, either: A separate DigiNotar CA handles the EV-SSL certs, and Chrome currently appears to be still accepting that CA, he says.

The big issue, of course, is the trust placed in CAs, a problem that was illuminated back in March when Comodo disclosed that nine SSL certificates -- including ones for mail.google.com, www.google.com, login.skype.com, addons.mozilla.org, login.live.com, and global trustee, and three different ones for login.yahoo.com -- had been issued by one of its European resellers after its systems were breached.

Owning a certificate authority is a valuable target for attackers, and CAs are only as secure as their own systems. Experts worry that DigiNotar hasn't found all of the rogue certificates yet, and that attacks could be ongoing and undetected. Attackers could basically impersonate Google and the other website domains to wage man-in-the-middle attacks to snoop on communications going through those sites, or for other nefarious purposes.

Like with the Comodo hack, speculation has centered around Iran, which doesn't have a CA of its own and thus would have to hack one to obtain digital certificates. "That case [Comodo's reseller hack] was tied to Iran. So is this one. It's likely the Government of Iran is using these techniques to monitor local dissidents," Hypponen said in his post.

Meanwhile, Microsoft has removed the DigitNotar root certificate from it’s the Microsoft Certificate Trust List for Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. It's working on a fix for Windows XP and Windows Server 2003. Mozilla will issue updates to Firefox to address the rogue certs, and Google plans to do the same for Chrome.

"Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it)," said Heather Adkins, information security manager at Google in a blog post yesterday. "Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate."

Meanwhile, DigiNotar reiterated that most of its clients, including Dutch government business PKIOverheid, were not affected by the breach. "DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal," the company said in its press release.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web