"The company found out on July 19 that a hacking attempt had happened. At that moment, DigiNotar ordered an external security audit. This audit concluded that all fraudulently issued certificates were revoked. We found out yesterday, through [Dutch government organization] Govcert, that the Google certificate was active. We revoked it immediately," said a spokesman today at Vasco Data Security International, of which the Dutch DigiNotar is a wholly owned subsidiary. He declined to name the other compromised domains, whose phony certs were revoked, but said there were "several dozens of SSL certificates" issued fraudulently.
Vasco/DigiNotar will temporarily offer all SSL customers -- all of whom it says are based in the Netherlands -- a Dutch government certificate as a short-term solution. "We are also talking to browser companies in order to install a re-routing mechanism," the spokesman says.
The company also has suspended the sale of SSL and EV-SSL certificates until its latest security audit is complete.
But security experts say the problem is that if the fake certificates were used for man-in-the-middle attacks, the damage may already have been done. "This press release only has made me more worried about how much this may be just the tip of the iceberg," says Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab. "The google.com cert was only revoked yesterday afternoon EST."
Schouwenberg says DigiNotar's statement raises more questions. "The conducted audit does not inspire any confidence. How did they miss the Google cert? How did they miss the website hacks pointed out by F-Secure?" he says, referring to a F-Secure Mikko Hypponen's post today showing what appears to be evidence of Iranian hackers having broken into DigiNotar's servers, and one page by alleged Turkish hackers back in 2009.
Hyponnen weighed in on DigiNotar's statement as well. "It raises more questions than answers. Diginotar indeed was hacked, on the 19th of July, 2011. The attackers were able to generate several fraudulent certificates, including possibly also EVSSL certificates. But while Diginotar revoked the other rogue certificates, they missed the one issued to Google. Didn't Diginotar think it's a tad weird that Google would suddenly renew their SSL certificate, and decide to do it with a mid-sized Dutch CA, of all places?" Hypponen, chief research officer of F-Secure blogged. "And when Diginotar was auditing their systems after the breach, how on earth did they miss the Iranian defacement discussed above?"
Another problem is that revocation isn't a sure thing. The rogue certs could be used for one-off, targeted attacks, and therefore would be tough to pinpoint, experts say.
"Additionally, there are ways to bypass revocation notices. So currently, we're depending on browser updates to fully protect us," Kaspersky's Schouwenberg says. "The average turnaround time is rather suboptimal. Let's hope Apple will be faster than with the Comodo case."
He says it also appears that not all of the CAs have been revoked, either: A separate DigiNotar CA handles the EV-SSL certs, and Chrome currently appears to be still accepting that CA, he says.
The big issue, of course, is the trust placed in CAs, a problem that was illuminated back in March when Comodo disclosed that nine SSL certificates -- including ones for mail.google.com, www.google.com, login.skype.com, addons.mozilla.org, login.live.com, and global trustee, and three different ones for login.yahoo.com -- had been issued by one of its European resellers after its systems were breached.
Owning a certificate authority is a valuable target for attackers, and CAs are only as secure as their own systems. Experts worry that DigiNotar hasn't found all of the rogue certificates yet, and that attacks could be ongoing and undetected. Attackers could basically impersonate Google and the other website domains to wage man-in-the-middle attacks to snoop on communications going through those sites, or for other nefarious purposes.
Like with the Comodo hack, speculation has centered around Iran, which doesn't have a CA of its own and thus would have to hack one to obtain digital certificates. "That case [Comodo's reseller hack] was tied to Iran. So is this one. It's likely the Government of Iran is using these techniques to monitor local dissidents," Hypponen said in his post.
Meanwhile, Microsoft has removed the DigitNotar root certificate from it’s the Microsoft Certificate Trust List for Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. It's working on a fix for Windows XP and Windows Server 2003. Mozilla will issue updates to Firefox to address the rogue certs, and Google plans to do the same for Chrome.
"Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it)," said Heather Adkins, information security manager at Google in a blog post yesterday. "Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate."
Meanwhile, DigiNotar reiterated that most of its clients, including Dutch government business PKIOverheid, were not affected by the breach. "DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal," the company said in its press release.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.