Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:40 PM
Connect Directly

Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued

DigiNotar confirms it was breached and Google.com just one of 'several dozens' of fraudulently issued digital certificates obtained by hackers and now revoked

What at first appeared to be a one-off attack targeting Google Gmail users was actually part of a larger breach at Dutch digital certificate authority (CA) DigiNotar, which today confirmed speculation that it indeed was hacked and its SSL and EV-SSL CA system abused by attackers.

"The company found out on July 19 that a hacking attempt had happened. At that moment, DigiNotar ordered an external security audit. This audit concluded that all fraudulently issued certificates were revoked. We found out yesterday, through [Dutch government organization] Govcert, that the Google certificate was active. We revoked it immediately," said a spokesman today at Vasco Data Security International, of which the Dutch DigiNotar is a wholly owned subsidiary. He declined to name the other compromised domains, whose phony certs were revoked, but said there were "several dozens of SSL certificates" issued fraudulently.

Vasco/DigiNotar will temporarily offer all SSL customers -- all of whom it says are based in the Netherlands -- a Dutch government certificate as a short-term solution. "We are also talking to browser companies in order to install a re-routing mechanism," the spokesman says.

The company also has suspended the sale of SSL and EV-SSL certificates until its latest security audit is complete.

But security experts say the problem is that if the fake certificates were used for man-in-the-middle attacks, the damage may already have been done. "This press release only has made me more worried about how much this may be just the tip of the iceberg," says Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab. "The google.com cert was only revoked yesterday afternoon EST."

Schouwenberg says DigiNotar's statement raises more questions. "The conducted audit does not inspire any confidence. How did they miss the Google cert? How did they miss the website hacks pointed out by F-Secure?" he says, referring to a F-Secure Mikko Hypponen's post today showing what appears to be evidence of Iranian hackers having broken into DigiNotar's servers, and one page by alleged Turkish hackers back in 2009.

Hyponnen weighed in on DigiNotar's statement as well. "It raises more questions than answers. Diginotar indeed was hacked, on the 19th of July, 2011. The attackers were able to generate several fraudulent certificates, including possibly also EVSSL certificates. But while Diginotar revoked the other rogue certificates, they missed the one issued to Google. Didn't Diginotar think it's a tad weird that Google would suddenly renew their SSL certificate, and decide to do it with a mid-sized Dutch CA, of all places?" Hypponen, chief research officer of F-Secure blogged. "And when Diginotar was auditing their systems after the breach, how on earth did they miss the Iranian defacement discussed above?"

Another problem is that revocation isn't a sure thing. The rogue certs could be used for one-off, targeted attacks, and therefore would be tough to pinpoint, experts say.

"Additionally, there are ways to bypass revocation notices. So currently, we're depending on browser updates to fully protect us," Kaspersky's Schouwenberg says. "The average turnaround time is rather suboptimal. Let's hope Apple will be faster than with the Comodo case."

He says it also appears that not all of the CAs have been revoked, either: A separate DigiNotar CA handles the EV-SSL certs, and Chrome currently appears to be still accepting that CA, he says.

The big issue, of course, is the trust placed in CAs, a problem that was illuminated back in March when Comodo disclosed that nine SSL certificates -- including ones for mail.google.com, www.google.com, login.skype.com, addons.mozilla.org, login.live.com, and global trustee, and three different ones for login.yahoo.com -- had been issued by one of its European resellers after its systems were breached.

Owning a certificate authority is a valuable target for attackers, and CAs are only as secure as their own systems. Experts worry that DigiNotar hasn't found all of the rogue certificates yet, and that attacks could be ongoing and undetected. Attackers could basically impersonate Google and the other website domains to wage man-in-the-middle attacks to snoop on communications going through those sites, or for other nefarious purposes.

Like with the Comodo hack, speculation has centered around Iran, which doesn't have a CA of its own and thus would have to hack one to obtain digital certificates. "That case [Comodo's reseller hack] was tied to Iran. So is this one. It's likely the Government of Iran is using these techniques to monitor local dissidents," Hypponen said in his post.

Meanwhile, Microsoft has removed the DigitNotar root certificate from it’s the Microsoft Certificate Trust List for Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. It's working on a fix for Windows XP and Windows Server 2003. Mozilla will issue updates to Firefox to address the rogue certs, and Google plans to do the same for Chrome.

"Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it)," said Heather Adkins, information security manager at Google in a blog post yesterday. "Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate."

Meanwhile, DigiNotar reiterated that most of its clients, including Dutch government business PKIOverheid, were not affected by the breach. "DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal," the company said in its press release.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.