GlobalSign stops SSL certificates after hack claim

Summary:The company has halted issuing certificates after Comodohacker, the person thought to be behind the DigiNotar breach, said they had also compromised GlobalSign's systems

Japanese-owned certificate authority GlobalSign has temporarily stopped issuing certificates, after the hacker thought to be responsible for the DigiNotar breach claimed to have compromised its systems.

GlobalSign website

Certificate authority GlobalSign has temporarily stopped issuing certificates, after the hacker thought to be responsible for the DigiNotar breach claimed to have compromised its systems.

After breaking into the Dutch DigiNotar certificate authority, the hacker was able to create fraudulent SSL certificates that could be used in attacks to steal Google.com logins and credentials. The alleged attacker, 'Comodohacker', claimed to have similarly compromised GlobalSign on Tuesday.

"GlobalSign takes this claim very seriously and is currently investigating," the company said in a security advisory on Tuesday. "As a responsible [certificate authority], we have decided to temporarily cease issuance of all certificates until the investigation is complete."

In addition, the company has called on security company Fox-IT to look into the intrusion.

"GlobalSign has now appointed Fox-IT due to their previous involvement in investigating the DigiNotar hack. This is a precautionary measure as we continue to assess the Comodohacker's claims," GlobalSign chief marketing officer Steve Waite said in a statement.

Digital certificates are a form of online cryptographic identification. Hackers can use spoofed certificates to fool users into thinking they are visiting trusted sites.

'Comodohacker' said they had access to three more certificate authorities in a Pastebin document on Tuesday.

The hacks could have wide-ranging consequences for the use of certificates to guarantee a measure of trust on the internet. For example, Google, Mozilla and Microsoft have taken the unprecedented step of removing DigiNotar root certificates from their products, including certificates for the Dutch government.

The attack on DigiNotar has led to the Dutch government assuming operational management of DigiNotar certificates. The breach may have compromised up to 300,000 Iranians, according to Fox-IT. The hack on DigiNotar involved writing rootkits, and using zero-day vulnerabilities to access the systems, Comodohacker said in the Pastebin document.

In addition, Comodhacker claimed to have the ability to issue Windows Updates, despite assurances from Microsoft that it had complete control of its patch service.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.