The certificate authority said an external server was breached in an attack claimed by 'Comodohacker', and that its own SSL certificate and key were exposed
An SSL certificate issued by GlobalSign may have been compromised, the company has confirmed.
GlobalSign has confirmed that a server was breached in a hack attack, and that its own SSL certificate may have been exposed.
GlobalSign said on Tuesday that the
SSL certificate and key for www.globalsign.com may have been exposed
after a hack on an external server in September. However, the
company said that after investigating the breach it has found no
evidence of rogue certificates being issued following the hack. It stressed that the server involved was separate to its certificate issuance
and internal systems.
"Every security company has thousands of
doors to keep shut, and a hacker only has to find one," GlobalSign
business development director Steve Roylance told ZDNet UK.
Every security company has thousands of doors to keep shut, and a hacker only has to find one.
– Steve Roylance, GlobalSign
Roylance told
ZDNet UK that a number of hacks over the last year on certificate
authorities did not mean that a new online trust model was needed. He
added that there was no evidence that any hacker had tried to pose as
GlobalSign itself.
Companies use digital certificates as a
cryptographic online trust technology. A stolen digital certificate
can allow someone, for example, to set up a website posing
as an organisation and fool people into interacting with the site,
with the aim of gaining sensitive financial information or passwords.
The bogus site will appear to be real to search engines.
The
certificate authority GlobalSign has a number of large organisations
as customers, including the BBC, BT, Fujitsu Siemens, the NHS,
Toshiba and Vodafone.
Service disruption
The service disruption had some impact on
customers that had to renew certificates within the nine-day
time-frame, Roylance said. GlobalSign certificates last between one
and five years, and the company reminds customers 30 days before
certificates are set to expire that they should be renewed.
"We
may have lost one or two customers," said Roylance. "Some people left
it to the last minute to renew certificates and had to go somewhere
else."
During the nine-day service disruption, GlobalSign
contracted security company Fox-IT to analyse the impact of the hack.
GlobalSign also hired Cyber Security Japan to oversee a rebuild of its
certificate issuance infrastructure, on the assumption that its core
network had been breached.
Following the Fox-IT investigation,
GlobalSign found that the external server hack may have compromised
the globalsign.com SSL certificate and key, plus public-facing HTML
and PDF files. GlobalSign locked down the server and rebuilt it with a
new hard disk and hardened system image.
GlobalSign took
security steps such as implementing additional intrusion detection
services and hardened access to issuance systems, according to its
report.
The hack came to light after Comodohacker claimed to
have breached GlobalSign in a document posted on
Pastebin.
Comodohacker also claimed responsibility for the hack
on DigiNotar, which eventually led to the Dutch government
completely revoking trust in DigiNotar. The DigiNotar hack compromised
Iranian citizens' electronic communications.
Get the latest technology news and analysis, blogs and reviewsdelivered directly to your inbox with ZDNet UK'snewsletters.="http:>
Virtual
private
networks
are
key
to
staying
safe
online,
especially
for
remote
workers.
Here
are
your
top
choices
in
VPN
service
providers
and
how
to
get
set
up.
...
We
don't
just
test
VPN
provider
performance
in
this
in-depth
analysis.
We
go
out
onto
the
internet,
gather
performance
data
from
all
across
the
web,
and
let
you
know
which
provider
...
Craig
Froelich,
chief
information
security
officer
at
Bank
of
America,
talks
about
hiring
neurodiverse
workers
and
how
they
can
benefit
cybersecurity
teams.
...
Join Discussion