GlobalSign finds no sign of fake certificates after hack

Customers will not be able to use GlobalSign certificates until Tuesday at least, the company has said, following an investigation of a hack on its systems

GlobalSign, one of the major digital certificate authorities, has found that one of its web servers has been hacked, but has said that there is no evidence of a further security breach. However, it will issue no new certificates until Tuesday at the earliest.

GlobalSign website

Certificate authority GlobalSign has found no sign that its certificates have been compromised following a hack on its server, although it will issue no new certificates until Tuesday.

Japanese-owned GlobalSign discovered the breach of the server hosting its website during an investigation prompted by claims by the 'Comodohacker' to have hacked its systems. The hack was part of a campaign to compromise certificate authorities (CAs), including Dutch company DigiNotar, which provides certification services to the Dutch government.

"Today we found evidence of a breach to the web server hosting the www website," the company said in a statement on Friday. "The breached web server has always been isolated from all other infrastructure and is used only to serve the website. At present there is no further evidence of breach other than the isolated www web server [sic]."

Digital certificates are cryptographic identification used to establish trust online. Spoofed certificates could be used, for example, to dupe people into entering sensitive details into websites they believe are genuine, but in fact are bogus.

GlobalSign customers will not be able to use new GlobalSign certificates until Tuesday, the company said in a statement on Sunday. GlobalSign had previously said it would start bringing its services back online on Monday this week.

"We will be bringing system components back on line on Monday during a sequenced start-up, but we do not foresee that customers will be able to process orders until Tuesday morning," said the company. "We sincerely apologise for the extra delay. More updates will follow if the situation changes."

Comodohacker claimed to be able to generate false certificates for GlobalSign, and to have accessed the company's systems, in a post on Pastebin last week. GlobalSign responded on Wednesday by ceasing to issue certificates pending an investigation.

The company named two security organisations it was working with to gauge the extent of the hack on its systems — Fox-IT to audit the systems, and the Cyber Defence Institute Japan to perform penetration testing.

Despite the company not finding any evidence of a breach, the investigation is ongoing, security firm Kaspersky said in a blog post on Saturday.

"The fact that no evidence of a breach has been found so far clearly doesn't rule out the possibility that the attacker did indeed compromise the GlobalSign CA, but just means that the investigation hasn't turned up concrete evidence of an intrusion," said Kaspersky evangelist Dennis Fisher in the blog post.

Apple, Google, Microsoft and Mozilla have issued security updates to invalidate DigiNotar certificates for desktop web browsers, but as yet no updates have been made available for Android or iOS devices.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All