Using this cookie the hacker is able to log in directly to the Gmail mailbox of the victim and also read the stored emails.– Fox-IT report
"Using this cookie the hacker is able to log in directly to the Gmail mailbox of the victim and also read the stored emails," said the report. "Besides that, he is able to log in all other services Google offers to users like stored location information from Latitude or documents in Google Docs."
The Google certificate was only revoked on 29 August despite DigiNotar having known of problem since 19 June, according to the report. The hackers may have deleted traces of their activities, leaving a number of certificates with questionable trustworthiness, said Fox-IT.
"No secure central network logging is in place," the company said.
Digital certificates are used for cryptographic identification. For example, web browsers use certificates to validate HTTPS-based websites, such as Gmail, to make sure users are not visiting malicious sites that merely look like Gmail.
DigiNotar provided digital certificate services by hosting a number of certificate authorities (CAs). It issued certificates for businesses, and certificates for the Dutch government public key infrastructure (PKI) called 'PKIoverheit'.
The Dutch government announced on Monday that DigiNotar certificates could no longer be trusted, including PKIoverheit certificates. Fox-IT said that false certificates may have been issued for the Dutch government, although there was no proof that this had happened.
Fox-IT identified a number of seeming security deficiencies at DigiNotar. All of the CA servers were members of one Windows domain, making it possible to access the servers using one weak username-and-password combination.
In addition, the CA servers were accessible over the management local area network (LAN), and that network was "severely breached", with some servers containing malware and no antivirus software. Software installed on public web servers was "outdated and not patched", said Fox-IT.
The identity of the hacker remained unverified at the time of writing. However, plain text left in the script to generate signatures on rogue certificates, which was detailed in an appendix of the Fox-IT report, used the same language as a hacker who claimed responsibility for an attack against certificate authority Comodo. "My signature as always: Janam Fadaye Rahbar," said the text.
'Janam Fadaye Rahbar' is Persian and loosely translates as 'I will sacrifice my soul for my leader'.
The message claimed that the DigiNotar hack had been perpetrated to hurt the Dutch government in retaliation for Dutch UN troops failing to prevent the massacre of Muslims at Srebrenica by Serbian forces in 1995.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.