Feeds

GlobalSign stops issuing SSL certs, probes hacker claims

Better to do it and not need to than vice versa

Beginner's guide to SSL certificates

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar.

The self-named Comodohacker used pastebin in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The hacker, after months of silence, claimed responsibility this week for the DigiNotar hack and boasted that he was still able to created fake certificates after compromising systems at four other certificate authorities. The hacker, who claims to be an Iranian working alone with no connections to the Iranian government, named one of the compromised CAs as GlobalSign. However, he didn't provide any proof that GlobalSign had been compromised nor did he name the three other supposed victims.

Comodohacker's latest self-aggrandising post suggests that his claimed hack against GlobalSign was ultimately thwarted. "GlobalSign, StartCom was lucky enough, I already connected to their HSM, got access to their HSM, sent my request, but lucky Eddy [StartCom CEO Eddy Nigg] was sitting behind HSM and was doing manual verification."

GlobalSign has responded to the accusation by suspending the publication of digital certificates while it investigates the claims and audits the security of its systems. The firm apologised for the inconvenience while giving no immediate indication on when it might be able to restore services in a statement (extract below) published on its website on Tuesday.

On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to four further high profile Certificate Authorities, and named GlobalSign as one of the four.

GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.

We apologise for any inconvenience.

The bold and decisive move contrasts sharply with delays in getting to the root of the problem or going public by DigiNotar after it confirmed its systems had been compromised, to say nothing about the shockingly insecure state of its systems prior to the attack.

Forged certificates created the mechanism to pose as the targeted websites as part of either man-in-the-middle or phishing attacks. Forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, according to authentication lookup logs on DigiNotar's systems, and separate evidence from Trend Micro.

The Comodohacker posted portions of what purports to be the offending library from systems run by an Italian Comodo reseller to pastebin in order to substantiate claims he was behind the Comodo forged SSL cert hack back in March. In addition, Comodohacker signed a copy of Windows calculator using the private key of a fraudulently-issued Google digital certificate obtained via the Comodo hack. This is solid evidence and contrasts with the lack of proof supplied for other hacks claimed by the Comodogate hacker.

He supplied the supposed admin password of DigiNotar's network in follow-up posts this week, but has yet to supply any evidence that would suggest GlobalSign is compromised.

Security watchers, including Sophos, have praised GlobalSign for forgoing an income stream in order to properly investigate what may turn out to be unsubstantiated claims. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.