The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in. Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won't name. He also claimed that at one time he had access to StartCom. The statement did not provide any specific details about how the hack was performed, offering only a high-level description of some of the things he did: he found passwords, used 0-day exploits, penetrated firewalls, and bypassed the cryptographic hardware that DigiNotar was using to gain remote access to machines. He said that a more detailed explanation would follow, when he had the time, and that it would serve as useful guidance for Anonymous and LulzSec. While lacking in detail, the hacker did include an Administrator-level username and password apparently used on DigiNotar's network. DigiNotar has not confirmed the authenticity of this information. As with the statements issued after the Comodo hack, the DigiNotar statement was clear about one thing: the sophistication of the hack and the great skill it took.ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; "It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government." Meanwhile, the fallout from the hack continues. DigiNotar has, in effect, lost its status as a trusted root certificate authority. Its certificates have been blacklisted by Microsoft, Google, Mozilla, and Apple. Read more: ArsTechnica
QR:
QR:
Posts
0 comments:
Post a Comment