Welcome Guest | RSS

Official Site Of The Xakep 4T english version

MainRegistration Login
Thursday, 2024-04-25, 10:22 PM

XeNu

Magazine Xakep

Translate

Share information

Twitter@MagazineXa

 Main » 2011 » September » 8 » DigiNotar hacker says he stole huge GlobalSign cache
1:24 AM
DigiNotar hacker says he stole huge GlobalSign cache
The man behind attack that minted 500 certs
http://a57.foxnews.com/static/managed/img/Scitech/396/223/Netherlands%20Hacking%20DigiNotar.jpg

An internet user with proven ties to the DigiNotar hack claims he stole email, customer data and other sensitive data from two competing web authentication authority that will be released publicly soon.

In a statement posted Thursday, an individual calling himself Comodohacker expanded on previous claims that he breached the security of Israel-based certificate authority StartCom and its competitor GlobalSign, which is headquartered in the US. "I have ALL emails, database backups, customer data” for StartCom, he wrote, and went on to say he had access to "the entire server,” database backups and system configuration of GlobalSign. GlobalSign has already stopped issuing certificates while it investigates.

Thursday's claims came shortly after Comodohacker offered the first conclusive proof he had insider knowledge of the security breach of Netherlands-based DigiNotar that minted more than 500 counterfeit certificates for Google.com and dozens of other websites. The unknown individual, who claims to be a 21-year-old Iranian who is sympathetic to his country's government, posted a file that was signed with the private key of the fraudulent Google certificate, proving he had close contact with the people who perpetrated the hack.

Comodohacker previously confirmed his involvement in a hack on a reseller of the Comodo certificate authority that also forged counterfeit credentials for sensitive websites.

In Thursday's post, he went on to provide details into the breach on DigiNotar, claiming its HSM, or hardware security module, ran on the OpenBSD operating system and had only a single port open that was protected with RSA SecurID and SafeSign Token management systems. It's unclear if that description matches the systems used by DigiNotar.

Given the track record of Comodohacker, and the previous attacks on the PK, or public key, infrastructure, which some observers believe is sponsored by the Iranian government, the claims should be thoroughly investigated, said Comodo CEO Melih Abdulhayoglu.

"This is totally a state-sponsored attack on the PK infrastructure so you have to take it seriously,” he told The Register. "You have to immediately turn everything into emergency mode, whatever that is in your company.”

In addition to temporarily ceasing certificate issuance during its investigation, GlobalSign has hired Dutch security firm Fox IT to assist in the probe. It's unclear what steps StartCom has taken in response to the claims. Representatives from both companies didn't respond to emails seeking comment for this post. ®


Views: 699331 | Added by: XakepNews | Rating: 5.0/1
Total comments: 0
Name *:
Email *:
Code *:

Add To Facebook

Add To Favorites

Search

Twitter Xakep.RU

Copyright MyCorp © 2024
Create a free website with uCoz