GlobalSign stops secure certificates after hack claim

Gmail screen Google security certificates were among those to be faked following a recent hack

Related Stories

Belgian security firm GlobalSign has temporarily stopped issuing authentication certificates for secure websites.

It comes after an anonymous hacker claimed to have gained access to the company's servers.

If confirmed, it would be the second security breach at a European certificate authority in two months.

Hundreds of bogus DigiNotar authentications were issued following an intrusion into its systems.

Certificate authorities (CAs) are companies or public bodies whose job is to confirm that secure websites are genuine.

When computers connect to a site with TLS or SSL authentication, a certificate is issued which verifies the site's identity to the web browser.

Fake certificates could allow someone to spy on a user's activity.

Multiple targets

GlobalSign took action as the result of a posting which appeared on the online notice board Pastebin.

The author, who identified themselves only as "ComodoHacker", claimed to have gained access to four certificate authorities, in addition to DigiNotar.

Only GlobalSign is named, although the message points out that an attack on StartCom was foiled by its boss Eddy Nigg.

DigiNotar certificate use Web analysis suggested that Iranians may have been targeted using bogus DigiNotar certificates

ComodoHacker also refers to an attack on US certificate authority Comodo, which was targeted in March.

As a precaution, GlobalSign said it was temporarily ceasing the issuance of all certificates while it investigated the claims.

The hacker also played down suggestions that the attacks were the work of Iranian authorities.

"I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain," said the posting.

It had been suggested that, because many of the bogus DigiNotar certificates were issued to users in Iran, that authorities in there may have initiated the CA hack as a tool for spying on dissidents.

A report on the DigiNotar attack said that up to 300,000 Iranians may have had their Gmail accounts monitored as a result of a fake Google certificate being created.

Hacktivist

While the anonymous posting contains no information about the identity of the CA hacker, it does detail a political agenda.

The message states: "Dutch government is paying what they did 16 years ago about Srebrenica, you don't have any more e-Government huh?"

It appears to reference the apparent non-intervention of Dutch peacekeeping forces during the notorious 1995 Srebrenica massacre, where Serbian forces killed more than 8,000 Bosnian Muslims.

DigiNotar certificates are used to authenticate many online services offered by the Dutch government, although the company has said that these use a separate system which was not compromised during the attack.

State prosecutors in the Netherlands are investigating the incident.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


  • Women doing ice bucket challengeChill factor

    How much has the Ice Bucket Challenge achieved?


  • Women in front of Windows XP posterUpgrade angst

    Readers share their experiences of replacing their operating system


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.