Second firm warns of concern after Dutch hack

Sep 07, 2011 By TOBY STERLING , Associated Press
Exterior view of the building housing Internet security firm DigiNotar in Beverwijk, north-western Netherlands Tuesday Sept. 6, 2001. Dutch prosecutors say they are investigating DigiNotar for possible criminal negligence after it was slow to disclose a hacking incident that compromised dozens of websites and likely helped the Iranian government spy on dissidents for a month. DigiNotar, a subsidiary of Chicago-based Vasco Inc., did not return phone calls seeking comment. Spokesman Ernst Koeman of the Netherlands' national prosecutor's office said Tuesday the investigation is in a preliminary phase. (AP Photo/Peter Dejong)

A company that sells certificates guaranteeing the security of websites, GlobalSign, said Tuesday it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers.

GlobalSign, the Belgium-based subsidiary of Japan's GMO Internet Inc., is one of the oldest such companies globally, and large, but much smaller than industry giants and GoDaddy.

It said in a statement it does not know whether it has actually been hacked, but is taking threats by an anonymous hacker seriously in the wake of an attack on a smaller Dutch firm, DigiNotar, that came to light last week.

The DigiNotar attack is believed to have allowed the Iranian government to spy on thousands of Iranian citizens' communications with Google email during the month of August.

Fallout from the Dutch hack continued Tuesday as the Dutch government, which used DigiNotar to authenticate many of its sites, continued to seek replacements.

Meanwhile the Netherlands' national prosecutors said they were investigating DigiNotar, a subsidiary of Chicago-based Vasco Inc., for possible criminal negligence.

The company did not return phone calls seeking comment.

A Dutch government review of the incident conducted by external information technology experts found that DigiNotar - whose business is ensuring - had itself used weak passwords, failed to update software on its public servers and had no antivirus protection on its internal servers.

The company first acknowledged it had been hacked on Aug. 30, a day after Google publicly stated that fake and unauthorized DigiNotar certificates for Google sites were circulating in Iran. Google marked the company's certificates as dubious, and other web browser makers followed suit.

Only then did DigiNotar acknowledge being hacked on July 19, saying that hackers had issued fake certificates for "a number" of domains. The company said it believed it had withdrawn them all, but missed Google.

On Sept. 3, the Dutch government seized control of DigiNotar's operations, saying certificates the company had issued to guarantee the safety of numerous Dutch government websites could also no longer be relied on.

The external review by Fox-IT found that the company was actually hacked on June 17th and that hackers had issued 531 bogus certificates for 344 domains in all, including most major Internet communications companies.

The fake Google certificates had been used by 300,000 IP addresses by then, more than 99 percent of them in Iran.

Fox-IT and other experts have concluded the hackers were helping the Iranian government spy on citizens who thought they were accessing email securely due to the bogus DigiNotar seal of approval.

"We are definitely going to look at...whether this is culpable negligence by the company that they didn't report this," Interior Minister Piet Hein Donner said at a news conference late Monday.

The government also is investigating who was behind the hack, though that may be difficult to verify without help from Tehran.

An unknown hacker who claimed responsibility for a similar breach of U.S.-based certificate issuer Comodo Inc. in March, has also claimed responsibility for the DigiNotar hack.

In a posting on under the handle "ComodoHacker" on Monday, he or she offered a user name and password for an administrator's account at DigiNotar as evidence.

The post also boasted of having hacked four other "high profile" certificate providers, including GlobalSign.

"GlobalSign takes this claim very seriously and is currently investigating," the said in a statement.

"ComodoHacker" has used phrases in the Farsi language spoken in Iran in previous posts to Pastebin - including a phrase that also was found by Fox-IT in a message left on DigiNotar's servers. Monday's post cited anti-Dutch political motivations for the attacks.

Donner said that in the wake of the incident the is considering legislation that would make it mandatory for companies to disclose computer hacks and data leaks.

Explore further: Austria court throws out Facebook privacy class action suit


Related Stories

Experts suspect Iran involvement in Dutch hacking

Sep 05, 2011

(AP) -- Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the ...

Dutch launch Iran IT hacking probe

Sep 06, 2011

The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

Dutch police investigate apparent hacker attack

Dec 10, 2010

(AP) -- Police said Friday they are investigating if hackers were responsible for taking down websites of police and prosecutors in the Netherlands after the arrest of a 16-year-old for involvement in a cyberattack on several ...

Dutch police arrest second teenager for hacking

Dec 11, 2010

Dutch police arrested a 19-year-old on suspicion of hacking a government website, the second teenage arrest for cyber attacks linked to the WikiLeaks fallout, prosecutors said on Saturday.

Recommended for you

New approach to online compatibility

Jun 30, 2015

Many of the online social networks match users with each other based on common keywords and assumed shared interests based on their activity. A new approach that could help users find new friends and contacts with a greater ...

Most internet anonymity software leaks users' details

Jun 29, 2015

Virtual Private Networks (VPNs) are legal and increasingly popular for individuals wanting to circumvent censorship, avoid mass surveillance or access geographically limited services like Netflix and BBC ...

WikiLeaks says NSA spied on French business

Jun 29, 2015

WikiLeaks has released documents that it says show that the U.S. National Security Agency eavesdropped on France's top finance officials and high-stakes French export bids over a decade in what the group called targeted economic ...

Google gets extended deadline to answer EU case

Jun 29, 2015

Brussels has given Google an extension until mid-August to answer an anti-trust case alleging that the tech giant abuses its search engine's market dominance, a company spokesman said Monday.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.