Second firm warns of concern after Dutch hack

September 7, 2011 By TOBY STERLING , Associated Press
Exterior view of the building housing Internet security firm DigiNotar in Beverwijk, north-western Netherlands Tuesday Sept. 6, 2001. Dutch prosecutors say they are investigating DigiNotar for possible criminal negligence after it was slow to disclose a hacking incident that compromised dozens of websites and likely helped the Iranian government spy on dissidents for a month. DigiNotar, a subsidiary of Chicago-based Vasco Inc., did not return phone calls seeking comment. Spokesman Ernst Koeman of the Netherlands' national prosecutor's office said Tuesday the investigation is in a preliminary phase. (AP Photo/Peter Dejong)

A company that sells certificates guaranteeing the security of websites, GlobalSign, said Tuesday it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers.

GlobalSign, the Belgium-based subsidiary of Japan's GMO Internet Inc., is one of the oldest such companies globally, and large, but much smaller than industry giants and GoDaddy.

It said in a statement it does not know whether it has actually been hacked, but is taking threats by an anonymous hacker seriously in the wake of an attack on a smaller Dutch firm, DigiNotar, that came to light last week.

The DigiNotar attack is believed to have allowed the Iranian government to spy on thousands of Iranian citizens' communications with Google email during the month of August.

Fallout from the Dutch hack continued Tuesday as the Dutch government, which used DigiNotar to authenticate many of its sites, continued to seek replacements.

Meanwhile the Netherlands' national prosecutors said they were investigating DigiNotar, a subsidiary of Chicago-based Vasco Inc., for possible criminal negligence.

The company did not return phone calls seeking comment.

A Dutch government review of the incident conducted by external information technology experts found that DigiNotar - whose business is ensuring - had itself used weak passwords, failed to update software on its public servers and had no antivirus protection on its internal servers.

The company first acknowledged it had been hacked on Aug. 30, a day after Google publicly stated that fake and unauthorized DigiNotar certificates for Google sites were circulating in Iran. Google marked the company's certificates as dubious, and other web browser makers followed suit.

Only then did DigiNotar acknowledge being hacked on July 19, saying that hackers had issued fake certificates for "a number" of domains. The company said it believed it had withdrawn them all, but missed Google.

On Sept. 3, the Dutch government seized control of DigiNotar's operations, saying certificates the company had issued to guarantee the safety of numerous Dutch government websites could also no longer be relied on.

The external review by Fox-IT found that the company was actually hacked on June 17th and that hackers had issued 531 bogus certificates for 344 domains in all, including most major Internet communications companies.

The fake Google certificates had been used by 300,000 IP addresses by then, more than 99 percent of them in Iran.

Fox-IT and other experts have concluded the hackers were helping the Iranian government spy on citizens who thought they were accessing email securely due to the bogus DigiNotar seal of approval.

"We are definitely going to look at...whether this is culpable negligence by the company that they didn't report this," Interior Minister Piet Hein Donner said at a news conference late Monday.

The government also is investigating who was behind the hack, though that may be difficult to verify without help from Tehran.

An unknown hacker who claimed responsibility for a similar breach of U.S.-based certificate issuer Comodo Inc. in March, has also claimed responsibility for the DigiNotar hack.

In a posting on under the handle "ComodoHacker" on Monday, he or she offered a user name and password for an administrator's account at DigiNotar as evidence.

The post also boasted of having hacked four other "high profile" certificate providers, including GlobalSign.

"GlobalSign takes this claim very seriously and is currently investigating," the said in a statement.

"ComodoHacker" has used phrases in the Farsi language spoken in Iran in previous posts to Pastebin - including a phrase that also was found by Fox-IT in a message left on DigiNotar's servers. Monday's post cited anti-Dutch political motivations for the attacks.

Donner said that in the wake of the incident the is considering legislation that would make it mandatory for companies to disclose computer hacks and data leaks.

Explore further: Experts suspect Iran involvement in Dutch hacking


Related Stories

Experts suspect Iran involvement in Dutch hacking

September 5, 2011

(AP) -- Hackers who broke into a Dutch web security firm have issued hundreds of bogus security certificates for spy agency websites including the CIA as well as for Internet giants like Google, Microsoft and Twitter, the ...

Dutch launch Iran IT hacking probe

September 6, 2011

The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.

Dutch police investigate apparent hacker attack

December 10, 2010

(AP) -- Police said Friday they are investigating if hackers were responsible for taking down websites of police and prosecutors in the Netherlands after the arrest of a 16-year-old for involvement in a cyberattack on several ...

Dutch police arrest second teenager for hacking

December 11, 2010

Dutch police arrested a 19-year-old on suspicion of hacking a government website, the second teenage arrest for cyber attacks linked to the WikiLeaks fallout, prosecutors said on Saturday.

Recommended for you

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.