Digital certificates that were released by GlobalSign have come under recent fire after claims from a hacker stated that he broke into the company’s computer systems. If this is true, this would be the second time a compromise like this has been uncovered in the last couple of weeks.
Known as “Comodohacker”, the hacker stated on Monday that he had broken into Dutch certificate authority DigiNotar and also that he gained access to four other similar companies, which included GlobalSign. The company stated on Tuesday that it was currently investigating the claim and that it had also “decided to temporarily cease issuance of all certificates until the investigation is complete.”
While GlobalSign has yet to be reached by any major media outlet for comments, Business Development Director for the company Steve Roylance did state that GlobalSign was “taking this very seriously.” The company also stated, “We will post updates as frequently as possible. We apologize for any inconvenience.”
Comodohacker, who also goes by Ich Sun, is the same person who claimed to have hacked into Comodo, a security vendor and certificate issuer, earlier in the year. At that time, Comodohacker stated that he was a 21-year old student who was also responsible for compromising another certificate authority, though he did not name the other victim.
Although they are barely noticed by your typical internet enthusiast, digital certificates are an important part of the foundations of the internet. These digital certificates help internet browsers know when they have been visiting legitimate websites as opposed to fake ones.
A country that has control over its internet service providers as well as access to fake digital certificates could create a fake website that is almost impossible to differentiate from a legitimate one. A forensics report, issued by DigiNotar, found that someone had indeed hacked into its website and set up a fake Google.com site that was used in July and August to spy on nearly 300,000 Iranians.
While most internet browsers no longer trust the digital certificates from DigiNotar, it is possible that things could progress to an even worse state if the claims from Comodohacker turn out to be legitimate.
Source: PC World – After Hacking Claims, Second Firm Pulls Digital Certificates