Hackers lift CIA, MI6, Mossad, Google, Twitter, Facebook security certificates

Sep 5, 2011
4
Hackers lift CIA, MI6, Mossad, Google, Twitter, Facebook security certificates

As it appeared that a group of hackers had successfully stolen a set of over 500 SSL certificates from a group by the name of DigiNotar, Mozilla, Google, and Microsoft see threat as too great and set in motion the permanent blocking of all digital certificates issued by DigiNotar. For those of you who have no idea what these security certificates do, just know that the holders of said certificates could, in one instance, set of a scam in which they appear to have a legitimate site (such as Gmail, for example), but once you've entered your name and password, they've intercepted it and have full access. It is this amongst many other plausible malicious situations that Google, Mozilla, and Microsoft are now guarding against.

Dutch company DigiNotar is at the center of this controversy, having had what appears to be over 500 digital certificates stolen from them since July, these including certificates for official sites for the CIA, Israel's Mossad, and the UK's MI6. The number set at 531 was written by Mozilla developer Gervase Markham, one of a team who has been working to modify Firefox in order to block all sites signed with the certificates now likely in evil hands. The full list of sites possibly affected is not known, but a short list reads like a who's who of top sites globally: Facebook, Yahoo, Skype, Microsoft, Twitter, and Microsoft's Windows Update service.

Reports coming from DigiNotar have noted that they've already attempted to revoke all fraudulent certificates but had just in the past few days found out that they'd overlooked certain ones that would allow the hackers access to Google cervices across the board. To combat this situation, Google, Mozilla, and Microsoft have stated that in addition to the more than 200 certificates they'd already blocked since DigiNotar originally started releasing information about a month ago, they'd be blocking the whole lot, including those used by the Dutch government, as soon as possible. Google Online Security Blog and Mozilla Security Blog AND Microsoft Security Response Center posted this inside the past few days.

Based on the findings and decision of the Dutch government, as well as conversations with other browser makers, we have decided to reject all of the Certificate Authorities operated by DigiNotar" - Google Information Security Manager Heather Adkins

This will in the end put quite a stopper on DigiNotar's business as a whole, this echoed through the tweets of infamy this week until the end:

"Effectively a death sentence for DigiNotar" - WhiteHat Security CTO Jeremiah Grossman

Gervase Markham, again one of a team who has been working to modify Firefox in order to block all sites signed with the fraudulent certificates, commented on the idea that there may well have been a bigger break-in than has been widely understood at this point, this building on what Helsinki-based antivirus company F-Secure said, that it had found signs that DigiNotar had been compromised as early as 2009.

"It is at least possible (but entirely speculative) that an initial competent attacker has had access to [DigiNotar's] systems for an unknown amount of time, and a second attacker gained access more recently and their less-subtle, bull-in-a-china shop approach in issuing the [hundreds of] certificates triggered the alarms." - Markham

Those of you having panic attacks at this point can rest easy, as the set of three (Microsoft, Google, Mozilla) will more than likely ax out the entirety of the fraudulent certificates from ever affecting you. Lucky you, these groups who lead you into the internet on a daily basis really do appear to know what they're doing and will continue to keep you safe like superheroes.

[via ComputerWorld]


Must Read Bits & Bytes