SSL certificates stolen for CIA, MI6, Mossad, and hundreds more by hackers in attack on DigiNotar

Sep 5, 2011
5

A Dutch company that sells SSL certificates to hundreds of major companies around the world was hacked recently. The result of the hack was that 500 different SSL certificates for legitimate companies were stolen. That means that a nefarious page could use the stolen SSL certificates and bypass some security lending to possible infection of the computer reviewing the website.

Among the SSL certificates stolen were some owned by the CIA, MI6, and Mossad according to a Mozilla developer. The official count for fraudulently issued SSL certificates is 531 right now. A Mozilla developer that is part of the team has been working to modify Firefox to block all sites signed with these certificates. There are many other companies affected as well.

Other major companies affected include Yahoo, Skype, Facebook, Twitter and the Microsoft Windows Update Service. DigiNotar only admitted last week that its network had been hacked in July. That certainly gave the hackers time to get nefarious sites up to take advantage of users. According to the company, it thought it had revoked all fraudulent certificates, but it missed one that could be used to impersonate Google services like Gmail.

[via Computerworld]


Must Read Bits & Bytes