Crossroads Blog | Institute National Security and Counterterrorism

Authentication, cyber attack, Stuxnet

DigiNotar SSL certificate hack amounts to cyberwar: the Guardian

On September 5th, 2011, the Guardian reported that the Dutch government announced that hackers had broken into the web security firm DigiNotar and issued hundreds of bogus security certificates.  The fake security certificates could be used to access the websites of the CIA, Israel's Mossad, Google, Microsoft, and Twitter.  The fake certificates would allow a hacker to monitor users' communications without them noticing. 

Roel Schouwenberg of the security company Kaspersky warned that the long-term effects of the DigiNotar hack could be more serious than Stuxnet.  Mr. Schouwenberg noted on the Securelist blog that "The attack on DigiNotar will put cyberwar on or near the top of the political agenda of western governments.  I remain with my stance that a government operation is the most plausible scenario."  He further added: "The damage sustained to the Dutch (government) IT infrastructure is quite significant. A lot of services are no longer available. Effectively, communications have been disrupted. Because of this one could make an argument the attack is an act of cyberwar."

The Dutch government revoked all digital certificates issued by DigiNotar, which until then had been used for all online tax returns filed in the Netherlands.  Furthermore, browser companies like Mozilla Firefox, Microsoft Internet Explorer, and Google Chrome are now rejecting all security certificates issued by the hacked firm. 

Iran's government has been suspected of involvement in the hack; a handful of Iranian Gmail users were affected by the faked certificates.  Security experts noted that Iran had announced it was changing the setup for its domain name servers (DNS) used to make connections to sites – which would give it the ideal opportunity to insert faked certificates into the system.

The Guardian source article can be found here.

[UPDATE:  The New York Times did a story on 9/11/2011 about the hacker involved here.  Note that he says he shares what he steals with the Iranian government but that he is "totally independent."  This is the "patriotic hacker" problem, making it very difficult to justify retaliation.

http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html ]

Leave a Reply

Bitnami