One stolen Google website authentication certificate would have been reason enough for Web users to worry, but it turns out last week’s security breach at the Dutch certificate authority DigiNotar is far more damaging than first thought, and could signal a new and extremely dangerous cyber crime threat.
On Aug. 30, the news broke that a hacker calling himself “Comodohacker” made off with a Google authentication certificate on July 19, which allowed him to set up fraudulent Web pages under a legitimate Google domain name and harvest the personal information of anyone who visited his spoofed sites.
A bit of background on authentication certificates: DigiNotar, like all certificate authorities, issues digital Secure Sockets Layer (SSL) certificates of trust to websites that authenticate themselves to browsers, which is necessary to establish a secure, HTTPS connection.
Every time you start a secure session online, your computer gets a digital certificate from that site authenticating that it is indeed Google or Amazon or Facebook, and not some hacker just pretending to be those sites. Your browser accepts that certificate, because it has been issued by a trustworthy certificate authority.
The entire online economy depends upon this so-called ‘web of trust,’ where all digitally certified sites agree to trust one another, and for Web browsers to trust them. It’s this trust that allows online businesses like Amazon and the iTunes Store to flourish, and if there’s a single rip in that web, the whole thing could come apart.
The DigiNotar problem, it turns out, extends beyond Google: Hackers stole not just one SSL certificate, but 531, including ones for Facebook, Skype, Mozilla, Microsoft Yahoo, Android, Twitter, and Web domains owned by the CIA, Israel’s Mossad and the UK’s M16, Computerworld reported.
Who is behind this monstrous hack?In a message posted on Pastebin, the Iranian man who in March hacked into the certificate authority Comodo to steal SSL certificates for Google, Yahoo, Skype and Microsoft took credit for the DigiNotar breach.
In broken English, Comodohacker, as he calls himself, claimed that the hack was in retaliation for the Dutch involvement in the Srebrenica massacre in 1995, in which, he wrote, the “Dutch government exchanged 8,000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8,000 Muslims in same day.
“Dutch government have to pay for it, nothing is changed, just 16 years has been passed,” he wrote.
Comodohacker wrote that DigiNotar is just the beginning, and that he has access to four more high-profile CAs, including GlobalSign. (GlobalSign Sept. 6 stopped issuing all certificates until the investigation is complete.)
