Diginotar hackers targeted CIA, Mossad and MI6

THE DUTCH GOVERNMENT has revoked trust in Diginotar and released a list of over 500 fraudulent certificates issued by the hackers who broke into the company's infrastructure last month. Some of them are for the domains of the CIA, Mossad and the British Secret Intelligence Service (SIS).

The Diginotar breach was discovered a week ago when a rogue *.google.com certificate issued by the certificate authority (CA) was used in attacks against Gmail users in Iran. The company admitted suffering an intrusion back in July which resulted in fraudulent certificates being issued for a number of domains.

The browser vendors reacted promptly by removing the Diginotar CA root certificate from their products, but kept the one for Diginotar's PKIoverheid sub-CA, which was used to sign Dutch government certificates.

The investigation into the incident is ongoing, but the security lapses identified are so serious that the Dutch minister of internal affairs announced in an urgent press conference at 1:15am on Saturday that the PKIoverheid sub-CA should no longer be trusted either.

Ever since the company's first public statement about the incident, the security community has wondered how many rogue certificates were issued and what domains were targeted. The Dutch government has now shed some light on this by releasing a list of 531 fraudulent certificates associated with Diginotar.

From the looks of it, the hackers didn't just target big internet services from Google, Yahoo, Facebook, Microsoft, and so on, but intelligence agencies as well, with www.sis.gov.uk, www.mossad.gov.il and www.cia.gov, allegedly being among the targeted domains.

Furthermore, the hackers tried to use their access to issue rogue root certificates for other CAs like Comodo, Equifax, Verisign and Thawte. These certificates would have allowed them to bypass security features like certificate pinning.

Certificate pinning is built into Chrome and restricts the number of CAs that can sign a certificate for a particular domain. For example, only Gmail certificates signed by a couple of CAs will be trusted by the web browser.

The hackers also managed to issue what are known as wildcard certificates for *.*.com and *.*.org. This would have allowed them to spoof any SSL-protected second-level domain under those TLDs.

They probably failed to issue certs for *.com and *.org directly due to restrictions built into the system. But even so, the *.*.com one would have allowed spoofing windowsupdate.microsoft.com successfully, for example.

The implications of this attack are huge and will probably lead to changes in the way public key infrastructure (PKI) works in the long run. It's clear at this point that the CA-based model is flawed and the compromise of a single CA can have too much of an impact on online trust.

"The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments," said Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab.

Mozilla has already announced that it will also remove PKIoverheid from the list of trusted certificates following the Dutch government's assessment. It also stressed that the removal of all Diginotar root certificates is final and not temporary. Other browser vendors are taking a similar stance, so this most likely means the end for the company in the SSL CA business.

It seems that Diginotar's biggest mistake was its failure to communicate with vendors and affected parties immediately after learning about the compromise. "The integrity of the SSL system cannot be maintained in secrecy. Incidents like this one demonstrate the need for active, immediate and comprehensive communication between CAs and software vendors to keep our collective users safe online," said Johnathan Nightingale, Mozilla's director of Firefox engineering. µ