30 Aug 2011

Hackers copy Dutch company's SSL certificates

Hackers recently compromised the computer security system of DigiNotar, a Dutch company that generates digital Secure Sockets Layer certificates to authenticate websites, leaving certain users vulnerable to attack.

DigiNotar said it discovered the hack of its Certificate Authority system on July 19, at which time it revoked all but one of the certificates the attackers had been able to generate fraudulently. The final certificate was recently revoked after the Dutch Computer Emergency Response Team alerted DigiNotar it was still active.

The overlooked certificate was assigned to Google websites, according to Computerworld, and was generated nine days before DigiNotar noticed its system was compromised. Google said the perpetrators used the fraudulent SSL certificate primarily to attack Iranian users.

Digital certificate fraud is dangerous because computers recognize SSL certificates as proof a website is legitimate. If a malicious website can trick a user's computer into treating it as a legitimate site, hackers can launch "man in the middle" attacks, fooling users into providing sensitive data.

Microsoft said users of its operating systems who load websites signed with DigiNotar's certificate will receive a warning message with instructions for how to proceed safely.

DigiNotar was acquired by U.S.-based authentication company VASCO earlier this year. VASCO says the DigiNotar intrusion did not impact any of its technology.