GlobalSign, a major certificate authority that was named by the hacker who has claimed credit for the DigiNotar hack as another CA he has compromised, has stopped issuing certificates for the time being while it investigates the claims and determines whether its network has in fact been compromised. It also has hired Fox-IT, the same company that investigated the attack at DigiNotar, to perform the audit of its systems.
The company said on Tuesday that it made the decision after seeing the message posted by the attacker known as Comodohacker on Pastebin, in which he said that he had compromised four other high-profile CAs in addition to DigiNotar, explicitly naming GlobalSign as one of them.
“On Sep 5th 2011 the individual/group previously confirmed to have
hacked several Comodo resellers, claimed responsibility for the recent
DigiNotar hack. In his message posted on Pastebin, he also referred to
having access to 4 further high profile Certificate Authorities, and
named GlobalSign as one of the 4,” GlobalSign said in a statement.
“GlobalSign takes this claim very seriously and is currently
investigating. As a responsible CA, we have decided to temporarily
cease issuance of all Certificates until the investigation is complete.
We will post updates as frequently as possible.”
GlobalSign officials said on Wednesday that the company has retained Fox-IT, a Dutch security firm, to help conduct the investigation into a possible breach of its system.
In his messages on Pastebin posted Tuesday, Comodohacker said that he had attacked DigiNotar in retaliation for the Srebrenica massacre in 1995 and that he had also compromised four other CAs and still had the ability to issue himself all manner of certificates from them. In one message, the attacker said that despite Microsoft’s claims to the contrary, he still had the ability to send updates from the Windows Update domain. That domain is one of the ones for which he had obtained a certificate from DigiNotar.
“I’m able to issue windows update, Microsoft’s statement about Windows
Update and that I can’t issue such update is totally false! I already
reversed ENTIRE windows update protocol, how it reads XMLs via SSL which
includes URL, KB no, SHA-1 hash of file for each update, how it
verifies that downloaded file is signed using WinVerifyTrust API, and…
Simply I can issue updates via windows update!” the message said in part.
Microsoft has issued an update for Windows users that revokes the trust for all of the DigiNotar root certificates, effectively making all of the certificates issued by the company untrusted in Windows.
