Over the past four weeks (here, here, here, and here) I have explained the cryptographic side of digital certificates and continuing problems with what many see as misbehavior by root CAs. I’ll get to the end, or really back to the start, of this story this week. For further details and discussion, join Learning Tree’s System and Network Security Introduction course.
Comodo, a prominent CA based in New Jersey, USA, reported on 15 March 2011 that a user account at InstantSSL.it, a reseller affiliate in Italy, had been compromised. The attack came from IP address 212.95.136.18, allocated to ISP Pishgaman TOSE Ertebatat Tehran Network, in Iran, and Comodo described the attack as well-planned, tightly focused, and rapidly executed.
The compromised account was used to create a new user account, which then created nine certificates for mail.google.com, http://www.google.com, login.live.com, addons.mozilla.org, login.skype.com, and login.yahoo.com.
Someone calling themself ComodoHacker appeared on Pastebin providing details of this attack. Wired ran an article in March analyzing the hack and Pastebin postings as things were known at the time.
Comodo quickly detected the breach, revoked the certificates by placing them on their CRL or Certificate Revocation List, and described the situation openly and in detail. This helped the public confidence in Comodo, which is still in business as the second most used CA on the Internet.
On the other hand…
Just a few months later, on 19 June 2011, a Dutch CA named DigiNotar detected some sort of incident on their systems. The following day their parent company issued a press release quoting their COO saying “We believe that DigiNotar’s certificates are among the most reliable in the field.”
On 10 July 2011, an attacker with access into DigiNotar’s systems created a wildcard certificate for *.google.com. That certificate was used for man-in-the-middle attacks against Iranian users of Google services including Gmail and Google Docs. 300,000 Iranian users of Gmail seem to have been the targets, bringing the Iranian government under suspicion as the perpetrator. Multiple Iranian ISPs detected these faulty certificates on 28 August 2011.
With public attention and the bogus *.google.com certificate uploaded to Pastebin.com, DigiNotar revealed that they had detected an intrusion into their CA infrastructure back in mid July, and subsequently admitted that fraudulent certificates had also been issued for *.android.com, login.live.com, *.microsoft.com, *.mozilla.org, *.skype.com, *.torproject.org, twitter.com, login.yahoo.com, several root CAs, and at least 531 others.
Mozilla, Apple, Microsoft and Opera quickly removed the DigiNotar root certificate.
This broke the trust chain and disabled access to many Dutch government web sites using the PKIoverheid (or “PKIgovernment”) program. The Dutch government stepped in and took over
On 20 September 2011, parent company VASCO announced that its subsidiary DigiNotar was filing bankruptcy. The investigation’s report was suppressed due to fears that it would lead to further claims against the now bankrupt DigiNotar.
The “ComodoHacker”, supposedly an Iranian college student, claimed that DigiNotar was one of five CAs he hacked. F-Secure published a report saying that they found the claim “plausible”, although it was not obvious how that would lead to the misdirection and interception of 300,000 Gmail connections, 99% of them from Iran. That seems more like a governmental level of curiosity.
The point here is that incident handling can determine whether your company continues to thrive (Comodo) or quickly disappears (DigiNotar) after a hack. Consider these issues before you have problems!
