This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Certificate authority GlobalSign finds no evidence of rogue certificates

Share this article:

GlobalSign has confirmed that it has found no evidence of any rogue certificates being issued or any compromise of its CA infrastructure.

In a security incident report, GlobalSign confirmed that it had not found any evidence of rogue certificates being issued or customer data being exposed. It also said that there was no evidence of a compromise of its root certificate keys and associated hardware security modules (HSMs), issuing authorities and associated HSMS or registration authority (RA) services.

As reported by SC Magazine in September, in the wake of the DigiNotar and Comodo hacker saying that he had access to four other CAs, GlobalSign said that it was temporarily ceasing issuance of all certificates until an investigation was complete and that it took "this claim very seriously and is currently investigating".

GlobalSign did confirm that a peripheral web server, which was not part of the certificate issuance infrastructure but was hosting public-facing web property, was breached. It also said that publicly available HTML pages, PDFs, SSL certificates and keys issued to GlobalSign's website could have been exposed.

It also deemed that SSL certificates and key for the GlobalSign website were deemed to have been compromised and were revoked.

This led it to cease issuing new certificates for nine days between 6 and 15 September and, during the outage, GlobalSign contracted Fox-IT to provide third-party analysis of the GlobalSign infrastructure. Fox-IT was also retained by the Dutch government as part of the ongoing Comodo hacker criminal investigation.

GlobalSign also contracted Cyber Security Japan to oversee the rebuild of a newly hardened certificate issuance infrastructure, on the (now disproved) assumption that previous infrastructure had been breached.

To protect against future attacks, GlobalSign has implemented additional controls around infrastructure, customer data protection and access to all systems.

“It is our view that this attack is one phase of an advanced persistent threat against all security solution providers. Because the threat landscape has evolved, GlobalSign believes greater controls are necessary across the industry and echoes the calls covered in WebTrust 2.0 and the recent updates to the Mozilla Root CA acceptance programme,” a statement said.

“The executive team apologises sincerely for the inconvenience caused when undertaking such an important decision. However the organisation stands by the decision and maintain that the ultimate duty of care for GlobalSign, like all responsible CAs, is to avoid issuance of rogue certificates.

“We are truly thankful for the positive reaction to our chosen response to the incident, including the press covering this and other incidents, our peers and ultimately from our valued customers and partners.

“Finally, we also support ongoing co-operation between the security providers, CAs and the various global authorities in sharing threat information promptly and accurately.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.