GlobalSign on alert after hacker's boast
Certificate authority GlobalSign is investigating reports that the DigiNotar hacker has access to its system.
In a statement, the hacker, who tweets as ‘Ichsun' and is also known as ‘Comodohacker', said he had access to four more high-profile certificate authorities (CAs) and would issue certificates from them. One of the CAs was identified as GlobalSign, which has since issued a statement saying that it "takes this claim very seriously and is currently investigating".
It said: “As a responsible CA, we have decided to temporarily cease issuance of all certificates until the investigation is complete. We will post updates as frequently as possible. We apologise for any inconvenience.”
Chester Wisniewski, senior security adviser at Sophos Canada, said: “Its response is interesting. While we don't know if it has been compromised – and, arguably, neither do they – it is making a tough choice and is what we should expect from an organisation whose business models rely on trust.
“It's possible the accusations are simply from an anonymous raving lunatic. Yet they could be true and, rather than put the greater internet community at risk, GlobalSign is forgoing some revenue out of an abundance of caution. That's great news. Let's hope that the accusations are false and everything is safe and secure at GlobalSign and the other three unnamed victims.”
In a statement posted on Pastebin, Ichsun said he still had access to four CAs other than DigiNotar and had connected to the hardware security module of StartCom, where his hack was foiled because the chief executive was carrying out manual verification.
The garbled statement said: “I have around 300 code signing certificates and a lot of SSL certs with again code signing permission, look at Google's cert, I have code signing privilege! You see? I owned an entire computer network of DigiNotar with 5-6 layers inside which have no connection to internet.”
Ichsun also claimed that he was able to issue Windows updates.