Snowballing DigiNotar Situation: Rogue SSL Certificates Were Also Issued for CIA, MI6, Mossad

September 5th, 2011

SSLLOL.

Via: HelpNetSecurity:

The number of rogue SSL certificates issued by Dutch CA DigiNotar has balooned from one to a couple dozen to over 250 to 531 in just a few days.

As Jacob Appelbaum of the Tor project shared the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies from around the world were also issued during the CA’s compromise – including the CIA, MI6 and Mossad.

Additional targeted domains include Facebook, Yahoo!, Microsoft, Skype, Twitter, Tor, WordPress and many others.

And while there is a difference of opinion between security experts who speculate about the entity behind the attack, there seems to be an almost universal consensus about the fact that DigiNotar will be closed for business forever after this.

Kaspersky Lab’s Roel Schouwenberg notes that “with some 500 authorities out there globally it’s hard to believe DigiNotar is the only compromised CA out there.”

That’s a chilling thought that probably many an expert has had since the extent of the incident has been revealed. Hopefully, it just might jumpstart the search for a fitting alternative to the CA trust system.

Related: Governments Using Forged SSL Certificates for Man in the Middle Attack on “Secure” Web Sessions

Posted in Covert Operations, Infrastructure, Surveillance, Technology, War | Top Of Page

Leave a Reply

You must be logged in to post a comment.