Latest Evidence show Major sites hacked like DigiNotar ,Google,Mossad,CIA,Facebook,Microsoft... now being called an act of cyber war

a reply on that page


DigiNotar was found to have been hacked over a period of years by various groups. Here is a list of affected sites/certificates in the latest attack:
*.*.com
*.*.org
*.10million.org
*.android.com
*.aol.com
*.azadegi.com
*.balatarin.com
*.comodo.com
*.digicert.com
*.globalsign.com
*.google.com
*.JanamFadayeRahbar.com
*.logmein.com
*.microsoft.com
*.mossad.gov.il
*.mozilla.org
*.RamzShekaneBozorg.com
*.SahebeDonyayeDigital.com
*.skype.com
*.startssl.com
*.thawte.com
*.torproject.org
*.walla.co.il
*.windowsupdate.com
*.wordpress.com
addons.mozilla.org
azadegi.com
friends.walla.co.il
login.live.com
login.yahoo.com
my.screenname.aol.com
secure.logmein.com
twitter.com
wordpress.com
www.10million.org
www.balatarin.com
www.cia.gov
www.cybertrust.com
www.Equifax.com
www.facebook.com
www.globalsign.com
www.google.com
www.hamdami.com
www.mossad.gov.il
www.sis.gov.uk
www.update.microsoft.com

Comodo Root CA
CyberTrust Root CA
DigiCert Root CA
DigiCert Root CA
Equifax Root CA
Equifax Root CA
GlobalSign Root CA
Thawte Root CA
VeriSign Root CA

[link to www.f-secure.com]

Somehow, somebody managed to get a rogue SSL certificate from them on July 10th, 2011. This certificate was issued for domain name .google.com.

What can you do with such a certificate? Well, you can impersonate Google — assuming you can first reroute Internet traffic for google.com to you. This is something that can be done by a government or by a rogue ISP. Such a reroute would only affect users within that country or under that ISP.

But why would anybody want to intercept Google? Well, this is not really about the search engine at www.google.com. This is about the Gmail servers at mail.google.com and Google Docs at docs.google.com and maybe Google+ at plus.google.com.

We saw a similar attack in May (via Certificate reseller instantssl.it in Italy). That case was tied to Iran. So is this one. It's likely the Government of Iran is using these techniques to monitor local dissidents.

Iran does not have its own Certificate Authority. If they did, they could just issue rogue certificates themselves. But since they don't, they need such certificates from a widely trusted CA. Such as DigiNotar.

How was DigiNotar breached? We don't know yet.

But here's something we just discovered.

This is a screenshot of the page online right now at [link to www.diginotar.nl (secure)]

DigiNotar's portal has been hacked. Somebody claiming to be an Iranian Hacker has gained access.

This would look like a smoking gun. Obviously this has to be connected somehow to the rogue certificate.

But if you keep looking, you'll find this page from [link to www.diginotar.nl (secure)]

rest on link
DigiNotar public statement released
[link to www.vasco.com]

DigiNotar reports security incident
OAKBROOK TERRACE, Illinois and ZURICH, Switzerland – August 30, 2011 – VASCO Data Security International, Inc. (Nasdaq: VDSI; www.vasco.com) today comments on DigiNotar’s reported security incident. DigiNotar is a wholly owned subsidiary of VASCO.
On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.
Once it detected the intrusion, DigiNotar has acted in accordance with all relevant rules and procedures.
At that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate.

The attack was targeted solely at DigiNotar's Certificate Authority infrastructure for issuing SSL and EVSSL certificates. No other certificate types were issued or compromised. DigiNotar stresses the fact that the vast majority of its business, including his Dutch government business (PKIOverheid) was completely unaffected by the attack.

The company will take every possible precaution to secure its SSL and EVSSL certificate offering, including temporarily suspending the sale of its SSL and EVSSL certificate offerings. The company will only restart its SSL and EVSSL certificate activities after thorough additional security audits by third party organizations.

DigiNotar actively looks for quick and effective solutions for its existing (EV)SSL customers. The company expects to have a solution for its entire customer base before the end of this business week. DigiNotar expects that the cost of this action will be minimal.

The incident at DigiNotar has no consequences whatsoever for VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar are completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.

VASCO expects the impact of the breach of DigiNotar’s SSL and EVSSL business to be minimal. Through the first six months of 2011, revenue from the SSL and EVSSL business was less than Euro 100,000.
VASCO does not expect that the DigiNotar security incident will have a significant impact on the company’s future revenue or business plan

They are going to use this to put even MORE controls on the internet !!!

Very interesting, thanks OP!

[link to news.techworld.com]

The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the MI6 and Israel's Mossad, a Mozilla developer said.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft's Windows Update service.

Related Articles on Techworld
Ex-employee hacks US military contractor's computer systems"Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a researcher noted for his work on online privacy.

rest on link

[link to nakedsecurity.sophos.com]

Last week I wrote about the compromise of digital certificate authority DigiNotar. While the idea of over 250 false certificates being issued was scary, the number has grown to 531, including what could be intermediate signing certificates.

This is really bad news. As DigiNotar is a "root" certificate, they can assign authority to intermediaries to sign and validate certificates on their behalf.

It appears the attackers signed 186 certificates that could have been intermediate certificates. These certificates masqueraded as well-known certificate authorities like Thawte, Verisign, Comodo and Equifax.

The expanded list of domains for which fraudulent certificates were issued includes Facebook, Google, Microsoft, Yahoo!, Tor, Skype, Mossad, CIA, MI6, LogMeIn, Twitter, Mozilla, AOL and WordPress. A complete list can be downloaded from the Tor website.

The attackers also issued themselves certificates for *.*.com and *.*.org. I am not sure if a multi-wildcard certificate like this is valid, but if so it could allow them to impersonate anything.

[link to www.securelist.com]

In an almost unprecedented event the Dutch minister of internal affairs gave a press conference at 1:15 AM Friday to Saturday night. He announced the Dutch government was revoking trust in Diginotar.

Diginotar basically consisted of two seperates branches. One branch was a certificate authority which dealt with regular businesses. The other branch was focused on government and called "PKIoverheid". The audit conducted on Diginotar's systems showed the integrity of the PKIoverheid authority couldn't be guaranteed. It should be presumed the integrity is broken.

At the beginning of last week the Dutch government had vouched for the integrity of the PKIoverheid CA. This caused the browser makers to only blacklist the non-goverment CA from Diginotar. Next time around browser makers won't be quite as trusting.

The attack on Diginotar doesn't rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments.

Here's a break down of most of the important takeaways from this incident:

500+ rogue certificates
A list of rogue certificates has been released. A run down of the targeted domains can be found on the bottom of this page. 531 rogue certicates is a very far cry from the "couple dozen" which Diginotar originally reported.

Certs for intelligence agencies
Some attention has been put toward the rogue certificates generated for the CIA and others. No actionable intelligence would be gathered from snooping on traffic to the CIA web site. So the exact motive here isn't clear.

WindowsUpdates
A rogue certificate for WindowsUpdates was also issued. It's my understanding WU only runs programs which are digitally signed by Microsoft. So, to actually push malware through WU would require a rogue certificate which would also allow the attacker to sign code rather than just run SSL websites. Potentially Microsoft has some other checks in place that would prevent exploitation by a rogue certificate.

Code signing
The screenshot shown here shows the *.google.com certificate also to be valid for code signing. That means this attack could transcend the browser. The attackers could send targets malware which would appear to be coming from Microsoft or other affected parties. At this point it becomes critical for these certificates to be blocked OS-wide, not just in the browser.

Two attacks?
Right now it's not clear the PKIoverheid CA branch was hit during the same attack as the 'regular' DigiNotar CA. None of the 500+ fraudulently issued certificates have been signed with the PKIoverheid certificate.

Consequences of PKIoverheid CA revokation
The damage sustained to the Dutch (government) IT infrastructure is quite significant. A lot of services are no longer available. Effectively, communications have been disrupted. Because of this one could make an argument the attack is an act of cyberwar.

Cyberwar on the agenda
Stuxnet had a huge impact. However, there didn't seem to be a sense of urgency to put cyberwar and cybersecurity on most of the political agendas. This incident will clearly put cybersecurity and cyberwar on the political agenda.

rest on link

Yeah, right, whatever. Why don't you people just admit that you want to nuke Iran? jewish people gotta' set up their kingdom, though its not the Kingdom of God.

this is going to be a very serious breach of security , they had a months unhindered access before it was noticed.

[link to www.conceivablytech.com]


The attack that compromised DigiNotar’s certificate authority infrastructure is much worse than originally thought: There were 531 fraudulent certificates that targeted the web sites of not just Google, but popular destinations such as Twitter, WordPress, Yahoo and Facebook as well as the sites of secret services. A Mozilla developer is taking the lead in criticizing DigiNotar and is accusing the company of being deceptive. DigiNotar is now engaging in damage control and restates what we know already: It was a politically motivated hack that especially threatens the privacy and security of Internet users in Iran.


Last week, a Google Chrome user noticed suspicious certificate activity in his browser, which has lead to the discovery of one of the most extensive Internet security hacks that went unnoticed for more than a month and was covered up by certificate authority (CA) DigiNotar. While we initially knew that there were “multiple” fraudulent certificates and Google’s changes in Chrome code hinted that there may have been a total of 247 fake certificates, the Dutch government now confirmed that 531 certificates have been affected and enabled the attackers to intercept communications between users and those sites. Organization sites included in the hack are Mozilla, LogMeIn, WordPress, Facebook, Twitter, Skype, CIA, Google, The UK Secret Intelligence Service, Verisign, Israel’s Mossad, and Live.com.( just to name a few )
rest on link


[link to nationalcybersecurity.com]

It is at least possible (but entirely speculative) that an initial competent attacker has had access to [DigiNotar's] systems for an unknown amount of time, and a second attacker gained access more recently and their less subtle, bull-in-a-china shop approach in issuing the [hundreds of] certificates triggered the alarms,” he said.

Last week, antivirus company F-Secure said it had found signs that DigiNotar’s network had been compromised as early as May 2009.

Mozilla will update Firefox 6 and Firefox 3.6 on Tuesday to permanently block all DigiNotar-issued certificates, including those used by the Dutch government. On Saturday Google updated Chrome to do the same.

Completly agree, any hacker could have done this.
With those certs you could build the interwebz biggest zombie bot net. I've got a boner just thinking about the numbers.
...

:red noser tomato:

Incrediably serious.

this will have far and long reaching effects .. The UN will use this for sure

Wasn't it Israel that wrote and executed Stuxnet?

apparently so, but some claim it was too sloppy for an Israel i military operation .. and since we are also a threat it could have been from our own black ops... or a combined effort
[link to www.infosecisland.com (secure)]

[link to www.itpro.co.uk]

UK intelligence body MI6 was one of over 500 organisations targeted by hackers who compromised certificate authority (CA) DigiNotar.

When DigiNotar confirmed it was hacked last week, it was believed only a handful of fake SSL certificates were issued. A list from the Dutch Government has shown 531 rogue certificates were actually issued, including one for MI6 website sis.gov.uk.

Other targeted sites included the CIA, Facebook, Google, Skype, Twitter and WordPress.

The Dutch Government confirmed it is looking into reports Iran was responsible for the hacks. The Dutch interior ministry said Government websites may not be safe due to the DigiNotar hack, according to the Daily Telegraph.


The consequences of the attack on DigiNotar will far outweigh those of Stuxnet.

“The damage sustained to the Dutch Government IT infrastructure is quite significant. A lot of services are no longer available,” said Roel Schouwenberg, Kaspersky Lab expert, in a blog post.

“Effectively, communications have been disrupted. Because of this, one could make anargument the attack is an act of cyberwar.”

He said any suggestion the Iranian Government was involved was “all speculation” right now.

“Any kind of hints found in the registered certificates could well be decoys. I remain with my stance that a government operation is the most plausible scenario,” he added.

VASCO Data Security International, DigiNotar's parent company, said on Friday it wanted to work with the Dutch Government on identifying who was responsible.

“It is our firm belief that cooperating with VASCO is the right decision for the Dutch Government. We are convinced that together we will solve this issue,” said Ken Hunt, VASCO’s chairman and chief executive (CEO).

Schouwenberg also called on Apple to revoke affected CAs from its list of trusted services, as other tech giants like Google, Microsoft and Mozilla have done. DigiNotar may not be the only compromised CA "out there," the security expert warned.

Schouwenberg suggested the DigiNotar attack could be even more significant than the emergence of the highly sophisticated Stuxnet malware.

rest on link

the hacker who claimed to do this still has more ammo, this isn't going to be pretty at all

[link to www.theregister.co.uk]

The digital miscreant known as ComodoHacker has claimed responsibility for the high-profile DigiNotar digital certificate authority hack.

Soon after the Comodo forged certificates hack an Iranian using the handle Comodohacker posted a series of messages via Pastebin account providing evidence that he carried out the attack. The account, which has been dormant since March, sprung back to life on Tuesday with claims that the individual or individuals behind it hacked DigiNotar as well, net security firm F-Secure reports.

The hacker boasted he still has access to four other (unnamed) "high-profile" CAs and retains the ability to issue new rogue certificates, including code signing certificates. The hacker (active on Twitter under the username ichsunx2) claimed that the domain administrator password of the DigiNotar network was Pr0d@dm1n.

rest on link

[link to threatpost.com]

In a message posted to the same Pastebin account used to detail the Comodo attack six months ago,a user by the name of Comodohacker claims to have compromised not just DigiNotar but also four other high-profile CAs, including GlobalSign. The hacker also said that his actions are politically motivated, in retaliation for the Dutch involvement in the Srebrenica massacre in 1995. The hacker said that he attacked DigiNotar on July 11, the anniversary of that massacre.

The Pastebin message from the alleged attacker is troubling in many respects, not the least of which are his claims that he was able to bypass several different kinds of security mechanisms in place at DigiNotar, including a hardware security module. But the most serious claim is his assertion that he has hacked several other CAs and still has the ability to issue himself rogue certificates from them.

"You know, I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them, I also had access to StartCom CA, I hacked their server too with so sophisticated methods, he was lucky by being sitted in front of HSM for signing, I will name just one more which I still have access: GlobalSign, let me use these accesses and CAs, later I'll talk about them too," Comodohacker said in the Pastebin message, which was posted Sunday.

"I'll talk technical details of hack later, I don't have time now... How I got access to 6 layer network behind internet servers of DigiNotar, how I found passwords, how I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK" which have no ANY connection to internet, how I got full remote desktop connection when there was firewalls that blocked all ports except 80 and 443 and doesn't allow Reverse or direct VNC connections, more and more and more."

rest on link

omg 1337 hax 4reelz

Also this was a self confessed Iranian hacker ...wonder if they will use this to step up hostility towards Iran..hmmmm

[link to www.itscolumn.com]

had previously wrote about the news where DigiNotar Certificate Authority (CA) was hacked and issued many fraudulent certificates especially high profile one such as Google.com. Situation get worse now when the truth is revealed that it is not only the fraudulent client or user (known as end entity) certificates was issued, but also the certificate for intermediate Certificate Authority.

Apart from that, the numbers also another bad news to hit everyone. It was initially rumored that there were 250 over certificates were issued. However, it turns out now that the numbers had grown to 531 certificates including the intermediate certificates that just mentioned

In common, the PKI infrastructure has three hierarchy. The highest is the Root CA where in this hacking case, DigiNotar is the Root CA. According to everyone’s understanding, the compromised certificate suppose to be the lowest level which is the user certificate where SSL certificate should be categorized as well.

However, after knowing the truth, the hackers even issued the certificates for the intermediate CA which is the issuing CA certificate in the figure above. This means that the hackers can now issue more fraudulent certificates with the given authority as an intermediate CA. As far as it is concerned, we should not trust any certificate issued by DigiNotar for now until further notice.

EXACTLY! They want to know EXACTLY who is who, anytime, anywhere. What technology could be used to accomplish this task with 100% accuracy? A wearable electronic brain machine interface that can be placed "on" the surface of the skin?

you mean like this ?? its comming

[link to www.myweathertech.com]