Over the last few months, we have seen sophisticated and well-organized attacks on various websites and web-services. While some of these attacks were aimed at proving vulnerabilities, others were carried out to raise concerns against policies and actions taken by these agencies, organizations and at times, Governments. Whatever be the case, in all these situations, always the end-user suffered the most. The recent course that this hack and breach fest has taken, (not essentially the same hacker groups) is towards certificate authorities.
Certificate Authorities are the bodies who issue certificates to certify a website or a web-service as genuine. Whenever we visit a website with an SSL or TLS authentication, a certificate is issued which validates the site in the browser. This is used to verify the website as well as the integrity of it.
On July 10 2011, ComodoHacker attacked the Certificate Authority DigiNotar. This attack led to the creation of fake Gmail certificates that was used for man in the middle attacks. This time, the same hacker ComodoHacker claims to have hacked another Certificate Authority- GlobalSign. The hacker claims that he has large amounts of data from the Certificate Authority which includes emails, database backups, customer data and other sensitive information, all of which he plans to release in near future.
The Pastebin message announcing this says,
I have ALL emails, database backups, customer data which I’ll publish all via cryptome in near future), GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain
Following this breach, GlobalSign has stopped issuing security certificates after internal investigations proved that the breach was indeed genuine.