Certificate Authority GlobalSign Loses Critical Data to ComodoHacker
By on September 8th, 2011

Over the last few months, we have seen sophisticated and well-organized attacks on various websites and web-services. While some of these attacks were aimed at proving vulnerabilities, others were carried out to raise concerns against policies and actions taken by these agencies, organizations and at times, Governments. Whatever be the case, in all these situations, always the end-user suffered the most.  The recent course that this hack and breach fest has taken, (not essentially the same hacker groups) is towards certificate authorities.
globalsign-security-breach
Certificate Authorities are the bodies who issue certificates to certify a website or a web-service as genuine. Whenever we visit a website with an SSL or TLS authentication, a certificate is issued which validates the site in the browser. This is used to verify the website as well as the integrity of it.

On July 10 2011, ComodoHacker attacked the Certificate Authority DigiNotar. This attack led to the creation of  fake Gmail certificates that was used for  man in the middle attacks. This time, the same hacker ComodoHacker claims to have hacked another Certificate Authority- GlobalSign. The hacker claims that he has large amounts of data from the Certificate Authority which includes emails, database backups, customer data and other sensitive information, all of which he plans to release in near future.

The Pastebin message announcing this says,

I have ALL emails, database backups, customer data which I’ll publish all via cryptome in near future), GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain

Following this breach, GlobalSign has stopped issuing security certificates after internal investigations proved that the breach was indeed genuine.

 

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
    Warning: call_user_func() expects parameter 1 to be a valid callback, function 'advanced_comment' not found or invalid function name in /home/keith/techie-buzz.com/htdocs/wp-includes/comment-template.php on line 1694
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN