According to Roel Schouwenberg, a senior AV researcher with Kaspersky's Boston-based operation in the US, the attack on DigiNotar doesn't rival Stuxnet in terms of its sophistication or coordination.
However, he says in latest security posting, the consequences of the attack on the Dutch certification authority will far outweigh those of Stuxnet, as it will place the cyberwar issue at the top - or near to the top – of the political agenda of Western governments.
So far, he says, more than 500 rogue certificates have resulted from the hack, and 531 is a far cry from the 'couple of dozen' that the company originally revealed had been compromised.
Some reports, he adds, have suggested that some of the rogue certificates were generated for the CIA and other US agencies, although he asserts that no actionable intelligence would be obtained by eavesdropping on traffic flowing to the main CIA web site, meaning that the motive for this – if true - remains unclear.
“A rogue certificate for Windows Updates was also issued”, he says, adding that his understanding is that Windows Update will only runs programmes that are digitally signed by Microsoft.
“So, to actually push malware through Windows Update would require a rogue certificate which would also allow the attacker to sign code, rather than just run SSL web sites”, he says, adding that he views as likely that Microsoft has other checks in place that would prevent exploitation by a rogue certificate.
Against this backdrop, Schouwenberg says that the damage sustained to the Dutch government's IT infrastructure is quite significant, as a lot of services are currently unavailable. Effectively, he adds, communications have been disrupted and because of this you could make an argument that the attack is an act of cyberwar.
Stuxnet, he says, had a huge impact. However, he adds, there didn't seem to be a sense of urgency to put cyberwar and cybersecurity on most of the political agendas with the malware, but this latest incident, he explained, will clearly put cybersecurity and cyberwar on the political agenda.
Finally, one of the main reasons why DigiNotar has effectively been excommunicated is the fact they didn't disclose the breach at the start.
“With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised certification authority out there. DigiNotar will quite likely go out of business. This should serve as a very strong message for certification authorities to go public with any breach”, he said.