Iranian links to DigiNotar hacks being investigated

According to the Reuters newswire, a spokesperson for the Dutch Interior Ministry declined to say whether Iranian authorities in the Netherlands or Iran had been contacted, and said more details would be published in a letter to the Dutch parliament early this week.

“But [the spokesperson] confirmed the veracity of a report by the Dutch news agency ANP saying the cabinet was looking into whether the Iranian government played a part in breaking into Dutch government websites”, said the newswire late yesterday.

As reports that Iran may be linked to the DigiNotar hack of last week, the ArsTechnica newswire said that, despite a number of browser updates, users of Safari on the Apple Mac may still be vulnerable to man-in-the-middle attacks using fraudulent security certificates.

The problem, the newswire asserts, lies in the way Mac OS X handles a new type of certificate called Extended Validation, or EV certificates.

The solution, says the newswire, is to use OS X Keychain Access to delete any DigiNotar certs from the Keychain instead of marking them untrusted.

“Since the authority has already revoked all the fraudulent certs, they will no longer validate when Safari or other Mac OS X programs encounter them again”, ArsTechnica adds.

Commenting on the DigiNotar hack, Steve Watts of SecurEnvoy said that the scale of the attack could be far larger than was originally thought and compromises the security of millions of internet users

“Depending on who you talk to - and which newswire you read - there may be as many as 200 fraudulent digital certificates in circulation, and every one of them could be misused for financial gain, politically-motivated eavesdropping and all sorts of electronic hackery”, he said.

“The problem the global internet faces is that such is the reliance on certificates as a means of authenticating that the entity at the other end of the IP connection is who they claim to be, the automated systems at the heart of the Internet have no means of knowing when they are being fooled”, he added.

Watts went on to say that the fact that a digital certificate issuer has been hacked into is of great concern to his company – and should be of concern to anyone interested in the ongoing security of the internet.

This saga, he explained, is similar to the RSA Security hacking incident earlier this year in terms of its potential to affect a large number of end users of internet services.

Unfortunately, he says, whilst RSA has been able to re-issue new hardware tokens to its clients and so partially remediate the situation, this latest mega-hack cannot be resolved without a tree-and-branch restructuring of the Internet's architecture.

The SecurEnvoy co-founder adds that political hacktivists were responsible for the DigiNotar hack, and notes that politically-motivated hackers are the worst of the worst.

“The problem is that, whilst cybercriminals are in it for the money - and will move on if the going gets too tough - political hacktivists don't move on. They don't give up. They are fanatics and driven by forces far greater than human greed and avarice. This is what makes me think the scale of this problem may be far larger than previously thought”, he said.

“This latest digital certificate fiasco aside, however, the bottom line here is that authentication systems should not be reliant on third party manufactures storing any security keys. Some vendors... have well-designed security offerings that do not require manufacturers to store any keys online, as the required keys are created within the customers own trusted environment”, he added.

“Incidents like this highlight the shortcomings of the current digital certificate architecture and also show that more innovative solutions could have prevented certification authority incursions like those affecting DigitNotar and RSA from causing problems for millions of users of the internet.”

What’s Hot on Infosecurity Magazine?