MI6 targeted in DigiNotar hack
By Tom Brewster,
UK intelligence body MI6 was one of over 500 organisations targeted by hackers who compromised certificate authority (CA) DigiNotar.
When DigiNotar confirmed it was hacked last week, it was believed only a handful of fake SSL certificates were issued. A list from the Dutch Government has shown 531 rogue certificates were actually issued, including one for MI6 website sis.gov.uk.
Other targeted sites included the CIA, Facebook, Google, Skype, Twitter and WordPress.
The Dutch Government confirmed it is looking into reports Iran was responsible for the hacks. The Dutch interior ministry said Government websites may not be safe due to the DigiNotar hack, according to the Daily Telegraph.
The consequences of the attack on DigiNotar will far outweigh those of Stuxnet.
“The damage sustained to the Dutch Government IT infrastructure is quite significant. A lot of services are no longer available,” said Roel Schouwenberg, Kaspersky Lab expert, in a blog post.
“Effectively, communications have been disrupted. Because of this, one could make an argument the attack is an act of cyberwar.”
He said any suggestion the Iranian Government was involved was “all speculation” right now.
“Any kind of hints found in the registered certificates could well be decoys. I remain with my stance that a government operation is the most plausible scenario,” he added.
VASCO Data Security International, DigiNotar's parent company, said on Friday it wanted to work with the Dutch Government on identifying who was responsible.
“It is our firm belief that cooperating with VASCO is the right decision for the Dutch Government. We are convinced that together we will solve this issue,” said Ken Hunt, VASCO’s chairman and chief executive (CEO).
Schouwenberg also called on Apple to revoke affected CAs from its list of trusted services, as other tech giants like Google, Microsoft and Mozilla have done. DigiNotar may not be the only compromised CA "out there," the security expert warned.
Schouwenberg suggested the DigiNotar attack could be even more significant than the emergence of the highly sophisticated Stuxnet malware.
“The attack on DigiNotar doesn't rival Stuxnet in terms of sophistication or coordination,” he said.
“However, the consequences of the attack on DigiNotar will far outweigh those of Stuxnet. The attack on DigiNotar will put cyberwar on or near the top of the political agenda of Western governments.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
