MI6 targeted in DigiNotar hack

MI6, the CIA and Facebook were all targeted following a hack on certificate authority DigiNotar.

Cyber war

UK intelligence body MI6 was one of over 500 organisations targeted by hackers who compromised certificate authority (CA) DigiNotar.

When DigiNotar confirmed it was hacked last week, it was believed only a handful of fake SSL certificates were issued. A list from the Dutch Government has shown 531 rogue certificates were actually issued, including one for MI6 website sis.gov.uk.

Advertisement - Article continues below

Other targeted sites included the CIA, Facebook, Google, Skype, Twitter and WordPress.

The Dutch Government confirmed it is looking into reports Iran was responsible for the hacks. The Dutch interior ministry said Government websites may not be safe due to the DigiNotar hack, according to the Daily Telegraph.

The consequences of the attack on DigiNotar will far outweigh those of Stuxnet.

"The damage sustained to the Dutch Government IT infrastructure is quite significant. A lot of services are no longer available," said Roel Schouwenberg, Kaspersky Lab expert, in a blog post.

"Effectively, communications have been disrupted. Because of this, one could make an argument the attack is an act of cyberwar."

He said any suggestion the Iranian Government was involved was "all speculation" right now.

"Any kind of hints found in the registered certificates could well be decoys. I remain with my stance that a government operation is the most plausible scenario," he added.

Advertisement - Article continues below
Advertisement - Article continues below

VASCO Data Security International, DigiNotar's parent company, said on Friday it wanted to work with the Dutch Government on identifying who was responsible.

"It is our firm belief that cooperating with VASCO is the right decision for the Dutch Government. We are convinced that together we will solve this issue," said Ken Hunt, VASCO's chairman and chief executive (CEO).

Schouwenberg also called on Apple to revoke affected CAs from its list of trusted services, as other tech giants like Google, Microsoft and Mozilla have done. DigiNotar may not be the only compromised CA "out there," the security expert warned.

Schouwenberg suggested the DigiNotar attack could be even more significant than the emergence of the highly sophisticated Stuxnet malware.

"The attack on DigiNotar doesn't rival Stuxnet in terms of sophistication or coordination," he said.

"However, the consequences of the attack on DigiNotar will far outweigh those of Stuxnet. The attack on DigiNotar will put cyberwar on or near the top of the political agenda of Western governments."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



INKY announces $20M Series B funding round

4 Jun 2020

Microsoft issues warning about new PonyFinal ransomware attacks

3 Jun 2020
data breaches

Amtrak Guest Reward suffers a data breach

3 Jun 2020
cyber security

Brand-impersonation and form-based attacks are rising

3 Jun 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020