[cryptography] OT: The story of a crime: notes on the DigiNotar break-in

Jeffrey Walton noloader at gmail.com
Mon Nov 5 08:03:20 EST 2012


The security specialists at Fox-IT have released a 101-page report
that almost reads like a whodunit story. The subject is the break-in
at Dutch certificate authority (CA) DigiNotar, which Fox-IT has been
in charge of investigating. Last year, a clever hacker managed to
break into DigiNotar's infrastructure over the internet and issue
large numbers of SSL certificates for important domains like
google.com, microsoft.com and skype.com.

It became clear that the hacker was not doing it just for kicks when
one of the Google certificates they had issued was used to spy on a
large number of Iranian internet users. The report says that the
attacker stored the break-in tools in the publically accessible
directory http://www.diginotar.nl/beurs on the DigiNotar web server
and then gained access from a number of different systems in the CA's

More information about the cryptography mailing list