June 19, 2021

DigiNotar Issued Fake SSL Certificates for CIA, MI6 and Mossad

(LiveHacking.Com) – The aftermath of the security breach at DigiNotar continues to grow. New revelations about the extent of the breach have now come to light. It appears that since DigiNotar is a “root” certificate, it can assign authority to intermediaries to sign and validate certificates on its behalf. It seems now that the hackers have signed 186 intermediate certificates that masquerade as well-known certificate authorities like Thawte, Verisign and Equifax.

The expanded list of domains for which fraudulent certificates were issued now includes Facebook, Google, Microsoft, Yahoo!, Tor, Skype, Mossad, CIA, MI6, LogMeIn, Twitter, Mozilla, AOL and WordPress. A complete list can be downloaded from the Tor website.

As a result of the wide scale of this incident Google and Mozilla have now blocked all certificates issued by DigiNotar. According to Mozilla “DigiNotar issues certificates as part of the Dutch government’s PKIoverheid (PKIgovernment) program. These certificates are issued from a different DigiNotar-controlled intermediate, and chain up to the Dutch government CA (Staat der Nederlanden).” The Dutch government has since audited DigiNotar’s performance and removed it from its PKIoverheid role. Therefore all DigiNotar certificates will now be untrusted by Mozilla products.