The recent announcement by VASCO Data Security International that its subsidiary DigiNotar had gone bankrupt added yet another layer to an already shocking story of just how dangerous and widespread the effects of cybersecurity breaches can be.
DigiNotar’s downfall began with an intrusion into the Dutch data security firm’s network, credit for which was claimed by an Iranian hacker calling himself Comodohacker. But that turned out just to be one part in a much larger scheme that involved hacking into the systems of various other companies, stealing public key certificates and using them to spy on as many as 300,000 Iranian citizens.
The nature and scope of the incident caused many to suspect involvement from a sovereign nation, but that notion has been dispelled by Comodohacker himself in an interview he gave to the New York Times.
Though he wasn’t exactly forthcoming with what he did with the stolen information.
“I’m totally independent,” he told the Times in an email interview. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.”
Comodohacker also claimed to be a 21-year-old software engineer living in Tehran, but that has yet to be verified. One thing is for sure, whoever he is, Comodohacker is responsible for turning the world of Internet security on its head.
That’s because nearly all websites rely on the security certificates offered by DigiNotar and stolen by the hacker. With them, he was able to launch a main-in-the-middle attack against unsuspecting Iranian Gmail users. The stolen certificates allowed him to intercept the messages of certain users.
The incident was brought to the public’s attention when a Gmail user alerted Google that the Chrome browser determined his security certificate a fake. That caused Google to block all sites with certificates signed by DigiNotar from access on its Chrome web browser. Shortly after, Microsoft and Mozilla would do the same with their browsers.
So, now we see how the attack had a ripple effect. What started with a single hacker and a Dutch data security firm quickly engulfed hundreds of thousands of unsuspecting web users and many of the most well known companies in the world, including Google, Microsoft and Skype. In March, certificate authority Comodo – from which the hacker pulled his name – said someone had obtained certificates pertaining to the latter two in that list.
With those certificates in hand, many feared the holder would have free reign to exploit myriad Internet security measures.
“I don’t know how much worse it could get,” security researchers and privacy advocate Christopher Soghoian told InformationWeek. “You would think folks would be worried about people spying on confidential communications.”
It’s entirely possible that such a catastrophic incident could shake the nature of data security to its foundation. To this point, much of the data breaches reported on in the news media revolve around the exposure of names, Social Security numbers and other confidential information belonging to companies’ customers. That was certainly the case with the massive hack of Sony’s PlayStation Network, which has been widely regarded as the most disruptive breach of 2011.
But the Comodohacker incident is much different, and seemingly much more severe. Instead of simply locking down personally identifiable information, it now appears companies will have to secure the security measures that are tasked with protecting the data.
So far it remains to be seen if such a paradigm shift is in the works, as the dust is still settling on the DigiNotar bankruptcy filing. Parent company VASCO made no secrets about what caused the company to go out of business.
“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible,” Cliff Bown, VASCO’s executive vice president and CFO, said in the company’s statement.
Pretty soon the data security industry may have no choice but to adapt, as another situation similar to what befell DigiNotar was discovered by researchers. According to the Register, a severe vulnerability in the secure sockets layer protocol that many websites utilized has given cybercriminals the ability to decrypt data sent between the user’s web browser and a web server.
The good news is that the loophole is only present in versions 1.0 and earlier of transport layer security, which, according to the Register, is the success to SSL technology. That bad news, however, is that versions 1.1 and 1.2 of TLS are almost completely unsupported by both browsers and websites.
That means encrypted PayPal and Gmail transactions could be intercepted, spreading concern that a second coming of the Comodohacker incident may be on the horizon.
Security News from SimplySecurity.com by Trend Micro