Dutch Internet safety certificate authority DigiNotar has been hacked by Iran. Entirely. Not just the commercial department, but also the 'hermetically separated' section that provides safety certs for the Dutch govt. DigiNotar has foreign companies and governmental agencies as its clients too. It will take some time to figure out the total damage involved. This is the conclusion of forensic ICT company, Fox-IT (govt statement (PDF)). DigiNotar, the Home Office, Logius (SSN management agency) and GovCERT have maintained until last night that Iran's islamohackers have not been able to get to the state certs. But in an unusual midnight presser the Home Secretary has admitted that the govt certs have been compromized as well.
The Fox-IT report would have been published by the end of the week, but is till this moment under wraps. DigiNotar called in Fox-IT only last week when things spiralled completely out of control. The hacking took place early July. DigiNotar became aware of the hacking on July 19 and kept stum about it. At the end of August it became apparent that measures had been taken to no avail: Iranian Gmail users were tapped through a fake DigiNotar CERT. Mozilla and Google Chrome meanwhile have pronounced the death sentence over DigiNotar. So what does all this matter? For the Dutch probably not that much. In 0031 it is not that easy to get to the cable companies or providers. Not so in Islamofascist Iran, where they are an integral part of the total state. So if you are a politically active Ali or Soraya and you trust the ethically superior Google or the liberty loving Skype, you may find yourself up against Herr Ahmadinejad of the Gestapo instead. He is able to tap into Google through a computer in Iran that DigiNotar declared safe. Also Yahoo, Skype and a number of software companies have been compromized. To be continued.
The Fox-IT report would have been published by the end of the week, but is till this moment under wraps. DigiNotar called in Fox-IT only last week when things spiralled completely out of control. The hacking took place early July. DigiNotar became aware of the hacking on July 19 and kept stum about it. At the end of August it became apparent that measures had been taken to no avail: Iranian Gmail users were tapped through a fake DigiNotar CERT. Mozilla and Google Chrome meanwhile have pronounced the death sentence over DigiNotar. So what does all this matter? For the Dutch probably not that much. In 0031 it is not that easy to get to the cable companies or providers. Not so in Islamofascist Iran, where they are an integral part of the total state. So if you are a politically active Ali or Soraya and you trust the ethically superior Google or the liberty loving Skype, you may find yourself up against Herr Ahmadinejad of the Gestapo instead. He is able to tap into Google through a computer in Iran that DigiNotar declared safe. Also Yahoo, Skype and a number of software companies have been compromized. To be continued.
Courtesy Messrs @ejo60 @mklerx en @Wolff_AJ
Updates on fall out & Dutch Govt: please file your tax statements!