Dutch Internet safety certificate authority DigiNotar has been hacked by Iran. Entirely. Not just the commercial department, but also the 'hermetically separated' section that provides safety certs for the Dutch govt. DigiNotar has foreign companies and governmental agencies as its clients too. It will take some time to figure out the total damage involved. This is the conclusion of forensic ICT company, Fox-IT (govt statement (PDF)). DigiNotar, the Home Office, Logius (SSN management agency) and GovCERT have maintained until last night that Iran's islamohackers have not been able to get to the state certs. But in an unusual midnight presser the Home Secretary has admitted that the govt certs have been compromized as well.