It began as a cyber-crime story which was high-profile but like others unfortunately sometimes you hear about. Instead, as the days have passed the investigation have led to findings that suggest a disturbing story of cyber-espionage or even cyber-war.
The story began in July when DigiNotar, a Dutch certificate authority, identified an intrusion into their systems with an SSL certificate being compromised. This is a digital certificate that works as a digital key to a secure connection and for this reason it’s issued by a certificate authority that acts as a guarantor of its validity and safety.
The theft of an SSL certificate allows the criminals who made it to perform attacks, even indirectly through phishing, exploiting the fact that users trust a connection in theory protected. The stolen SSL certificate enabled the authentication to Google services, thus creating potential vulnerabilities in various services of this company.
The first investigation led to think that the target of the theft were Iranian dissidents and therefore the authors worked for the regime of that country in order to prevent the emergence of a liberation movement similar to those seen in other countries this year.
Mozilla promptly proceeded with the release of new versions of Firefox and Thunderbird and Google did the same with Chrome to revoke the validity of various SSL certificates issued by DigiNotar. The advice is obviously to upgrade your browser.
[ad name=”AmazonElectronics468″]
As the days passed the investigation has unearthed a very worrying situation finding that the SSL certificates stolen are more than five hundred. The security problems don’t concern Google only but also other IT giants such as Google and Facebook. The issue has become even more worrying when vulnerabilities were discovered in the systems of various intelligence agencies such as the Mossad, MI6 and the CIA.
Another disturbing element emerging from the investigation is the suspicion that the intrusion started at least two years ago. Inevitably one wonders how it’s possible that they took so long to discover it and how the stolen SSL certificates were used until their validity were revoked.
In the Netherlands the issue has become political too: the Dutch government took over DigiNotar management and there’s to be a discussion on the issue in their parliament. There may be no official reactions from other nations because the vulnerabilities have affected secret systems so if there were any intrusions hardly anyone will admit it.
Regardless of possible further developments of this story I can’t help observing once again that a security system is as good as its weakest link. When it’s the element that’s supposed to be the most trustworthy that instead is unreliable, I wonder how much we can feel secure on the Internet.
