In the recent week, DigiNotar, a dutch company, has released hundreds of fake certificates. To make matters worse, DigiNotar is a "root" certificate and can sign and validate certificates on behalf of other CA. It appears the attackers signed 186 certificates that could have been intermediate certificates. The attackers also issued certificates in the names of other certificate authorities such Thawte, Verisign, Comodo and Equifax.
It seems the hackers have signed themselves hundreds of fake certificates including one for Google, which HAS been observed to have been used, Yahoo, Facebook, Microsoft, Yahoo!, Skype, Mossad, CIA, MI6, LogMeIn, Twitter, Mozilla, AOL and WordPress. Also, the cheecky hackers have also issued themselves wild card certificates such as *.*.com and *.*.org
These false certificates allow the hackers to masquerade as other well known companies like Google, Microsoft, etc, just like the picture on DigiNotar's website (to the right) shows. In fact, these false certificates have been used in man in the middle attacks performed allegedly by Iran. In a man in the middle attacks, the attacker makes independent connections with the victims and relays messages between them. In other word, the hacker stands between the connection between the victim and the website s/he wants to visit, hence the term man in the middle.
Example taken from Wikipedia
Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and possibly deliver a false message to Bob .
First, Alice asks Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. Mallory sends a forged message to Alice that claims to be from Bob, but instead includes Mallory's public key.
Alice, believing this public key to be Bob's, encrypts her message with Mallory's key and sends the enciphered message back to Bob. Mallory again intercepts, deciphers the message using her private key, possibly alters it if she wants, and re-enciphers it using the public key Bob originally sent to Alice. When Bob receives the newly enciphered message, he believes it came from Alice.
1. Alice sends a message to Bob, which is intercepted by Mallory:
Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob
2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice:
Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob
3. Bob responds with his encryption key:
Alice Mallory <--[Bob's_key] Bob
4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key:
Alice <--[Mallory's_key] Mallory Bob
5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it:
Alice "Meet me at the bus stop!"[encrypted with Mallory's key]--> Mallory Bob
6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:
Alice Mallory "Meet me in the windowless van at 22nd Ave!"[encrypted with Bob's key]--> Bob
7. Bob thinks that this message is a secure communication from Alice.
Audits of DigiNotar to find out the cause behind the attacks found several distrubing conclusions about the security of DigiNotar
- DigiNotar`s Window servers were unpatched and had no anti-virus scanners
- DigiNotar's password for admin account were weak and easily cracked by brute forced attacks
- All of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything.
- They had no centralized nor secure logging.
- There was no effective separation of critical components
The list, which is expected to grow as the investication is still ongoing, is shocking and shows that DigiNotar's lack of security is to blame.
What other companies are doing in response to the incident? In reaction, Microsoft removed the DigiNotar root certificate from its list of trusted certificates with its browsers on all supported releases of Microsoft Windows to protect its users. This will remove DigiNotar as a trusted root certificate in all versions of Windows later then Windows Vista (that means Microsoft Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2). So far Windows XP and Windows Server 2003 are still affected as it does not have a mechanism to check with Microsoft's online list of trusted root certificates and update its list automatically; Windows XP and Server 2003 only supports updating the list of root certficates via an update from Microsoft Update and so far Microsoft haven't released such updates. Likewise, Google removed DigiNotar from the list of trusted certificate issuers and Mozilla released new versions of its Firefox browser, revoking trust in the DigiNotar root certificate. Opera so far has not completely revoked trust of DigiNotar, instead opting to only distrusting the comprimised certificates by checking certificate revocation list of the certificate's issuer. If you want to push Opera to revoke DigiNotar complete, visit this thread. Apple, the reigning "supreme" OS, has not done anything in response to the attacks. Safari and Mac OS X do not detect the certificate's revocation, and users must use the Keychain utility to manually delete the certificate, then restart Safari, to clear DigiNotar certificates from the system
What is the outcome of the attacks? Most of the company as signed a death sentence for DigiNotar, removing it from the list of trusted root certificates. Audits of DigiNotar is being done and is uncovering more of the damage done. Also it seems that Govcert, Computer Security Incident Response Team for the Dutch government, have taken over operations of DigiNotar. Hope they do a better job.
Updates to article:
It seems Microsoft flicked the kill switch on DigiNotar and release an update that has revokes the trust of the following DigiNotar root certificates and placed them in the list of untrusted certificates:
- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie - G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
Windows users are now prevented from accessing sites with SSL certificates issued by DigiNotar instead of being presented with a certificate warning.
Previously, users going to sites using the DigiNotar cerficate is presented with an error screen with the option to continue as shown:
However, after the application of the update, the option to continue has been removed:
To test this behavior go to the https version of the DigiNotar's website.
All Windows users using automatic updates will apply this update and no reboot is required. However, on request from the Dutch government, Microsoft has delay the rollout of this update to users in the Netherlands and their territories until next Tuesday (Patch Tuesday coincidentally). This will give time for the Dutch websites to swap all their certificates to another, perhaps more trustworthing certificate authority. Therefore, the user would have to manually run Microsoft Update to receive the patch.
See http://www.microsoft.com/technet/security/advisory/2607712.mspx for more details.
It seems that Opera too have followed suit and removed trust for DigiNotar. For now, the user still have to manually remove the DigiNotar Root CA if it exists in his/her copy of Opera. Opera Software implies that new installations of Opera (that is, when installing Opera onto systems that did not have it installed previously) will not include the DigiNotar Root CA by default. Opera recommends that if you visit a site with a DigiNotar-issued certificate and it triggers an "Unknown issuer" dialog, click "Reject". See http://my.opera.com/rootstore/blog/2011/09/06/diginotar-first-step-disabling-the-root for more details.
This seems the end for DigiNotar.