DigiNotar hack puts cyberwar on the map

Powered by SC Magazine
 

Hard lessons to be learnt.

The attack on certificate authority (CA) Diginotar will put cyberwar near the top of the political agenda of western governments.

In an almost unprecedented event the Dutch Minister of Internal Affairs gave a press conference on Saturday night announcing that the Government revoked trust in Diginotar.

The company consisted of two seperate branches.

One branch was a CA that dealt with regular business. The other branch, PKIoverheid,  focused on government.

The audit conducted on Diginotar's systems showed the integrity of the PKIoverheid authority couldn't be guaranteed. It should be presumed the integrity is broken.

At the beginning of last week the Dutch Government vouched for the integrity of the PKIoverheid CA.

This caused the browser makers to only blacklist the non-goverment CA from Diginotar. Next time around, browser makers may not be quite as trusting.

A break down of most of the important elements of the attack:
531 rogue certificates

This list of rogue certificates is a very far cry from the dozen or so that Diginotar originally reported compromised.

Certs for intelligence agencies
Some attention has been put toward the rogue certificates generated for the CIA and others. No actionable intelligence would be gathered from snooping on traffic to the CIA web site.

WindowsUpdates
A rogue certificate for WindowsUpdates was also issued. It's my understanding WindowsUpdates only runs programs which are digitally signed by Microsoft.

To push malware through WindowsUpdates would require a rogue certificate that also allows the attacker to sign code rather than just run SSL websites. Microsoft may have checks in place that would prevent exploitation by a rogue certificate.

Code signing
This screenshot shows the *.google.com certificate also to be valid for code signing. That means this attack could transcend the browser allowing attackers to send malware to victims that would appear to orginated from Microsoft or other affected parties. At this point it becomes critical for these certificates to be blocked OS-wide, not just in the browser.

Consequences of PKIoverheid CA revokation
The damage sustained to the Dutch Government IT infrastructure is quite significant. A lot of services were no longer available. Communications were disrupted, meaning one could argue the attack was an act of cyberwar.

Cyberwar on the agenda
Stuxnet had a huge impact but there didn't seem to be a sense of urgency to put cyberwar and cybersecurity on most of the political agendas. The DigiNotar attack will.

Mobile devices
While browsers for desktops and laptops are receiving updates to blacklist these CAs, it remains very quiet on the mobile front. This is especially worrisome as *.android.com is one of the targeted domains in this attack. Here's a simple guideline: If a device can do email or web browsing then the CAs need to be revoked on that device.

Apple
So far it's not known if Apple is even planning on revoking these CAs. I don't understand why Apple is keeping radio silence on this and quite frankly it's unacceptable. Using third party web browsers and email clients is the way to go.

Other CAs
Diginotar was excommunicated because it didn't disclose the breach. With some 500 authorities out there, it's hard to believe Diginotar is the only compromised CA. This should serve as a very strong message for CAs to go public with any breach.

This blog first appeared on KasperskyLabs' SecureList.

Copyright © SC Magazine, Australia


DigiNotar hack puts cyberwar on the map
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1521

Vote