GlobalSign says certs weren't hacked

By on
GlobalSign says certs weren't hacked

Thanks everyone.

GlobalSign found no evidence digital certificate infrastructure was hacked or that rogue certificates were issued.

In a security incident report, GlobalSign confirmed it had not found evidence of rogue certificates being issued or customer data being exposed.

It also said that there was no evidence of a compromise of its root certificate keys and associated hardware security modules (HSMs), issuing authorities and associated HSMS or registration authority (RA) services.

As reported in September, in the wake of the DigiNotar and Comodo hacker saying that he had access to four other CAs, GlobalSign said that it was temporarily ceasing issuance of all certificates until an investigation was complete and that it took "this claim very seriously and is currently investigating".

GlobalSign did confirm that a peripheral web server, which was not part of the certificate issuance infrastructure but was hosting public-facing web property, was breached.

It also said that publicly available HTML pages, PDFs, SSL certificates and keys issued to GlobalSign's website could have been exposed.

It also deemed that SSL certificates and key for the GlobalSign website were deemed to have been compromised and were revoked.

This led it to cease issuing new certificates for nine days between 6 and 15 September and, during the outage, GlobalSign contracted Fox-IT to provide third-party analysis of its infrastructure.

Fox-IT was also retained by the Dutch government as part of the ongoing Comodo hacker criminal investigation.

GlobalSign also contracted Cyber Security Japan to oversee the rebuild of a newly hardened certificate issuance infrastructure, on the (now disproved) assumption that previous infrastructure had been breached.

GlobalSign implemented additional controls around infrastructure, customer data protection and access to all systems.

“It is our view that this attack is one phase of an advanced persistent threat against all security solution providers," the company said.

"Because the threat landscape has evolved, GlobalSign believes greater controls are necessary across the industry and echoes the calls covered in WebTrust 2.0 and the recent updates to the Mozilla Root CA acceptance programme."

“The executive team apologises sincerely for the inconvenience caused when undertaking such an important decision. However the organisation stands by the decision and maintain that the ultimate duty of care for GlobalSign, like all responsible CAs, is to avoid issuance of rogue certificates.

“We are truly thankful for the positive reaction to our chosen response to the incident, including the press covering this and other incidents, our peers and ultimately from our valued customers and partners.

“Finally, we also support ongoing co-operation between the security providers, CAs and the various global authorities in sharing threat information promptly and accurately.”

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?