Certificate authority GlobalSign terminated issuance of certificates after the DigiNotar hacker claimed to have access to its system.
In a statement, the hacker claimed to have access to four more high-profile certificate authorities (CAs) and would issue certificates from them.
One of the CAs was identified as GlobalSign which issued a statement that it "takes this claim very seriously and is currently investigating".
“As a responsible CA, we have decided to temporarily cease issuance of all certificates until the investigation is complete. We will post updates as frequently as possible. We apologise for any inconvenience.”
Sophos senior security adviser Chester Wisniewski said it was a good move.
"Its response is interesting. While we don't know if it has been compromised – and, arguably, neither do they – it is making a tough choice and is what we should expect from an organisation whose business models rely on trust," he said.
“It's possible the accusations are simply from an anonymous raving lunatic. Yet they could be true and, rather than put the greater internet community at risk, GlobalSign is forgoing some revenue out of an abundance of caution. That's great news. Let's hope that the accusations are false and everything is safe and secure at GlobalSign and the other three unnamed victims.”
In a statement posted on Pastebin, Ichsun claimed to have access to four CAs other than DigiNotar and had connected to the hardware security module of StartCom, where their hack was foiled because the chief executive was carrying out manual verification.
The garbled statement said: “I have around 300 code signing certificates and a lot of SSL certs with again code signing permission, look at Google's cert, I have code signing privilege! You see? I owned an entire computer network of DigiNotar with 5-6 layers inside which have no connection to internet.”
Ichsun also claimed to be able to issue Windows updates.