Slashdot Mirror

← Back to Stories (view on slashdot.org)

(Possible) Diginotar Hacker Comes Forward

Posted by timothy on from the have-in-my-hand-a-list-of-names dept.

arglebargle_xiv writes "At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more 'high-profile' CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns." Whether this claim turns out to be truthful or not, what led to the breach in the first place? Reader Dr La points to an interim report commissioned by the Dutch government (PDF), according to which "a) No antivirus software was present on Diginotar's servers; b) 'the most critical servers' had malicious software infections; c) The software installed on the public web servers was outdated and not patched; and d) all servers were accessible by one user/password combination, which was 'not very strong and could easily be brute-forced.'"

27 of 215 comments (clear)

  1. Weakest link by Errol+backfiring · · Score: 2

    Yep. Our whole security system is exactly as strong as the weakest link.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:Weakest link by houstonbofh · · Score: 2, Insightful

      And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts. "Oh My God! You may be at risk because this cirt was MADE BY SOMEONE WITH A CLUE!"

    2. Re:Weakest link by drolli · · Score: 3, Insightful

      A good security system is not as weak as the weakest link.

    3. Re:Weakest link by arglebargle_xiv · · Score: 4, Funny

      And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts.

      The browser is acting as a food critic. Everyone knows cirts should be cooked rare, not singed. That just spoils the flavour.

    4. Re:Weakest link by houstonbofh · · Score: 2

      Has anyone analyzed how many browsers already have updates invalidating DigiNotar authority or discussed if DigiNotar has a functional OSCP that is returning accurately? The system when used *as designed* does stop MITM attacks. This is the first widespread compromise of a CA that I can recall, and I expect already many users are in browsers that already distrust the compromised key. I suspect most people will have updated their CA certs without even being aware of this incident within a few months. So it does stop MITM attacks.

      Second big one, but I can't find a link to the first. (Google is flooded with this one...) And it does not matter if you have a condom for every partner but that one with AIDS. http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity SSL is not secure, and has not been for a while. The fact that it is going public now is a lag behind the lack of security.

    5. Re:Weakest link by Pieroxy · · Score: 2

      Last time I stumbled over a comment like this I asked for a link. I was given one, and pretty much all of the pages served me errors and other crap... I could not even click on "order".

      So, do you think you can provide me with a link to such a CA that would be both free and functional ?

      --
      Write boring code, not shiny code!
  2. "No antivirus software was present" by Neil_Brown · · Score: 2

    on Diginotar's servers

    Is this uncommon? Do most (sane) administrators run anti-virus on each of their servers?

    1. Re:"No antivirus software was present" by imroy · · Score: 2

      Do most (sane) administrators run anti-virus on each of their servers?

      I guess you do if you're running Window servers, which apparently Diginotar were.

  3. Fear the mighty script kiddy by jellomizer · · Score: 3, Insightful

    We need to stop giving these "Hackers" such press. Oh they broke into a insecure system. They must be real Computer Geniuses. There should be far more press about the state of the hacked sites security, and less on those actual hackers. The hackers are just some dumb kids who did some quick searching around and got some silly tools. The real story is that such organizations have such a poor security.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Honest question: by Haedrian · · Score: 5, Insightful

    How DOES one become a trusted CA? Shouldn't there at least be some sort of procedure to check that they can be trusted?

    1. Re:Honest question: by tetromino · · Score: 4, Informative

      Well, here are the requirements for a CA's certificate to be included in Mozilla products. In particular, they require an independent audit of the CA's policies and internal operations. Presumably other browser vendors follow similar procedures.

    2. Re:Honest question: by timmy.cl · · Score: 2

      You definitely hit the nail! We should establish a new system that proves the CA's are trustworthy. I'd name it CACA*, for Certification Authorities' Certification Authority. Better yet, it should be decentralized, so there should be many independent CACAs all around the world, and every computer out there will have every CACA's certificate installed. This will definitely be the ultimate, perfect, unbreakable trust system.
       
      * Pun intended: "caca" is spanish for poop.

    3. Re:Honest question: by bill_mcgonigle · · Score: 3, Interesting

      And Mozilla gave these jokers a pass while raking CACert across the coals.

      That distinction is very instructive as to the real motivations of the PKI industry.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. More details from the Pastebin source by arglebargle_xiv · · Score: 2

    According to the hacker's Pastebin message, one of the other CA's he's 0wned was GlobalSign, a fairly major CA for which it won't be so easy to pull the root certificate as it was for Diginotar. He's also claiming responsibility for the StartSSL breach that occurred a month or two back. GlobalSign have reportedly gone into panic mode. It also includes other details like:

    I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK"

    as well as their domain admin password Pr0d@dm1n (you can see why Dignotar passed their security audit, they didn't use password1).

  6. No antivirus software on the server? by caseih · · Score: 2

    May we assume by this finding in the Dutch report that the servers were not running any form of Unix or Linux? In any case I do not see how an antivirus program is going to stop an intrusion.

    I used to chuckle when our local credit-card processing system would ask me to ensure that my web server had an up to date antivirus package installed. Rather than out right lie, I explained to them that my web server ran Linux and that they don't run antivirus software, but are kept patched and secured with proper firewall rules and proxy servers, and protected by the IDS at the border of the DMZ.

    Anyway, not even sure why they mentioned antivirus software at all. The problem was more systemic. Their entire system did not seem to be built with security in mind. Where was the IDS? Why did the public-facing servers have the CA private certificates on them at all?

    1. Re:No antivirus software on the server? by tqk · · Score: 2

      All major AV firms now have antivirus packages for Linux (Un*x) that offer both realtime (on-access) and on-demand (hand-started) virus scan protection. They protect the Linux OS as well as the Windows people who connect to Samba, Apache etc. from the transmission of malware.

      Proving there are admins out there who're highly susceptible to the marketing claims of AV vendors. BS!

      I can understand if your *nix box is the SMTP Smarthost or the Samba server for a bunch of user/Win* boxes, that you'd want to try to scrub crap out of incoming stuff before passing it onto the internal LAN/WAN. However, that's got nothing to do with protecting the Smarthost or Samba server.

      Good security practices are generally more than capable of protecting *nix boxes, specifically don't allow the server to be connected to except by services its expected to handle and that you've verified are secured. AV just sucks up CPU cycles, provides a false sense of security, and makes AV vendors rich.

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  7. 'Claiming' to be the hacker? by plover · · Score: 5, Insightful

    Hell, if he really hacked it, he'd have signed the message with DigiNotar's key. He's the only person in this whole debaucle I'd trust to actually have a clue as to how to really use their certificates.

    --
    John
  8. Compromised CAs by unencode200x · · Score: 2
    FTFA:

    3.2

    Compromised CAs

    The attacker(s) had acquired the domain administrator rights. Because all CA servers were members of the same Windows domain, the attacker had administrative access to all of them. Due to the limited time of the ongoing investigation we were unable to determine whether all CA servers were used by the attacker(s). Evidence was found that the following CAs were misused by the attacker(s):-

    DigiNotar Cyber CA-
    DigiNotar Extended Validation CA-
    DigiNotar Public CA - G2-
    DigiNotar Public CA 2025-
    Koninklijke Notariele Beroepsorganisatie CA-


    Stichting TTP Infos CAThe security of the following CAs was compromised, but no evidence of misuse was found (this list is incomplete):-

    Algemene Relatie Services System CA-
    CCV CA-
    DigiNotar PKIoverheid CA Organisatie - G2-
    DigiNotar PKIoverheid CA Overheid en Bedrijven-
    DigiNotar Qualified CA-
    DigiNotar Root CA-
    DigiNotar Root CA Administrative CA-
    DigiNotar Root CA G2-
    DigiNotar Root CA System CA-
    DigiNotar Services 1024 CA-
    DigiNotar Services CA-
    EASEE-gas CA-
    Hypotrust CA-
    MinIenM Autonome Apparaten CA - G2-
    MinIenM Organisatie CA - G2-
    Ministerie van Justitie JEP1 CA-
    Nederlandse Orde van Advocaten - Dutch Bar Association-
    Orde van Advocaten SubCA Administrative CA-
    Orde van Advocaten SubCA System CA-
    Renault Nissan Nederland CA-
    SNG CA-
    TenneT CA 2011-
    TRIAL DigiNotar PKIoverheid Organisatie TEST CA - G2-
    TU Delft CA


    For some of these CAs extra security measures were in place (like the CCV CA). This makes it moreunlikely they were misused.

    --

    Chance favors the prepared mind.
    Perfect is the enemy of good.
  9. Re:The organization is the interesting part by houstonbofh · · Score: 2

    Doing it right costs more money than the PHBs want to spend. At every job I have had, I have gone to management with "This is a bad idea, and it will bite us." Most of the time when we get bit, I do not get the blame. Sometimes, even with the repeated and documented warnings, I get the blame anyway. And soon after, a new job with a, hopefully, more sane company.

  10. Re:CAs are dinosaurs by GameboyRMH · · Score: 2

    Self-signed certs, distributed verification system. Try it out now:

    http://www.networknotary.org/firefox.html

    http://www.convergence.io/

    Have you been living in a cave?

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  11. From the report... by MtHuurne · · Score: 5, Informative

    First, here is the actual PDF instead of some web-based PDF viewer surrounded by dubious ads.

    The most damning statement from the report (in my opinion) didn't make the summary: "The separation of critical components was not functioning or was not in place. We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN."

    I have worked at company that generated encryption keys and they did so on a PC in a locked rack in a locked room with no network connection; such an approach would have prevented this attack.

    This fragment from the timeline is also interesting:

    19-Jun-2011 Incident detected by DigiNotar by daily audit procedure
    02-Jul-2011 First attempt creating a rogue certificate
    10-Jul-2011 The first succeeded rogue certificate (*.Google.com)

    So an incident was detected three weeks before the first rogue cert was issued.

  12. All Messages from ComodoHacker by eulernet · · Score: 2

    Here are the messages from ComodoHacker on pastebin:

    http://pastebin.com/u/ComodoHacker

    He published a cert for Mozilla in March.

  13. Re:SSH does it right. by Anonymous Coward · · Score: 2, Informative

    There's an add-on for Firefox called Certificate Patrol which does precisely that - it even shows you the diff between the old and new certificate. Alas, it still requires constant vigilance - Joe Random User will click through any warning, no matter how scary, if promised scantily clad dancing bunnies.

  14. The irony... by rainer_d · · Score: 2
    ...of an ad selling "high assurance ssl certificates" on the top of this page is hardly beatable.

    "High assurance" now just means "not p0wned, yet".

    --
    Windows 2000 - from the guys who brought us edlin
  15. MITM from day one by tepples · · Score: 2

    If I connect to a site with a SS cert, I get a warning about it, and whitelist that cert. If I come back some other time, and there is a new self signed cert, I get the warning again.

    And if there was already a man in the middle on the first day you visited the site, you're screwed. There is the Perspectives project, which uses network route diversity to detect a man in the middle, but it doesn't work so well if the man in the middle is situated between the server with the self-signed cert and its upstream Internet connection, such as a server behind a country's firewall.

  16. What's the big difference? by TheLink · · Score: 2

    But how do you know whether the first, second, third, fourth, Xth CA signed cert you got is a good one?

    What if the CA signed cert you got was actually created by the hacker? By default most browsers won't warn you, as long as the cert is signed by ANY of the dozens of CAs accepted by your browser[1] (I personally use Certificate Patrol so I am more likely to be warned in such situations - cert changed CA and changed way before expiry).

    Seems a worse situation than the self-signed cert - where you can choose not to do any security sensitive stuff till you confirm that the self-signed cert doesn't change over time and over different ISP connections (and your email to the bank gets an appropriate response). If the hacker has MITM'ed the bank's internet connection and nobody (including the bank and their customers) has noticed even after a few days or a week, then it might not make a big difference - the hacker probably has pwned the bank in other ways.

    Even with a CA signed cert I still had to email my bank to confirm it, because the cert changed from a single host cert to a multiple host cert for multiple countries, signed by a different CA (remember: most browsers by default would not warn you in such a situation). Are you so confident that it would still be OK to login and do transactions in that situation?

    So what's the big difference in security? If you talk about "normal users" there's no difference. Normal users can get pwned just because the hacker gives the bank the user's mother's maiden name as the "security answer" or other corporate idiocy. Or they'll get pwned because they got phished. Or they'll get pwned because they won't know that the valid CA signed cert is actually invalid.

    If you talk about people who actually care and know about security, there is no real difference either - because they will still have to do extra checks.

    [1] Firefox recognizes many dozens of CAs. Windows/IE recognizes any CA that has their cert signed by Microsoft or other appropriate installed CA, so even if the CA cert isn't listed at first, it will automatically get added (try deleting a CA root cert and watch it get readded when you visit their site using IE via https). Google Chrome on Windows by default recognizes any CA that IE recognizes (good luck ;) ).

    --
  17. The difference between CACert and DigiNotar by frehe · · Score: 4, Interesting

    I love this comment from Mozilla's Nelson Bolyard in that thread:

    I have no opinion about the worthyness of the particular CA being proposed in this bug. I don't know who it is yet. But my question would be:

    Does webtrust "attest" to this CA?

    I think that should be one of the criteria. PKI is about TRUST. All root CAs that are trusted for (say) SSL service are trusted EQUALLY for that service. If we let a single CA into mozilla's list of trusted CAs, and they do something that betrays the publics' trust, then there is a VERY REAL RISH that the public will lose ALL FAITH in the "security" (the lock icon) in mozilla and its derivatives.

    We don't want that to happen. If that happens, mozilla's PKI becomes nothing more than a joke. If you want to see mozilla's PKI continue to be taken seriously, you will oppose allowing unattested CAs into mozilla's list of trusted root CAs.