Forgot your password?
typodupeerror
Security The Internet IT

(Possible) Diginotar Hacker Comes Forward 215

Posted by timothy
from the have-in-my-hand-a-list-of-names dept.
arglebargle_xiv writes "At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more 'high-profile' CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns." Whether this claim turns out to be truthful or not, what led to the breach in the first place? Reader Dr La points to an interim report commissioned by the Dutch government (PDF), according to which "a) No antivirus software was present on Diginotar's servers; b) 'the most critical servers' had malicious software infections; c) The software installed on the public web servers was outdated and not patched; and d) all servers were accessible by one user/password combination, which was 'not very strong and could easily be brute-forced.'"
This discussion has been archived. No new comments can be posted.

(Possible) Diginotar Hacker Comes Forward

Comments Filter:
  • by Errol backfiring (1280012) on Tuesday September 06, 2011 @09:56AM (#37315464) Journal
    Yep. Our whole security system is exactly as strong as the weakest link.
    • Re: (Score:3, Insightful)

      by houstonbofh (602064)
      And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts. "Oh My God! You may be at risk because this cirt was MADE BY SOMEONE WITH A CLUE!"
      • by arglebargle_xiv (2212710) on Tuesday September 06, 2011 @10:11AM (#37315614)

        And crap like this is why I don't understand why my browser has to go apeshit over self singed cirts.

        The browser is acting as a food critic. Everyone knows cirts should be cooked rare, not singed. That just spoils the flavour.

        • by Jawnn (445279)
          I don't care if he singes things himself or not, but I am a bit concerned over this "cirt" thing. It sounds like it could be painful if singed.
      • by Junta (36770)

        This is a huge deal because for browsers/libraries that do not refresh CA certificates promptly, some select population of people can reduce all certs to as bad as self-signed certificates.

        Saying self-signed certs are somehow better than certs signed by a compromised CA is rather silly.

        • Not what I am saying. I am saying that self signed cirts are not the evil that modern browsers make them out to be, and official CAs are not the paragon of security.
          • by Errtu76 (776778)

            Please, for the love of Diginotar, at least say 'certs' if you want to abbreviate 'certificates'.

    • Re:Weakest link (Score:4, Insightful)

      by drolli (522659) on Tuesday September 06, 2011 @10:03AM (#37315530) Journal

      A good security system is not as weak as the weakest link.

      • Can you find me 5 people that have never broken the "cup holder" that believe our current system is a "good security system?"
        • by Junta (36770)

          The problem is that our current system may not in practice *be* a 'good security system', but if implemented correctly it *would* be.

          The challenge is this will undoubtedly hold true for any proposed alternative implementation strategy, making churning the underlying technology an exercise in futility unless you fix the aspects preventing the x509 system from working as designed.

      • It's the same as equivalent resistance of resistors in parallel, slightly weaker than the weakest link.

    • The hacker is Ichsun again, better known as "skill of 1000 hackers."

    • It looks like in this case "our whole security system was the weakest link."
      Or maybe "Our whole security system was their security system, which was the weakest link."
  • Clearly they were using voting machines for web servers. That explains everything. Oblig: http://xkcd.com/463/ [xkcd.com]
  • by Neil_Brown (1568845) on Tuesday September 06, 2011 @09:56AM (#37315468) Homepage

    on Diginotar's servers

    Is this uncommon? Do most (sane) administrators run anti-virus on each of their servers?

    • by imroy (755)

      Do most (sane) administrators run anti-virus on each of their servers?

      I guess you do if you're running Window servers, which apparently Diginotar were.

    • If they're Windows servers, then yes..

    • by gmuslera (3436) *
      Is debatable if running windows in critical servers is something that sane administrators would do. sane administrators shouldt need to run antivirus in their servers, either because run something safer or know enough to avoid running into that risks.
    • by jhoegl (638955)
      Only if multiple people have access, or there are user files stored on it would i need anti-virus.

      If you are the only one that has access, no user files are stored, and it performs simple tasks... probably not needed.

      See, what people who think Anti-virus is important dont seem to understand is that it wont protect against vulnerabilities, nor against 0 day. It is a false sense of security for the senseless. I can run for years without anti-virus and never get a virus. How would I know if I dont have a
      • While your points on 0 day bugs is true, in this case, the malware would have been detected by current AV software. AV software is no magic pill that will solve all security problems however I don't understand why the company didn't use it.
    • I'd contend that you're betting running anti-virus on Windows servers than running without it, but at the same time I think far too many people see it as a crutch.

      Most anti-virus software scans files already in your system against a list of known infections. It is far too easy to fuzz past detection, not to mention that it can't protect against the latest unknown infections.

      The best protection is proper sandboxing and security policies. Don't let anything in unless you have to. Don't trust anything.

      And hone

  • by jellomizer (103300) on Tuesday September 06, 2011 @09:58AM (#37315478)

    We need to stop giving these "Hackers" such press. Oh they broke into a insecure system. They must be real Computer Geniuses. There should be far more press about the state of the hacked sites security, and less on those actual hackers. The hackers are just some dumb kids who did some quick searching around and got some silly tools. The real story is that such organizations have such a poor security.

    • by erroneus (253617)

      It's not the hacker that is the story, but the light on the security situation at large. That a script kiddy was able to do this adds to the embarrassment. Unfortunately, most people will not understand this fact and will instead seek to destroy all script kiddies. ... this is the same mentality in the medical world that has led to the unintentional creation of MRSA. The over-use and dependence on killing everything that might be a germ has bred superbugs. And these days, they are also seeking to destro

  • Honest question: (Score:5, Insightful)

    by Haedrian (1676506) on Tuesday September 06, 2011 @09:59AM (#37315480)

    How DOES one become a trusted CA? Shouldn't there at least be some sort of procedure to check that they can be trusted?

    • Re:Honest question: (Score:5, Informative)

      by tetromino (807969) on Tuesday September 06, 2011 @10:11AM (#37315618)
      Well, here [mozilla.org] are the requirements for a CA's certificate to be included in Mozilla products. In particular, they require an independent audit of the CA's policies and internal operations. Presumably other browser vendors follow similar procedures.
      • Well, here [mozilla.org] are the requirements for a CA's certificate to be included in Mozilla products. In particular, they require an independent audit of the CA's policies and internal operations. Presumably other browser vendors follow similar procedures.

        Now I get it! He was not a hacker, or a cracker. He was an independent auditor!

      • Re:Honest question: (Score:4, Interesting)

        by bill_mcgonigle (4333) * on Tuesday September 06, 2011 @11:04AM (#37316122) Homepage Journal

        And Mozilla gave these jokers a pass while raking CACert across the coals [mozilla.org].

        That distinction is very instructive as to the real motivations of the PKI industry.

        • by frehe (6916) on Tuesday September 06, 2011 @01:46PM (#37318064)

          I love this comment from Mozilla's Nelson Bolyard in that thread:

          I have no opinion about the worthyness of the particular CA being proposed in this bug. I don't know who it is yet. But my question would be:

          Does webtrust "attest" to this CA?

          I think that should be one of the criteria. PKI is about TRUST. All root CAs that are trusted for (say) SSL service are trusted EQUALLY for that service. If we let a single CA into mozilla's list of trusted CAs, and they do something that betrays the publics' trust, then there is a VERY REAL RISH that the public will lose ALL FAITH in the "security" (the lock icon) in mozilla and its derivatives.

          We don't want that to happen. If that happens, mozilla's PKI becomes nothing more than a joke. If you want to see mozilla's PKI continue to be taken seriously, you will oppose allowing unattested CAs into mozilla's list of trusted root CAs.

    • by DdJ (10790)

      How DOES one become a trusted CA?

      By social engineering applied to the browser vendors.

    • by timmy.cl (1102617)

      You definitely hit the nail! We should establish a new system that proves the CA's are trustworthy. I'd name it CACA*, for Certification Authorities' Certification Authority. Better yet, it should be decentralized, so there should be many independent CACAs all around the world, and every computer out there will have every CACA's certificate installed. This will definitely be the ultimate, perfect, unbreakable trust system.
       
      * Pun intended: "caca" is spanish for poop.

  • by arglebargle_xiv (2212710) on Tuesday September 06, 2011 @10:05AM (#37315552)

    According to the hacker's Pastebin message, one of the other CA's he's 0wned was GlobalSign, a fairly major CA for which it won't be so easy to pull the root certificate as it was for Diginotar. He's also claiming responsibility for the StartSSL breach that occurred a month or two back. GlobalSign have reportedly gone into panic mode. It also includes other details like:

    I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK"

    as well as their domain admin password Pr0d@dm1n (you can see why Dignotar passed their security audit, they didn't use password1).

  • How does an organization that works with moderately complex technology, where security is of the utmost importance, go down such a dark alley so many others have treaded before with foreseeable and dreadful consequences? Point-haired bosses? perhaps appointed by politicians? Too good a business to think about the pillars? Seriously, did they never ever have anyone raise the alarm? What happened if someone did?
    • Doing it right costs more money than the PHBs want to spend. At every job I have had, I have gone to management with "This is a bad idea, and it will bite us." Most of the time when we get bit, I do not get the blame. Sometimes, even with the repeated and documented warnings, I get the blame anyway. And soon after, a new job with a, hopefully, more sane company.
      • by rjstanford (69735)

        Maybe if you'd gone to them with "This is a bad idea, it has a xx% chance every month we're doing it of costing us $$$ in direct fees and around $$$ in indirect bad press. I can rectify it for $ plus $ per month," they'd have taken you up on the suggestion?

        Alternately, maybe you would have realized as they did (correctly in some cases, not so in others, I'm sure) that the economics actually supported not fixing the problem?

        • I can accept that in many cases. It is when they flip flop later to blaming me for the exact thing I warned them about that I start polishing up the CV.
        • Maybe if you'd gone to them with "This is a bad idea, it has a xx% chance every month we're doing it of costing us $$$ in direct fees and around $$$ in indirect bad press. I can rectify it for $ plus $ per month," they'd have taken you up on the suggestion?

          I used to be very idealistic too when I was much younger. Ah the good old days :-)

  • by caseih (160668) on Tuesday September 06, 2011 @10:09AM (#37315594)

    May we assume by this finding in the Dutch report that the servers were not running any form of Unix or Linux? In any case I do not see how an antivirus program is going to stop an intrusion.

    I used to chuckle when our local credit-card processing system would ask me to ensure that my web server had an up to date antivirus package installed. Rather than out right lie, I explained to them that my web server ran Linux and that they don't run antivirus software, but are kept patched and secured with proper firewall rules and proxy servers, and protected by the IDS at the border of the DMZ.

    Anyway, not even sure why they mentioned antivirus software at all. The problem was more systemic. Their entire system did not seem to be built with security in mind. Where was the IDS? Why did the public-facing servers have the CA private certificates on them at all?

    • by ledow (319597)

      Worse than that - their all-Windows servers (including the signing server) were all part of the same domain and so all could be logged into with a single set of credentials (which is what the intruder had, by brute-forcing that crappy password) and all joined to the same networks.

  • by plover (150551) * on Tuesday September 06, 2011 @10:10AM (#37315606) Homepage Journal

    Hell, if he really hacked it, he'd have signed the message with DigiNotar's key. He's the only person in this whole debaucle I'd trust to actually have a clue as to how to really use their certificates.

    • by chrb (1083577)

      As a proof to show that he really did infiltrate DigiNotar, he shares the domain administrator password of the CA network: Pr0d@dm1n. DigiNotar would be able to confirm if this was accurate or not.

      Maybe something will come of that...

  • FTFA:

    3.2

    Compromised CAs

    The attacker(s) had acquired the domain administrator rights. Because all CA servers were members of the same Windows domain, the attacker had administrative access to all of them. Due to the limited time of the ongoing investigation we were unable to determine whether all CA servers were used by the attacker(s). Evidence was found that the following CAs were misused by the attacker(s):-

    DigiNotar Cyber CA-
    DigiNotar Extended Validation CA-
    DigiNotar Public CA - G2-
    DigiNotar Public CA 2025-
    Koninklijke Notariele Beroepsorganisatie CA-


    Stichting TTP Infos CAThe security of the following CAs was compromised, but no evidence of misuse was found (this list is incomplete):-

    Algemene Relatie Services System CA-
    CCV CA-
    DigiNotar PKIoverheid CA Organisatie - G2-
    DigiNotar PKIoverheid CA Overheid en Bedrijven-
    DigiNotar Qualified CA-
    DigiNotar Root CA-
    DigiNotar Root CA Administrative CA-
    DigiNotar Root CA G2-
    DigiNotar Root CA System CA-
    DigiNotar Services 1024 CA-
    DigiNotar Services CA-
    EASEE-gas CA-
    Hypotrust CA-
    MinIenM Autonome Apparaten CA - G2-
    MinIenM Organisatie CA - G2-
    Ministerie van Justitie JEP1 CA-
    Nederlandse Orde van Advocaten - Dutch Bar Association-
    Orde van Advocaten SubCA Administrative CA-
    Orde van Advocaten SubCA System CA-
    Renault Nissan Nederland CA-
    SNG CA-
    TenneT CA 2011-
    TRIAL DigiNotar PKIoverheid Organisatie TEST CA - G2-
    TU Delft CA


    For some of these CAs extra security measures were in place (like the CCV CA). This makes it moreunlikely they were misused.

  • I say that as a dutchman. I'm ashamed to be from the same country as these bozos.

    • by rvw (755107)

      I say that as a dutchman. I'm ashamed to be from the same country as these bozos.

      Did you read the pastebin? He hacked Diginotar specifically because of Srebrenica 16 years ago. Something else to be ashamed of. And I'm not ashamed about these Diginotar bozos. The Dutch government should be blamed here for trusting them completely. If Fox-it could find all these problems within a week, why didn't the government find out earlier?

  • From the report... (Score:5, Informative)

    by MtHuurne (602934) on Tuesday September 06, 2011 @10:45AM (#37315918) Homepage

    First, here is the actual PDF [rijksoverheid.nl] instead of some web-based PDF viewer surrounded by dubious ads.

    The most damning statement from the report (in my opinion) didn't make the summary: "The separation of critical components was not functioning or was not in place. We have strong indications that the CA-servers, although physically very securely placed in a tempest proof environment, were accessible over the network from the management LAN."

    I have worked at company that generated encryption keys and they did so on a PC in a locked rack in a locked room with no network connection; such an approach would have prevented this attack.

    This fragment from the timeline is also interesting:

    19-Jun-2011 Incident detected by DigiNotar by daily audit procedure
    02-Jul-2011 First attempt creating a rogue certificate
    10-Jul-2011 The first succeeded rogue certificate (*.Google.com)

    So an incident was detected three weeks before the first rogue cert was issued.

    • by BLKMGK (34057)

      Umm bullshit?

      Lets play pretend that this was air gapped\tempested\protected by dogs and this guy managed to insert a request for a cert into their system bypassing any dupe checks and payment crap. It would have been dutifully carried on whatever media they had used a million times before to the "special" machine, a cert created, and the cert sent on it's way to the attacker same as any other.

      How does an air gap solve this problem exactly? Doing them by hand and checking their authenticity with a human is a

  • by eulernet (1132389) on Tuesday September 06, 2011 @10:49AM (#37315960)

    Here are the messages from ComodoHacker on pastebin:

    http://pastebin.com/u/ComodoHacker [pastebin.com]

    He published a cert for Mozilla in March.

  • by blueg3 (192743)

    a) No antivirus software was present on Diginotar's servers;

    As per the XKCD, if this is a problem, you're already doing it wrong. Antivirus software won't save you against sophisticated attacks, only unsophisticated ones. CAs need to be safer than that.

    b) 'the most critical servers' had malicious software infections;

    Probably because of (c).

    c) The software installed on the public web servers was outdated and not patched;

    Seriously, everyone who runs a business should know not to do this.

    and d) all servers were accessible by one user/password combination, which was 'not very strong and could easily be brute-forced.

    Well, that's just stupid.

    So (c) and (d) are the real problems, and they're pretty obviously problems.

  • The ssh host key for a server is generated automatically by the ssh daemon the first time it runs.

    The first time a user connects to that server, they get a fingerprint they can check, and a "This is the first time you've connected to this host, are you sure it's the right one?". Subsequent connections are silent, unless the host key changes. You get a big, scary message if a host you've allowed in the past changes it's key. (As this signals a potential MITM attack.)

    SSL certs should be handled the same wa

    • by grnbrg (140964)

      Dammit.

      ".... is the same server they're trying to connect to today."

    • Re: (Score:2, Informative)

      by Anonymous Coward

      There's an add-on for Firefox called Certificate Patrol which does precisely that - it even shows you the diff between the old and new certificate. Alas, it still requires constant vigilance - Joe Random User will click through any warning, no matter how scary, if promised scantily clad dancing bunnies.

      • by rvw (755107)

        There's an add-on for Firefox called Certificate Patrol which does precisely that - it even shows you the diff between the old and new certificate. Alas, it still requires constant vigilance - Joe Random User will click through any warning, no matter how scary, if promised scantily clad dancing bunnies.

        Thank you for this tip! Very useful in getting a little bit more grip on the whole situation.

    • by vadim_t (324782)

      If you're using SSH that way, you're donig it horribly wrong.

      SSH's security comes from you verifying the key. In a CA system you delegate that responsibility to somebody else, but with SSH that responsibility falls squarely on you, and the security of the system depends on you doing the checking properly.

      When using SSH correctly what you do is to obtain the system's fingerprint by yourself, or from whoever allows you access to their server over a secure channel, connect, and verify that it matches. Only the

      • Learning fingerprints from email or IM conversations isn't guaranteed to be safe.

        Nothing is guaranteed to be safe under this system of things. But typically, e-mail, IM, microblog, and the SSH connection itself will follow different network paths, and a man in the middle is unlikely to have compromised all at the same time. This is the principle of route diversity, the same thing the Perspectives add-on uses to check HTTPS certificates against notaries spread throughout the Internet.

        • by vadim_t (324782)

          That assumes a mostly secure system where an attacker managed to sneak in for a short time.

          That assumption doesn't apply in places like Iran, where such shenanigans may well be organized by the government itself and happen at ISP level, for every single internet user in the country. Then all the network paths you have go through the attacker.

          Sure, their transparent proxy might not be catching fingerprints in IMs today, but if that gets popular enough you can be sure it eventually will be upgraded to do that

  • by rainer_d (115765) on Tuesday September 06, 2011 @11:15AM (#37316232) Homepage
    ...of an ad selling "high assurance ssl certificates" on the top of this page is hardly beatable.

    "High assurance" now just means "not p0wned, yet".

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...