“ISPs will hold this information, as they do today. Please also note that no personal information about subscribers will be shared with rights holders without the required legal process being completed”
http://torrentfreak.com/database-of-u-s-internet-pirates-will-be-decentralized-110906/
At the moment, there seems to be a general consensus that the CA system is not long for this world, and that’s a major step forward. But while almost everyone seems to agree that we should develop something else, the exact problem with what we have is not entirely well defined. Let’s look at what people have suggested the problem might be.
http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity
Russia’s Deputy Minister of Economic Development said that not only do U.S. sites continue to offer pirated Russian movies, but that YouTube and Google should be shut down for not respecting local laws
The plaintiffs also say they would be more than happy to submit the judge’s opinion on his behalf to the Westlaw database
Dutch language news article:
http://webwereld.nl/nieuws/107840/onderzoek-naar-hack-bij-ssl-reus-globalsign.html
After ComodoGate, the hacker — who called himself ComodoHacker — sent a series of messages via his Pastebin account. Then at the end of March 2011, it went silent. We’ve been keeping an eye on it, just in case the attacker will post something related to the Diginotar case.
And he just did.
Screenshots and more information at F-Secure:
http://www.f-secure.com/weblog/archives/00002231.html
Dutch language government website:
http://www.rijksoverheid.nl/ministeries/bzk/documenten-en-publicaties/kamerstukken/2011/09/05/digitale-inbraak-diginotar.html
Fox-IT technical report (ENGLISH LANGUAGE):
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/09/05/fox-it-operation-black-tulip/rapport-fox-it-operation-black-tulip-v1-0.pdf
Letter to Members of Parliament in The Netherlands (Dutch):
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukken/2011/09/05/digitale-inbraak-diginotar/kamerbrief-diginotar.pdf
After the Dutch government is said to have shared the list of compromised SSL certificates with TOR/WikiLeaks hacker Jacob Appelbaum, it now leaks a report from security firm Fox-IT about DigiNotar to reporters of Dutch news sites Nu.nl and Webwereld.nl. Mozilla also received it. Main findings:
- DigiNotar knew on 28th July that Iranian internet users were being misled; Dutch authorities were only informed last week;
- DigiNotar knew that its own security had been breached in June of this year already; It started an investigation one month later and only filed for a criminal complaint on Monday 5th September;
- DigiNotar had not implemented basic security measures: the technical environment used to create certificates could be accessed from networked desktop environments, including the environment related to government certificates. The latter system environment officially needs to be kept in a vault, totally inaccessible from any networked environment. The Windows system used to access the environment for the production of digital certificates was not running any anti-virus software;
- Intrusion detection systems did not function; Intrusions were not being registered or logged;
- Production of certificates was not being registered or logged;
- Passwords of system administrators were hacked, probably as a result of the fact that they were badly chosen and extremely simple to guess, even in an automated fashion; The passwords were used to access the certification systems;
-Former DigiNotar employee Remko de Graaf appeared on an RTL News Broadcast explaining that his former employer was keeping copies of certificates in a “loose” database. This could have enabled both employees and hackers to misuse certain network connections and go and sign certificates;
The report paints a picture of a company that was removing all possible technical (security) obstacles in order to smoothen and simplify the workflow to a maximum extent. The researchers of Fox-IT do not accuse the government of Iran of eavesdropping. They do argue that the attacks have been aimed at eavesdropping on Iranian internet users. (Meanwhile, DigiNotar itself claims that this has been a politically motivated hack directed against Iranian internet users. Dutch language news article: http://www.security.nl/artikel/38370/1/DigiNotar%3A_Aanval_was_politieke_hack.html )
Fox-IT has produced an animated video, visualizing the OCSP requests for one of the rogue certificates, namely the *.google.com certificate.
This is a message left by one of the hackers on the compromised systems of DigiNotar:
I know you are shocked of my skills, how i got access to your network to your internal network from outside how I got full control on your domain controller how I got logged in into this computer HoW I LEARNED XUDA PROGRAMMING HOW I got this IDEA to write such XUDA code How I was sure it’s going to work? How i bypassed your expensive firewall, routers, NetHSM, unbreakable hardware keys How I did all xUDA programming without 1 line of resource, got this idea, owned your network accesses your domain controlled, got all your passwords, signed my certificates and received them shortly THERE IS NO ANY HARDWARE OR SOFTWARE IN THIS WORLD EXISTS WHICH COULD STOP MY HEAVY ATTACKS MY BRAIN OR MY SKILLS OR MY WILL OR MY EXPERTISE That’s all ok! EVerything I do is out of imagination of people in world I know you’ll see this message when it is too late, sorry for that I know it’s not something you or any one in this world have thought about But everything is not what you see in material world, when God wants something to happen.
And finally, the government has stated that Microsoft will delay the Windows Update functionality for The Netherlands until required certificate updates have been implemented.
Dutch language news articles:
http://www.nu.nl/internet/2607758/diginotar-negeerde-misbruik-en-was-slecht-beveiligd.html
http://webwereld.nl/nieuws/107833/fox-it–diginotar-gebruikte-niet-eens-virusscanner.html
In other news:
More than 40 networks of ISPs and universities in Iran have been compromised using forged SSL-certificates by DigiNotar. Trend Micro calls it “a massive man-in-the-middle attack”. Says it has evidence to show this was a massive campaign
Dutch language news article:
http://webwereld.nl/nieuws/107831/-veertig-iraanse-netwerken-afgeluisterd-.html
Dutch parlementarian: “Make sure that covering up hacking incidents will become an illegal act”
Dutch language news article:
http://webwereld.nl/nieuws/107826/-maak-geheimhouden-hack-diginotar-strafbaar-.html
Microsoft: Stolen SSL certs can’t be used to install malware via Windows Update
http://www.computerworld.com/s/article/9219729/Microsoft_Stolen_SSL_certs_can_t_be_used_to_install_malware_via_Windows_Update?taxonomyId=125
Why Diginotar may turn out more important than Stuxnet
http://www.securelist.com/en/blog/208193111/Why_Diginotar_may_turn_out_more_important_than_Stuxnet
DigiNotar fallout could leave OSes vulnerable
http://www.pcpro.co.uk/news/369694/diginotar-fallout-could-leave-oses-vulnerable
What exactly happened in The Netherlands – Situation Report by The New York Times
http://www.nytimes.com/2011/09/06/technology/hacking-in-the-netherlands-broadens-in-scope.html?_r=1
Recap in Dutch:
http://webwereld.nl/nieuws/107812/kamer-krijgt-vandaag-uitgesteld-diginotar-rapport.html
Message by Mozilla:
I have just read part of the unreleased Fox-IT report on DigiNotar, which should be published in full soon. This should already have been obvious from what is publicly known, but if you are in Iran, you should:
Although many have expected that infiltration of topsites was a common investigative tactic, this is the first time that we have it in writing.
http://torrentfreak.com/wikileaks-ice-ifpi-infiltrate-pirate-topsites-110905/
Copyright, U.S. lobbying, and the stunning backroom Canadian response gets front page news treatment today as the Toronto Star runs my story on new revelations on copyright from the U.S. cables released by Wikileaks. The cables reveal that former Industry Minister Maxime Bernier raised the possibility of leaking the copyright bill to U.S. officials before it was to be tabled it in the House of Commons, former Industry Minister Tony Clement’s director of policy Zoe Addington encouraged the U.S. to pressure Canada by elevating it on a piracy watch list, Privy Council Office official Ailish Johnson disclosed the content of ministerial mandate letters, and former RCMP national coordinator for intellectual property crime Andris Zarins advised the U.S. that the government was working on a separate intellectual property enforcement bill.
