Hackers steal SSL certificates for CIA, MI6, Mossad

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9219727/Hackers_steal_SSL_certificates_for_CIA_MI6_Mossad

By Gregg Keizer
Computerworld
September 4, 2011

The tally of digital certificates stolen from a Dutch company in July 
has exploded to more than 500, including ones for intelligence services 
like the CIA, the U.K.'s MI6 and Israel's Mossad, a Mozilla developer 
said Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) 
certificates now stands at 531, said Gervase Markham, a Mozilla 
developer who is part of the team that has been working to modify 
Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, 
Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft's 
Windows Update service.

"Now that someone (presumably from Iran) has obtained a legit HTTPS cert 
for CIA.gov, I wonder if the US gov will pay attention to this mess," 
Christopher Soghoian, a Washington D.C.-based researcher noted for his 
work on online privacy, said in a tweet Saturday.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/