GlobalSign Resumes SSL Certificate Operations

GlobalSign has begun issuing new SSL certificates following its investigation of a hacking claim

Certificate authority GlobalSign is to begin issuing new certificates on Tuesday following an investigation into a possible attack on its servers.

Last week the hacker ‘Comodohacker’ claimed in a post on the website Pastebin that he had accessed GlobalSign’s systems and was able to issue false certificates for the company.

Investigation

Such false certificates could be used to trick a user into entering sensitive data into a website that appears to be secure.

In response GlobalSign on Wedensday ceased issuing certificates and launched an investigation, working with Fox-IT to audit the systems and Japan’s Cyber Defence Institute for penetration testing.

In the course of this the company said it had uncovered a breach of the server hosting its website, but said there were no signs of a hack into more sensitive systems.

“The breached web server has always been isolated from all other infrastructure and is used only to serve the www.globalsign.com website,” GlobalSign said in a Friday statement. “At present there is no further evidence of breach other than the isolated www web server [sic].”

The company had originally planned to bring its systems back up on Monday but this was delayed to Tuesday, the company said over the weekend.

“We will be bringing system components back on line on Monday during a sequenced start-up, but we do not foresee that customers will be able to process orders until Tuesday morning,” GlobalSign stated.

DigiNotar attack

The company said it was being cautious in part because of the severity of an earlier attack on certificate authority DigiNotar. It is believed that at least 500 false certificates were created following a hack into DigiNotar’s systems.

News of the DigiNotar hack first became evident when a false Google certificate was spotted by an Iranian user.

It now appears that its certificates in the names of the CIA, MI6, Google, Facebook, Twitter, Microsoft, Skype, Mozilla, Yahoo, Tor, WordPress, Mossad, AOL and LogMeIn are no longer trustworthy and DigiNotar has been removed from many of the browser brands’ lists of trusted authorities.