Categories: SecurityWorkspace

KPN Uncovers SSL Security Breach

KPN has become the latest company to halt its SSL certificate operations following the discovery of a security breach – in this case, an intrusion that took place four years ago and remained undetected.

On Friday, KPN said it would temporarily stop issuing certificates while it carries out an investigation, the results of which are expected early this week.

Certificate suspicion

False SSL certificates could be used to trick a user into revealing sensitive data via a website that appears to be secure.

The Dutch company said it discovered the breach during an investigation carried out in light of other security troubles that have affected SSL certificate issuers in recent months.

“During an investigation into the SSL web server, evidence was detected that could indicate an incident four years ago,” KPN said in a statement.

The intruders appeared to have intended to make use of the server to launch distributed denial of service (DDoS) attacks against other organisations, KPN said.

“Although there is no evidence that certificate production was compromised, it cannot be completely excluded that this may have happened,” KPN stated.

The company said it has replaced the affected web servers and has brought in independent investigators who are looking into the matter, with the oversight of the Dutch government.

Recent breaches

The incident follows security breaches at several SSL certificate authorities (CA) this year, including DigiNotar, another Dutch firm, which resulted in the issuance of at least 500 false certificates for websites such as Gmail, Skype, Adobe, the CIA, MI6, Facebook, Twitter, Tor, WordPress, Mossad, AOL and LogMeIn.

Many web browser makers removed DigiNotar from their lists of trusted authorities and the company itself filed for bankruptcy in September as a result of the attack.

Ironically, KPN said at the time that it had seen a boost in its own certificates business as a result of the DigiNotar attack.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Identifies 2,000 Potential Cyberattacks Signals Every Second

Level of cyberthreats revealed, after BT says it spots 2,000 signals of potential cyberattacks every…

2 days ago

CMA Cites Higher Prices Post Vodafone, Three Merger, Demands Changes

The British competition regulator has provisionally found competition concerns over Vodafone’s planned merger with Three…

2 days ago

Microsoft Cuts Hundreds Of Gaming Staff

Post Activision - Microsoft Gaming confirms it will axe 650 employees, after thousands of job…

2 days ago

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…

3 days ago

Government To Classify UK Data Centres As Critical Infrastructure

Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…

3 days ago

Irish Watchdog Launches Inquiry Into Google AI Model

Google's protection of EU users' personal data when training its AI model, is under investigation…

3 days ago