“One day we will look at the summer of 2011 as the time when the public key infrastructure (PKI) collapsed,” Mike Fratto writes. The Dutch Certificate Authority (CA), DigiNotar, issued at least 531 false certificates for domains from Google to Facebook. The response has been immediate and intense: revoking all DigiNotar signatures.
The ComodoHacker, who is an ideologically-driven Iranian, takes credit for the breach. Allegedly, this is ComodoHacker’s second feat this year, the first being the Comodo CA in March when false certificates were obtained for Google, Yahoo, Skype, and other major websites. Fox-IT’s report (PDF) links the hacker to Iran and suggests the objective was to intercept secure communications in Iran.
Mike Fratto’s article puts into perspective the massive implications of the breach, even if we know who the hacker and intended targets were. The Tor Project posted a list of all 531 rogue certs signed by DigiNotar.
In immediate response to these rogue certs being discovered, Firefox, Chrome, Apple, Microsoft, and Ubuntu each revoked all of DigiNotar’s certificates. The intensity of the reaction reflects the severity of what happened.
GlobalSign, another CA halted operations as a precaution, but it appears there are no signs of false certificates having been issued. Although a false certificate can really only be exploited by a man-in-the-middle (MITM) attack, which is difficult, the enormous value of being able to listen on secure channels to email providers and other major websites is enough to give hackers the drive to do so.
ZDNet has an outstanding article on TLS/SSL that explains how the PKI system works. The events that have taken place are certainly a major blow to the public key system, but it is currently the best system available. In time, it will improve and adapt to the incredibly fast-changing network we live on.