GlobalSign concludes investigation of hacker attack
According to the recently published security incident report, no rogue certificates were issued during the hacker attack on certificate authority (CA) GlobalSign, reported in September. The report states that the hacker only had access to one of the company's web servers, which is located elsewhere and not connected to the critical CA infrastructure.
Besides publicly accessible information, the hacker only managed to gain access to the private key for the SSL certificate issued to www.globalsign.com. The CA therefore revoked the certificate.
This is consistent with the statement that GlobalSign made shortly after the breach was discovered. As part of the investigation, the CA contracted security firm Fox-IT, which also analysed the breach at Dutch certificate authority DigiNotar. In the DigiNotar case, the hacker managed to issue valid certificates for such prominent domains as Google.com, and also claimed to have other CAs under his control.
To be safe, GlobalSign disconnected its CA infrastructure from the network for nine days during the audit. In this respect, the company was far more professional than DigiNotar, which at first attempted to cover up its breach.
To thwart future attacks, GlobalSign secured the compromised server and increased the security of its CA infrastructure with new hardware and an additional intrusion detection system (IDS).
- CA GlobalSign resumes operations, a report from The H.