In association with heise online

15 December 2011, 17:01

GlobalSign concludes investigation of hacker attack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

GlobalSign logo

According to the recently published security incident report, no rogue certificates were issued during the hacker attack on certificate authority (CA) GlobalSign, reported in September. The report states that the hacker only had access to one of the company's web servers, which is located elsewhere and not connected to the critical CA infrastructure.

Besides publicly accessible information, the hacker only managed to gain access to the private key for the SSL certificate issued to The CA therefore revoked the certificate.

This is consistent with the statement that GlobalSign made shortly after the breach was discovered. As part of the investigation, the CA contracted security firm Fox-IT, which also analysed the breach at Dutch certificate authority DigiNotar. In the DigiNotar case, the hacker managed to issue valid certificates for such prominent domains as, and also claimed to have other CAs under his control.

To be safe, GlobalSign disconnected its CA infrastructure from the network for nine days during the audit. In this respect, the company was far more professional than DigiNotar, which at first attempted to cover up its breach.

To thwart future attacks, GlobalSign secured the compromised server and increased the security of its CA infrastructure with new hardware and an additional intrusion detection system (IDS).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit