3.2
Compromised CAs
The attacker(s) had acquired the domain administrator rights. Because all CA servers were members of the same Windows domain, the attacker had administrative access to all of them. Due to the limited time of the ongoing investigation we were unable to determine whether all CA servers were used by the attacker(s). Evidence was found that the following CAs
were misused by the attacker(s):-
DigiNotar Cyber CA-
DigiNotar Extended Validation CA-
DigiNotar Public CA – G2-
DigiNotar Public CA 2025-
Koninklijke Notariele Beroepsorganisatie CA-
Stichting TTP Infos CAThe security of the following CAs was compromised, but no evidence of misuse was found (this list is incomplete):-
Algemene Relatie Services System CA-
CCV CA-
DigiNotar PKIoverheid CA Organisatie – G2-
DigiNotar PKIoverheid CA Overheid en Bedrijven-
DigiNotar Qualified CA-
DigiNotar Root CA-
DigiNotar Root CA Administrative CA-
DigiNotar Root CA G2-
DigiNotar Root CA System CA-
DigiNotar Services 1024 CA-
DigiNotar Services CA-
EASEE-gas CA-
Hypotrust CA-
MinIenM Autonome Apparaten CA – G2-
MinIenM Organisatie CA – G2-
Ministerie van Justitie JEP1 CA-
Nederlandse Orde van Advocaten – Dutch Bar Association-
Orde van Advocaten SubCA Administrative CA-
Orde van Advocaten SubCA System CA-
Renault Nissan Nederland CA-
SNG CA-
TenneT CA 2011-
TRIAL DigiNotar PKIoverheid Organisatie TEST CA – G2-
TU Delft CA
For some of these CAs extra security measures were in place (like the CCV CA). This makes it moreunlikely they were misused.
Article source: http://it.slashdot.org/story/11/09/06/1245214/Possible-Diginotar-Hacker-Comes-Forward?utm_source=rss1.0mainlinkanon&utm_medium=feed
View full post on National Cyber Security » Computer Hacking
