Comodo Hacker taunt halts GlobalSign’s SSL certificates

GlobalSign brings in FOX-IT to assess potential damage

The world’s fifth largest issuer of SSL (secure sockets layer) certificates, Global Sign, has stopped issuing certificates following a claim that its systems were compromised. 

The company took the decision a day after a person purporting to be the Comodo Hacker,  claimed to have breached the certificate authority’s (CA) systems. 

The person, who took credit for a similar breach at Comodo in March, also claimed to be behind the recent spate of forged certificates from Dutch CA, DigiNotar.

“GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible,” the company said

The CA boasts a number of high traffic clients including the BBC, Toyota, ING, Skype, Virgin Atlantic, Vodafone, BT, Adobe and the UK’s health department, NHS, and pharma giant, Novartis.

On Wednesday it brought in Dutch security firm FOX-IT to assess its systems, the same firm that prepared the incident report for DigiNotar, which revealed 300,000 Iranians had used the forged certificates to access the domain. 

“Fox-IT is the Dutch cybersecurity experts hired to investigate the compromise of the Dutch CA DigiNotar and therefore already have a wealth of current knowledge and experience of the hacker,” it said.

The security firm had made the connection between the Comodo Hacker and the attack on DigiNotar in its report. 

Despite the ComodoHacker’s claim they had breach GlobalSign, the CA said FOX-IT’s hiring was merely a precautionary measure. 

Netcraft placed GlobalSign as the fifth largest issuer of certificates. 


Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityGlobal SignsecurityComodo hackerSSL CertificateshackerFox ITDigiNotar

More about Adobe SystemsBBC Worldwide AustralasiaBT AustralasiaCA TechnologiesComodoGlobalSignGoogleING AustraliaNetcraftSkypeToyota Motor Corp AustVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts