This is an ongoing diagram of the DigiNotar SSL Hack. I will update this as I work on it. I just think that this will help some people to understand the scope of this attack. This is from the spreadsheet I got from the TORProject…
Example A --gAtOmAlO
Here is an update- from a different angle.
Here is an update- from a different angle. …interest
Example C --gAtOmAlO
More information can be found about this hack @ -http://www.gerbrand-ict.nl/2011/09/diginotar/
DigiNotar -SSL Hack NoteBook
The Hacker left us a calling card to let us know. There were 3 domain that did not exist. Thanks to an anonymous Farsi speaker, I now understand that the above certificate is actually a comment to anyone who bothers to read between the lines:?”RamzShekaneBozorg” is “great cracker”?”Hameyeh Ramzaro Mishkanam” translates to “I will crack all encryption”?”Sare Toro Ham Mishkanam” translates to “i hate/break your head”
But the real question If you did this hack why would you leave a calling card back to Iran. One source is an Iran Computer Science student who is from Turkey.
*.SahebeDonyayeDigital.com ——- CN=*.SahebeDonyayeDigital.com,SN=PK000229200006592,OU=Elme Bikaran,L=Tehran,O=Daneshmande Bi nazir,C=IR
*.RamzShekaneBozorg.com ————— CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU=Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR
*.JanamFadayeRahbar.com —————CN=*.JanamFadayeRahbar.com,SN=PK000229200006594,OU=Sarbaze Gomnam,L=Tehran,O=Ke Jano Janan Toyi,C=IR
Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed? Daneshmande Bi nazir => Peerless Scientist
Janam Fadaye Rahbar: I sacrifice my life leader. ?Sarbaze Gomnam: Sarbaze anonymous/unknown (Sarbaze means soldier in Persian; Gomnam means anonymous = anonymous soldier)?Ke Jano Janan Toyi: The inner Jano Janan (“Ke Jano Janan Toyi”= “because you are the soul of souls” this is mystical language used in fascist context; the speaker is talking to a great fascist leader)
On September 4th, 2011 Anonymous said:
Sahebeh Donya => Possessor of the World e.g. God.?Sarbazeh Gomnam => Unknown Soldier?Elme Bikaran => Science/Knowledge of the idle/unemployed?Daneshmande Bi nazir =>Peerless Scientist
RamzShekaneBozorg => Great Cryptanalyst?Toro Ham Mishkanam => I will breakTOR too?Hameye Ramzaro Mishkanam => Will break all cyphers
————————————- These are the main site hit with SSL problems
Google —- Knowledge Department—— *.google.com——–*.android.com – yahoo.com -Microsoft
Skipes——Information Security,L=Luxembourg——-*.skype.com——-Skype Technologies SA
Facebook—–www.facebook.com —- 10million.org—–*.10million.org —- TORProject
Mozilla——-*.mozilla.org——-addons.mozilla.org —–LogMeIn——- Secure Application Development——— *.logmein.com ————– Balatarin.com————– Israeli Lizard ————– azadegi.com
Twitter————– aol.com——— *.aol.com———-my.screenname.aol.com
www.hamdami.com————– Thawte Root CA———- *.thawte.com
Equifax Root CA——— www.Equifax.com————–Comodo Root CA————– CyberTrust Root CA
www.cybertrust.com ————– DigiCert Root CA ————– www.sis.gov.uk——— Secret Intelligence Service ————– Wordpress——– *.wordpress.com ————– Israel,O=Teletel Communication Channels—— Isreal——- *.walla.co.il—— mossad—Ministry of Finance ——— *.mossad.gov.il ————– www.hamdami.com ————– USA-c=US ——- CIA——- Central Intelligence Agency ——- ————– www.cia.gov ————– Thawte Root CA ————– VeriSign Root CA ————– *.*.com ————- WWW security Authority ————– *.*.org —————- WWW security Authority ————– *.azadegi.com ————– UK- ———— www.sis.gov.uk ———— www.sis.gov.uk —— Secret Intelligence Service ————– *.startssl.com ———— www.globalsign.com ——————– *.comodo.com ———————–*.globalsign.com ————————–*.digicert.com —————-GlobalSign Root CA
Following DigiNotar problem from the Dutch Government …
What’s going on with DigiNotar and government websites?
In July 2011 was broken into computer systems of DigiNotar, a company that issues security certificates for websites. Then the burglars have created hundreds of fraudulent security certificates. Right now is not known exactly how many and which certificates have been issued fraudulently.
The government can not guarantee that the secure sites actually safe. The Government has therefore confidence in the certificates of DigiNotar terminated and all certificates of in-house operational management DigiNotar taken. Certificates are needed to ensure that the Internet is secure.
Other agencies and businesses have confidence in DigiNotar terminated. Service providers that use DigiNotar certificates (both own-brand DigiNotar PKIoverheid as certificates) are recommended to replace the certificates certificates from another company.
Is only broken on the company’s computer systems DigiNotar?
Yes, as far as we know only broke into the company’s computer systems DigiNotar. The hacker (someone who breaks into computer systems) claims to have four companies that issue certificates to have been broken.
At present known only that the company GlobalSign’s claim very seriously and even an investigation. The company has decided not to issue certs to the investigation is complete.
The PKIoverheid DigiNotar revoked certificate?
- We opt for a managed transition scenario in which the operational management of all certificates of Diginotar is taken.
- Websites as soon as possible to go on to other PKIcertificatenleveranciers.
What are the main findings of the report from FOX-IT?
According to a survey by IT security firm Fox-IT that is not fully guarantee that all certificates of websites can be trusted. The reason is that there has been compromised in the systems which the government issued certificates.
Is it true that Fox-IT researches from other suppliers of certificates?
It could be, but not commissioned by the government. Fox-IT has been confirmed on 8 September 2011 a study in GlobalSys to boot.
Fox-IT who has commissioned to investigate the safety of the certificates in DigiNotar?
DigiNotar command to do so voluntarily given.
What impact has the software update from Microsoft for me?
Tuesday, September 6, 2011 Microsoft has worldwide automatic software update that blocks DigiNotar certificates in Windows. This will improve access to Web sites and systems that DigiNotar-use certificates are no longer possible. At the request of the Dutch government has decided to Microsoft software update in the Netherlands to postpone until Tuesday, September 13, 2011. Individuals and businesses can make software update manually.
To view the individual software update from Microsoft simply run. If you did, you when you visit Web sites that use certificates DigiNotar the warning that the site is unreliable. Also points you in principle, none of the software update.
For governments, businesses and other organizations is that the software update can affect communication with the (government) websites and systems for which a certificate is used DigiNotar. They are advised to the owner of the website or the relevant system information or communication depends on DigiNotar certificates. Companies that own a website or systems using DigiNotar certificates to quickly create new trusted certificates and they must inform their customers.
Deferred automatic software update from Microsoft gives governments, companies and other organizations more time to their websites and systems to provide reliable new security certificates. From Tuesday, September 13, the software update from Microsoft is no longer optional and is also automatically installed the Dutch Windows systems.
Municipalities in the West Indies may have problems with their systems. Partly due to the time difference is the automatic software update from Microsoft or through it. The Association of Dutch Municipalities (VNG) advises local auto software update off.
Deferred automatic software update from Microsoft for the Netherlands is a result of consultation between government, industry and the software business on the DigiNotar problems.
On the Windows website can be found More information about the software update . The website offers Waarschuwinsdienst more information about software updates .
There is talk in messages machine-to-machine (M2M) communication. What is that?
In machine-to-machine communication involves computer systems that exchange data with each other. It concerns, for instance encrypted data between servers, data for internal business processes and data between companies.
The problem with machine-to-machine communication is likely that computers using bi DigiNotar certificates will trust each other anymore. There is no communication between the systems set up and there is no longer possible data.
The failure of such systems can have major social implications because the services in many areas may be temporarily stopped to stand. An example of a problem is that there is no data base with the municipal administration (GBA) can be exchanged, causing problems in applying for passports and driving licenses.
In a fact sheet on the website you will find Govcert more information about machine-to-machine communication and computer systems administrators on steps that can go through to the impact that communications be limited.
Role of government
What does the government for this problem?
The government has taken the following measures to address the problems of security certificates to solve:
- The government has confidence in the company terminated DigiNotar and all their services and certificates.
- The government has the operational management of the certification systems inherited from DigiNotar.
- All certificates issued by DigiNotar for websites of government organizations are replaced by other certificates (PKI) certificates suppliers. Private parties themselves choose a new supplier.
Furthermore, the government has the following legal measures:
- The U.S. Attorney has been involved Friday, September 2, 2011.
- The Public Prosecutor has investigated a fact.
- The telecom regulator OPTA for closely involved in the problems with the DigiNotar certificates.
- The government investigates who are involved in the hacking of DigiNotar.
- The company DigiNotar is addressed to the responsibility and / or liability for negligence.
What is the advice for municipalities?
The VNG advises municipalities urgently implement the following actions:
- Check whether you are a client with DigiNotar certificate and type certificate to decrease at this company. Pay attention to previous reports on the website of the VNG.
- If you are a customer of DigiNotar, please ask as soon as possible replacement certificates via a different supplier. Consider queues.
- Let your IT department to identify potential impacts.
- Provide alternatives or a workaround for the digital workflow that fall out. You can also create your suppliers access to information.
The VNG also has a roadmap available for municipalities www.vng.nl . Municipalities should take action.
How does the Government that certificates of three other companies in the Netherlands Government PKI certificates are reliable?
The government has indicated that the certificates of three publishers of PKI public certificates are reliable. The reason is that these companies comply with its obligations under the Schedule of Requirements of PKI-government and that these companies are investigated by the AIVD (General Intelligence and Security Service). In this study we have examined whether the companies meet the requirements and looked at the safety of the systems. There is also examined for signs of intrusion. The audit reports of the certifiers are confidential, as it reports on data protection and confidential information.
In fact, Monday, August 29 DigiNotar already known that no reliable supplier anymore. Why does the government not intervened earlier?
The government does have something about it. For licenses issued under its responsibility DigiNotar GOVCERT has already advised to switch to another supplier. GOVCERT adheres behalf of the government concerned with Internet security and fighting incidents to the Internet.
Until Friday, September 2, 2011, there was no indication that the PKIoverheid DigiNotar certificates were also compromised and therefore no need for intervention.
Phone numbers and websites for more information
Where can I learn more?
- Citizens can find more information on the website www.rijksoverheid.nl . Twitter firstname.lastname@example.org or call 0800-1351 (weekdays from 9.00 to 17.00).
- Business customers DigiNotar PKIoverheid certificates should contact the Service Center of Logius. It is open weekdays from 8:00 a.m. to 9:00 p.m.. On the weekend of 10 and 11 September the service is open from 8:00 a.m. to 5:00 p.m.. You can use the service via 0900 555 4555 (10 cents p / m) or email@example.com.
- For licenses DigiNotar own responsibility issued you should DigiNotar call: 0251-268888.