GlobalSign digital certificates are now under suspicion after a hacker said he cracked into the company’s computer systems.
This hacker, called Comodohacker, had said he broke into Dutch certificate authority (CA) DigiNotar and he gained access to four other certificate companies, including Portsmouth, NH-based GlobalSign. On Tuesday, GlobalSign said it was investigating the claim and “decided to temporarily cease issuance of all certificates until the investigation is complete.”
“We will post updates as frequently as possible,” the company said. “We apologize for any inconvenience.” Steve Roylance, GlobalSign’s business development director, said his company was “taking this very seriously.”
Comodohacker, also known as Ich Sun, earlier this year claimed to have broken into security vendor and certificate issuer Comodo. At the time he said he was a 21-year-old student who had also compromised another certificate authority.
Digital certificates are an important part of the Internet’s foundations. They help browsers know when they are visiting legitimate websites rather than fakes.
A country that has control over its Internet service providers and has access to fake digital certificates could create a website that would be almost impossible to distinguish from a real one. That’s what experts think happened in Iran last month.
A forensics report commissioned by DigiNotar found someone had hacked into DigiNotar and set up a fake Google.com site used in late July and August to spy on as many as 300,000 Iranians.