A Web server has been compromised, admits company
Web authentication authority GlobalSign is bringing customers back online, but has apologised that some customers could face delays.
Earlier this week, the company discovered that one of its servers has been compromised.
The company said on its Incident Response webpage, "We are now bringing customers back online in a controlled way, we appreciate the patience as we work through the account reactivation and order backlog. We apologise, but there will be some delays returning some specific services to normal operation."
GlobalSign has been working with Cyber Defense Institute Japan as part of the reactivation process, after it become the second company to halt issuing SSL certificates or certificates guaranteeing the security of websites, after an anonymous hacker claimed to have breached its security.
Recently, it was revealed that Dutch company DigiNotar had its certificates stolen by hackers.
GlobalSign, the Belgium-based subsidiary of Japan’s GMO Internet, had said earlier that it has found eveidence of a security breach.
It said on 9 September, "Today we found evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the www.globalsign.com website.
"At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues."
The company added, "All forensics are being shared with the authorities and other CAs to assist with their own investigations into other potentially related attacks."
It is believed that the stolen Web security certificates from DigiNotar were used to spy on 300,000 Iranian Google email accounts. Close to 300,000 unique IP addresses from Iran requested access to Google.com using a rogue certificate issued by Dutch digital certificate authority DigiNotar, according to an interim report by security firm, Fox-IT.
The rogue certificates were issued on 10 July by DigiNotar, and finally revoked on 29 August.
The report said that DigiNotar used weak passwords, did not update its software on public servers and had no antivirus protection on internal servers. DigiNotar has also been accused of being slow to disclose a hacking incident which is susspected to have been supported by the Iranian government.