DigiNotar Debacle and Internet Security

September 6, 2011

Hacking Gmail users by DigiNotar digital certificates is a great debacle or disaster, that not only proves that the Dutch government is really stupid, but it can reveal some important global security threats that threaten all internet users around the world. “DigiNotar, which VASCO acquired in January, is deeply involved in projects with the Dutch government, including one called DigiD that essentially issues electronic IDs or passports to Dutch citizens [!!] The Dutch government also used DigiNotar in its own public key infrastructure (PKI) called ‘PKIoverheid’ [!!]“, the media reported. “Until now, around 300,000 unique requesting IPs to google.com [with DigiNotar certificates] have been identified. Of these IPs >99% originated from Iran [!!],”said Fox-IT. “A sample of the IPs showed mainly to be TOR-exit nodes [!!!!], proxies and other (VPN) servers [!!!], and almost no direct subscribers “, Fox-IT added. It’s really a very important global security disaster. It means that not only Google and Gmail were hacked by the Mullahs, but TOR, VPNs, and many other anti-censorship are totally unsafe; In fact, they have been hacked by the Mullahs. As we said before, TOR is totally unsafe in Iran. Iranians should avoid it. The same is true about many VPN connections. “VPN is the best tool for Iranians, and can be very safe, but only when you use it in the right way and when you are sure about the validity of its certificate”, the Iranian experts say. But it’s not the whole story. “After the disaster, DigiNotar chose silence and said nothing about the disaster !! Why these Dutch bastards, DigiNotar, were silent for about 2 months or even 2 years ? It clearly proves that DigiNotar is a great shame, and must go to hell very soon“, some Iranian experts said. “At least since 2009, DigiNotar had issued certificates for Google, Yahoo, Tor, Facebook, etc to unknown persons in Iran !! The stupid VASCO, the parent company of DigiNotar, acknowledged DigiNotar had been hacked in July, though it didnt disclose it at the time !! The stupid Vasco confirmed that the bastards (DigiNotar) had detected an intrusion into its certificate authority infrastructure on July 19, 2011, but they tried to hide the facts !! It’s really shows how responsible are the Dutch bastards !!”, the experts added. In fact, all Internet users around the world, especially the Dutch users, should be worry about their security and privacy. Now, how can we, all, trust any security providers, especially the European ones ?! “The stupid Dutch government said Saturday it cannot guarantee the security of its own websites. The announcement affects millions of people who use the Netherlands governments online services . The Dutch government announced on September 3, 2011, that they will switch to a different firm as certificate authority !!”, the experts reported.


“The main job of the CAs or RAs is that they must check the identity of their customers and then issue a unique digital certificate for them. It’s like issuing passport or national ID card. It has its own special procedure that is very secure. But why and how the stupid DigiNotar issued a digital certificate for one of the biggest corporation, Google, and gave it to the Mullahs ! Many think that some people inside DigiNotar or even inside the Dutch government worked with the Mullahs. The security levels in the CAs or RAs, especially those who are considered as ‘Trusted Authorities’ in the world, should be very high. If you want to understand the depth of the disaster, it’s like that they, DigiNotar or Dutch government, issue a new passport for Barack Obama, but with your photo and give it to you !! It’s really a global security disaster. DigiNotar was a trusted authority. Your web browser contains a list of root authorities whose certificates can be trusted; DigiNotar was one of them. But on July 10, 2011, these bastards issued a certificate for Google to unknown persons in Iran ! That’s why many think that some persons in DigiNotar or Dutch government work with the Mullahs. Now, blacklisting all Diginotar’s certificates is the best solution”, the experts said. “You can make a lot of Dutch people happy completely distrusting DigiNotar, gives us a valid reason not to do our taxes !! “, some Dutch people said. The stupid Dutch government should be punished. But it’s interesting that on August 27, 2011, the rogue certificat issued by DigiNotar was discovered by an Iranian. “He used “Pars Online” ISP and noticed that his Gmail certificate is invalid. By tracing route to google.com, he found the man-in-the-middle attack. And finally after two days, on August 29, 2011, Google confirmed his report”, some Iranian experts said. In the recent days, Trend Micro had a good report that said: “We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by Diginotar. Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack . Trend Micro has concrete evidence that these man-in-the-middle attacks indeed happened in Iran on a large scale. Closer analysis of our data revealed even more alarming facts like outgoing proxy nodes in the US of anti-censorship software [maybe UltraSurf] made in California were sending Web rating requests for validation.diginotar.nl to the cloud servers of Trend Micro. This very likely means that Iranian citizens who were using this anti-censorship software were victimized by the same man-in-the-middle attack. Their anti-censorship software should have protected them. In reality, however, a third party was able to spy on all of their encrypted messages ” It’s the greatest possible disaster for all Internet users, especially for Iranian users. We would write more about it later. In fact, the situation for Iranian users is really worse than Chinese users.


F-secure had a very weak and bad report that told stupid things like this : “Iran does not have its own Certificate Authority [!!!]. If they did, they could just issue rogue certificates themselves [!!!]” They are really stupid, and that’s why the Mullahs can hack them very easily !! Some experts say: “Iran has many Certificate Authorities, but Iranian CAs are not considered ‘a trusted authority’ by browsers. That’s why they try to hack some trusted authorities, like the stupid DigiNotar, that are really worse than Iranian CAs.” It’s really true. Dutch CA, DigiNotar, was a total shit. And many other European CAs are like DigiNotar. The stupid Iranian CAs are much more secure than the shits like DigiNotar. Fox-IT reported that a total of 531 fraudulent certificates have been issued by DigiNotar ! But these bastards were silent ! They include certificates for the domains android.com, aol.com, microsoft,com, the UK’s MI6, skype.com, torproject.org, twitter.com, windowsupdate.com and wordpress.com. Tor project had two reports about DigiNotar debacle . In “The DigiNotar Debacle, and what you should do about it”, they said: “Even more recently, it’s come to light that they were apparently compromised months ago or perhaps even in May of 2009 if not earlier . We emailed quite a bit back and forth after the phone call. A few hours later that same point of contact from DigiNotar sent a list of all of the certificates in a spreadsheet. It appears that the attackers requested twelve certificates, and each certificate was for ‘*.torproject.org’. The first batch of six certificates was issued on July 18th and the second batch of six certificates was issued on July 20th . I do not have confidence that this list actually contains all malicious certificates that have been issued: rather it appears to be a subset that did not even include the Google certificate that was being used in the wild. We’re not willing to take a leap of faith for a Certificate Authority that did not contact us when they first noticed this problem. ” And in “DigiNotar Damage Disclosure” they said: “The attackers also issued certificates in the names of other certificate authorities such as “VeriSign Root CA” and “Thawte Root CA” as we witnessed with ComodoGate”. In fact, with the full list of the rogue certificates, it became clear that fraudulent certificates for domains of a number of intelligence agencies were also issued- including the CIA and MI6 !! Additional targeted domains include Facebook, Yahoo, Microsoft, Skype, Twitter, Tor, WordPress, Comodo Root CA, CyberTrust Root CA, DigiCert Root CA, Equifax Root CA, GlobalSign Root CA, Cybertrust.com, Balatarin.com, login.live.com, login.yahoo.com, addons.mozilla.org, etc . It’s a serious global security threat and can show us that the stupid bastards are found everywhere, and the stupid European bastards not only can be hacked by the Mullahs, but they can sell themselves to the Mullahs and all Big Brothers, and work for them.