14 DAY TRIAL // Certificate authorities (CAs) once again prove they’re weak when targeted by a cybercriminal operation. This time, Gemnet, a subsidiary of Dutch KPN, was attacked through its public website, the hackers managing to access some information stored on their server.
For the moment, the company didn’t provide many details regarding the attack, but they’ve taken down their website until further investigations take place, reports ThreatPost.
“The hack of the site has no connection with the issuance and management of Government PKI certificates. The general website Gemnet (www.gemnet.nl) since Wednesday December 7 temporarily not accessible to visitors.
“The website, part of KPN, was reported as possibly being hacked, on Wednesday afternoon, by Internet journalist Brenno de Winter. The hack may have been performed on a server: the server that hosts information for general visitors. KPN has immediately launched an investigation into possible causes and origins,” reveals a translation of Gemnet’s statement.
Just like the defunct DigiNotar, Gemnet also offers its services to the Dutch government, but fortunately, in this case the process of issuing certificates was not affected by the security breach.
Bad luck seems to be following Dutch CAs, since after the DigiNotar disaster, last month another similar company found that its systems had been compromised. Getronics, also a subsidiary of KPN, found that one of its servers had hosted a DDoS tool that might have been present there for a period of four years.
At the time, the CA decided that it was best to stop issuing certificates until they thoroughly investigated the matter.
“What's particularly interesting about KPN's statement is that it could be interpreted as them saying already issued certificates will remain valid (no matter what). KPN is a much bigger certificate authority than Diginotar. Possibly, people could be going into this with the idea of KPN being too big to fall,” said a Kaspersky Lab Expert at the time.