14 DAY TRIAL // The certificate authority GlobalSign is back online after making sure that the infamous ComodoHacker hasn't got access to their systems.
After claiming the attack on DigiNotar, ComodoHacker made a post on his Pastepin account threatening CAs that he has access to four other companies, one of which was GlobalSign.
The company quickly took measures and shut off any activity to check for breaches in the system. They even went so far as calling the team that handled the situation at the Dutch CA.
On September 9, officials stated that the certificate issuing servers were physically offline, in the sense that they were cut off from the rest of their network and put into quarantine for further investigations. After a week of inactivity, they decided that on Monday everything will be back online as they had already lost a lot of customers.
Just a few hours later, they've released another statement to the press saying that a breach was found on their web server.
Fortunately, “The breached web server has always been isolated from all other infrastructure and is used only to serve the www.globalsign.com website. At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely,“ as stated by company officials.
It seems as some CAs are collaborating along with the authorities to gather as much evidence as they can related to the recent threats and attacks.
Because the web server matter doesn't seem to have anything to do with the certificate processing network, the scheduled relaunch for all their systems on Monday will be maintained.
By Tuesday morning customers will be able to solicit requests, the delay being caused by the fact that the components will be brought back online sequentially.
A final statement should bring some ease of mind to internet users all around, as the CA announced that it will collaborate with Cyber Defense Institute Japan as part of the reactivation process.
It remains to see what will happen next. Will ComodoHacker make any moves on the company or was the access to the webserver all he got?