Comodo Hacker taunt halts GlobalSign’s SSL certificates

The worldrsquo;s fifth largest issuer of SSL (secure sockets layer) certificates, Global Sign, has stopped issuing certificates following a claim that its systems were compromised.

The company took the decision a day after a person purporting to be the Comodo Hacker, claimed to have breached the certificate authorityrsquo;s (CA) systems.

The person, who took credit for a similar breach at Comodo in March, also claimed to be behind the recent spate of forged certificates from Dutch CA, DigiNotar.

ldquo;GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible,rdquo; the company said.

The CA boasts a number of high traffic clients including the BBC, Toyota, ING, Skype, Virgin Atlantic, Vodafone, BT, Adobe and the UKrsquo;s health department, NHS, and pharma giant, Novartis.

On Wednesday it brought in Dutch security firm FOX-IT to assess its systems, the same firm that prepared the incident report for DigiNotar, which revealed 300,000 Iranians had used the forged certificates to access the Google.com domain.

ldquo;Fox-IT is the Dutch cybersecurity experts hired to investigate the compromise of the Dutch CA DigiNotar and therefore already have a wealth of current knowledge and experience of the hacker,rdquo; it said.

The security firm had made the connection between the Comodo Hacker and the attack on DigiNotar in its report.

Despite the ComodoHackerrsquo;s claim they had breach GlobalSign, the CA said FOX-ITrsquo;s hiring was merely a precautionary measure.

Netcraft placed GlobalSign as the fifth largest issuer of certificates.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies